Security News
JSR Working Group Kicks Off with Ambitious Roadmap and Plans for Open Governance
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
Lerna is a tool that optimizes the workflow around managing multi-package repositories with git and npm. It allows you to manage your project's dependencies, versioning, and publishing in a more organized manner, especially when dealing with a monorepo containing multiple packages.
Bootstrap
Installs all of the dependencies for each package, links any cross-dependencies, and ensures that each package can find and use the correct versions of each other.
lerna bootstrap
Publish
Helps with versioning of the changes and publishing packages that have been updated to npm. It can automatically determine version bumps based on conventional commits, create git tags, and push releases to the repository.
lerna publish
Run
Runs an npm script in each package that contains that script. The '--scope' flag can be used to run the script only in specified packages.
lerna run --scope my-package test
Exec
Executes an arbitrary command in each of your packages. In this example, it removes the 'node_modules' directory from each package.
lerna exec -- rm -rf ./node_modules
List
Lists all of the public packages in the current Lerna repo.
lerna list
Changed
Lists public packages that have changed since the last tagged release.
lerna changed
Diff
Shows the diff since the last release for a single package or all packages.
lerna diff
Import
Imports an external repository into the 'packages' folder of your Lerna monorepo, preserving the commit history.
lerna import <path-to-external-repository>
Nx is a suite of powerful, extensible dev tools that help you develop, test, build, and scale Angular and React applications with fully integrated support for monorepo management. It provides a more integrated experience for building applications compared to Lerna, which is more focused on package management.
A tool for managing JavaScript projects with multiple packages.
While developing Babel I followed a monorepo approach where the entire project was split into individual packages but everything lived in the same repo. This was great. It allowed super easy modularisation which meant the core was easier to approach and meant others could use the useful parts of Babel in their own projects.
This tool was abstracted out of that and deals with bootstrapping packages by linking them together as well as publishing them to npm. You can see the Babel repo for an example of a large Lerna project.
We are in the process of updating the docs to 2.x right now. Although the commands are the same, the docs below are mainly for 1.x (which is the version you get with a default
npm install
).
$ npm install -g lerna
$ lerna bootstrap
This will create a dummy VERSION
file as well as a packages
folder.
$ lerna bootstrap
npm install
all other dependencies of each package.$ lerna updated
packages
have changed since the last release, and log it.$ lerna publish
packages
that has been updated since the last version to npm with the tag prerelease
.prerelease
tags and add the tags latest
and stable
.If you need to publish prerelease versions, set an env variable.
NPM_DIST_TAG=next lerna publish
. This will add the tag you specify instead oflatest
andstable
.
Lerna projects operate on a single version line. The version is kept in the file VERSION
at the root of your project. When you run lerna publish
, if a module has been updated
since the last time a release was made, it will be updated to the new version you're
releasing. This means that you only publish a new version of a package when you need to.
FAQs
Lerna is a fast, modern build system for managing and publishing multiple JavaScript/TypeScript packages from the same repository
The npm package lerna receives a total of 764,559 weekly downloads. As such, lerna popularity was classified as popular.
We found that lerna demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.