A GYP-based package manager for C/C++ projects.
Please check the latest issues, or contribute gypkg-projects to the wiki.
GYP has a very lovely way to manage dependencies, however the amount of the boilerplate code required to build a project is very huge:
gyp repository checkoutcommon.gypi file with default compiler warning flags, etcgyp_project_name executable python script to set proper GYP defines
and execute gyp_main.pyAll of this has to be repeated in every project, but fear not - gypkg fixes
this and also a dependency management problem as well.
Additionally, gypkg solves the problem with duplicate sub-dependencies
(a depends on b and c; b depends on c).
# Node.js is required to run this
npm install -g gypkg
A build.gyp file for a C/C++ project may be generated with gypkg init, and
will look like this:
{
"variables": {
"gypkg_deps": [
# Place for `gypkg` dependencies
],
},
"targets": [ {
"target_name": "my-lib",
"type": "<!(gypkg type)",
"dependencies": [
"<!@(gypkg deps <(gypkg_deps))",
# Place for local dependencies
],
"direct_dependent_settings": {
"include_dirs": [
# Place for public includes
"include",
],
},
"include_dirs": [
# Place for private includes
".",
],
"sources": [
# Place for source files
],
} ],
}
Dependencies could be added to gypkg_deps:
"gypkg_deps": [
# repo-addr@semver => path/to/file.gyp:target_name
"git://github.com/libuv/libuv@^1.9.1 => uv.gyp:libuv",
],
Source files to sources:
"sources": [
"src/main.c",
],
Then a gypkg CLI tool can be used to build a project (NOTE: while ninja
is not necessary, it is recommended for fast incremental builds):
gypkg build file.gyp -- -Duv_library=static-library
build command will install all dependencies into gypkg_deps and will update
them automatically on next build call.
gypkg supports local and remote (git) dependencies. Remote dependencies are
installed into gypkg_deps/ folder in the root directory of the project (the
one that has the main .gyp file). Nested dependencies still live in the same
gypkg_deps/ in the root directory.
The syntax for declaring dependencies is:
/path/to/dependency => /sub/path/to/main.gyp:target_name - use local
dependencygit://github.com/author/project => /path/to/main.gyp:target_name -
checkout the latest commit of remote dependency. Note that (https:// and
git@ are supported too)git://github.com/author/project#branch => /path/to/main.gyp:target_name -
checkout particular branch/hash of remote dependencygit://github.com/author/project@semver => /path/to/main.gyp:target_name -
checkout whole repository and find the latest version-tag (the on that starts
with v) that matches the particular semvergit://github.com/author/project@semver [gpg] => ... -
find the latest version tag matching semver and verify it's
GPG signature and Git-EVTag-v0-SHA512. Note: this type of
dependency will maintain a project local GPG keyrings for each github team
name or explicit scope (specified with [gpg=scope-name]). gypkg build will
ask for confirmation before adding any new keys to those keyrings.See Usage section above, or Examples below for particular gist of how GYP file may look like.
While Node.js implementation of gypkg loads dependencies in asynchronously and
in parallel, it may be required for gypkg-based project to be distributed to
the platforms without Node.js binaries.
In this case gypkg gen --freeze file.gyp can be used to generate
.gypkg-freeze file, which will help ./shim/gypkg python shim in resolving
all dependencies statically.
.gypkg-freeze and ./shim/gypkg should be distributed with the project in
such cases , and the project users should be advised to extend their PATH
environment variable with a folder that contains ./shim/gypkg script.
NOTE: no GPG signatures are checked in this mode, since it requires extensive Node.js-based tooling.
This software is licensed under the MIT License.
Copyright Fedor Indutny, 2016.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
GYP based package manager
The npm package gypkg receives a total of 198 weekly downloads. As such, gypkg popularity was classified as not popular.
We found that gypkg demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.