Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Lerna is a fast, modern build system for managing and publishing multiple JavaScript/TypeScript packages from the same repository
Lerna is a tool that optimizes the workflow around managing multi-package repositories with git and npm. It allows you to manage your project's dependencies, versioning, and publishing in a more organized manner, especially when dealing with a monorepo containing multiple packages.
Bootstrap
Installs all of the dependencies for each package, links any cross-dependencies, and ensures that each package can find and use the correct versions of each other.
lerna bootstrap
Publish
Helps with versioning of the changes and publishing packages that have been updated to npm. It can automatically determine version bumps based on conventional commits, create git tags, and push releases to the repository.
lerna publish
Run
Runs an npm script in each package that contains that script. The '--scope' flag can be used to run the script only in specified packages.
lerna run --scope my-package test
Exec
Executes an arbitrary command in each of your packages. In this example, it removes the 'node_modules' directory from each package.
lerna exec -- rm -rf ./node_modules
List
Lists all of the public packages in the current Lerna repo.
lerna list
Changed
Lists public packages that have changed since the last tagged release.
lerna changed
Diff
Shows the diff since the last release for a single package or all packages.
lerna diff
Import
Imports an external repository into the 'packages' folder of your Lerna monorepo, preserving the commit history.
lerna import <path-to-external-repository>
Nx is a suite of powerful, extensible dev tools that help you develop, test, build, and scale Angular and React applications with fully integrated support for monorepo management. It provides a more integrated experience for building applications compared to Lerna, which is more focused on package management.
Lerna is a fast, modern build system for managing and publishing multiple JavaScript/TypeScript packages from the same repository.
Check out our docs site here.
FAQs
Lerna is a fast, modern build system for managing and publishing multiple JavaScript/TypeScript packages from the same repository
The npm package lerna receives a total of 1,190,886 weekly downloads. As such, lerna popularity was classified as popular.
We found that lerna demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.