Security News
The Unpaid Backbone of Open Source: Solo Maintainers Face Increasing Security Demands
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
This is a clonable template repository for authoring a npm
module with TypeScript. Out of the box, it:
tsconfig.json
settingssrc/index.ts
)test/index.ts
)types/*.d.ts
)dist/index.mjs
)dist/index.js
)dist/index.min.js
)All configuration is accessible via the rollup.config.js
and a few package.json
keys:
name
— the name of your modulemain
— the destination file for your CommonJS buildmodule
— the destination file for your ESM build (optional but recommended)unpkg
— the destination file for your UMD build (optional for unpkg.com)umd:name
— the UMD global name for your module (optional)TODO
within the license
and package.json
filesCODECOV_TOKEN
repository secret (for CI reporting)src/index.ts
and test/index.ts
with your own code! 🎉Builds your module for distribution in multiple formats (ESM, CommonJS, and UMD).
$ npm run build
Runs your test suite(s) (/tests/**
) against your source code (/src/**
).
Doing so allows for accurate code coverage.
Note: Coverage is only collected and reported through the "CI" Github Action (
.github/workflows/ci.yml
).
$ npm test
Important: Please finish Setup before continuing!
Once all TODO
notes have been updated & your new module is ready to be shared, all that's left to do is decide its new version — AKA, do the changes consitute a patch
, minor
, or major
release?
Once decided, you can run the following:
$ npm version <patch|minor|major> && git push origin master --tags && npm publish
# Example:
# npm version patch && git push origin master --tags && npm publish
This command sequence will:
package.json
"version"git
tag (matching the new version) to your repositoryprepublishOnly
script)MIT © Luke Edwards
FAQs
PoC
The npm package harpake receives a total of 0 weekly downloads. As such, harpake popularity was classified as not popular.
We found that harpake demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
Security News
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.
Security News
A developer is accusing Tencent of violating the GPL by modifying a Python utility and changing its license to BSD, highlighting the importance of copyleft compliance.