Product
Socket Now Supports uv.lock Files
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Documentation: https://microsoft.github.io/lage/
Lage v2 is here! See the release notes for details about new features and breaking changes.
Your JS repo has gotten large enough that you have turned to using a tool to help you manage multiple packages inside a repository. That's great! However, you realized quickly that the tasks defined inside the workspace have to be run in package dependency order.
Lerna, Rush, wsrun and even pnpm will provide a simple way for you to run npm scripts to be run in a topological order. However, these tools will force you to run your tasks by script name one at a time. For example, all the build
scripts will have to run first. Then all the test
scripts run in the topological order.
This usually means that there are wasted CPU cycles in between build
and test
. We can achieve better pipelining the npm scripts if we had a way to say that test
can run as soon as build
are done for the package.
lage
(Norwegian for "make", pronounced law-geh) solves this by providing a terse pipelining syntax. It has many features geared towards speeding up the task runner that we'll explore later.
lage
gives you this capability with very little configuration.
You can automatically install lage and create a basic config file by running:
npx lage init
You can also install and configure lage
manually.
First, install lage
at your workspace's root. For example, if you're using yarn
:
yarn add -D -W lage
Next, add scripts inside the workspace root package.json
to run lage
. For example:
{
"scripts": {
"build": "lage build",
"test": "lage test"
}
}
To specify that test
depends on build
, create a file lage.config.js
at the repo root and add the following:
module.exports = {
pipeline: {
build: ["^build"],
test: ["build"],
},
};
(You can find more details about this syntax in the pipelines tutorial.)
You can now run this command:
lage test
lage
will detect that you need to run build
steps before test
s are run.
Take a look at some of the other resources on the website:
lage
workspipeline
syntax and other lage
conceptsFAQs
Documentation: https://microsoft.github.io/lage/
We found that lage demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.