Security News
The Unpaid Backbone of Open Source: Solo Maintainers Face Increasing Security Demands
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
By Sarah Gooding - Sep 20, 2024
Template: TypeScript Module 
This is a clonable template repository for authoring a npm module with TypeScript. Out of the box, it:
- Provides minimally-viable
tsconfig.jsonsettings - Scaffolds a silly arithmetic module (
src/index.ts) - Scaffolds test suites for full test coverage (
test/index.ts) - Scaffolds a GitHub Action for Code Integration (CI) that:
- checks if compilation is successful
- runs the test suite(s)
- reports test coverage
- Generates type definitions (
types/*.d.ts) - Generates multiple distribution formats:
- ES Module (
dist/index.mjs) - CommonJS (
dist/index.js) - UMD (
dist/index.min.js)
- ES Module (
All configuration is accessible via the rollup.config.js and a few package.json keys:
name— the name of your modulemain— the destination file for your CommonJS buildmodule— the destination file for your ESM build (optional but recommended)unpkg— the destination file for your UMD build (optional for unpkg.com)umd:name— the UMD global name for your module (optional)
Setup
- Clone this template
- Replace all instances of
TODOwithin thelicenseandpackage.jsonfiles - Create CodeCov account (free for OSS)
- Copy the provided CodeCov token as the
CODECOV_TOKENrepository secret (for CI reporting) - Replace
src/index.tsandtest/index.tswith your own code! 🎉
Commands
build
Builds your module for distribution in multiple formats (ESM, CommonJS, and UMD).
$ npm run build
test
Runs your test suite(s) (/tests/**) against your source code (/src/**).
Doing so allows for accurate code coverage.
Note: Coverage is only collected and reported through the "CI" Github Action (
.github/workflows/ci.yml).
$ npm test
Publishing
Important: Please finish Setup before continuing!
Once all TODO notes have been updated & your new module is ready to be shared, all that's left to do is decide its new version — AKA, do the changes consitute a patch, minor, or major release?
Once decided, you can run the following:
$ npm version <patch|minor|major> && git push origin master --tags && npm publish
# Example:
# npm version patch && git push origin master --tags && npm publish
This command sequence will:
- version your module, updating the
package.json"version" - create and push a
gittag (matching the new version) to your repository - build your module (via the
prepublishOnlyscript) - publish the module to the npm registry
License
MIT © Luke Edwards
FAQs
PoC
We found that harpake demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 14 Apr 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Understanding License Exceptions: What Developers Need to Know
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.
By Sarah Gooding - Sep 20, 2024
Security News
Developer Accuses Tencent of Copyright Violation After Python Utility’s License Changed from GPLv3 to BSD
A developer is accusing Tencent of violating the GPL by modifying a Python utility and changing its license to BSD, highlighting the importance of copyleft compliance.
By Sarah Gooding - Sep 18, 2024