![Introducing Enhanced Alert Actions and Triage Functionality](https://cdn.sanity.io/images/cgdhsj6q/production/fe71306d515f85de6139b46745ea7180362324f0-2530x946.png?w=800&fit=max&auto=format)
Product
Introducing Enhanced Alert Actions and Triage Functionality
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
lerna
Advanced tools
Package description
Lerna is a tool that optimizes the workflow around managing multi-package repositories with git and npm. It allows you to manage your project's dependencies, versioning, and publishing in a more organized manner, especially when dealing with a monorepo containing multiple packages.
Bootstrap
Installs all of the dependencies for each package, links any cross-dependencies, and ensures that each package can find and use the correct versions of each other.
lerna bootstrap
Publish
Helps with versioning of the changes and publishing packages that have been updated to npm. It can automatically determine version bumps based on conventional commits, create git tags, and push releases to the repository.
lerna publish
Run
Runs an npm script in each package that contains that script. The '--scope' flag can be used to run the script only in specified packages.
lerna run --scope my-package test
Exec
Executes an arbitrary command in each of your packages. In this example, it removes the 'node_modules' directory from each package.
lerna exec -- rm -rf ./node_modules
List
Lists all of the public packages in the current Lerna repo.
lerna list
Changed
Lists public packages that have changed since the last tagged release.
lerna changed
Diff
Shows the diff since the last release for a single package or all packages.
lerna diff
Import
Imports an external repository into the 'packages' folder of your Lerna monorepo, preserving the commit history.
lerna import <path-to-external-repository>
Yarn workspaces is a feature built into Yarn that allows users to manage multiple packages within a single repository. It is similar to Lerna in that it can manage dependencies and link packages together, but it does not handle versioning and publishing as Lerna does.
PNPM workspaces is a feature of the PNPM package manager that provides support for managing multi-package repositories. It offers efficient storage and linking strategies for node_modules, similar to Lerna, but also does not include built-in versioning and publishing features.
Rush is a scalable monorepo manager for the web, offering incremental build and test, policy enforcement, and more. It is more focused on large-scale monorepos and provides more comprehensive tools for managing builds and testing than Lerna.
Nx is a suite of powerful, extensible dev tools that help you develop, test, build, and scale Angular and React applications with fully integrated support for monorepo management. It provides a more integrated experience for building applications compared to Lerna, which is more focused on package management.
Changelog
8.0.1 (2023-12-15)
After updating we strongly recommend running
lerna repair
in your project. This will migrate yourlerna.json
to the latest and greatest and remove any outdated options.
As this is a major release there are a few breaking changes to be aware of, which may or may not affect your lerna repos, depending on how you are using the tool.
When a node version becomes end of life (EOL) it means that it does not receive any updates or maintenance whatsoever, even if critical security vulnerabilities have been uncovered.
We strongly encourage all folks here to keep up with the maintenance LTS version of Node at an absolute minimum:
https://github.com/nodejs/release#release-schedule
lerna run
now depends on nx v17 instead of v16lerna run
gets to benefit from all of the further performance improvements in the nx v17 task runner behind scenes.
@lerna/child-process
is no longer a separately published packageLerna is a monorepo management tool with versioning and publishing capabilities, it is not a child process manager. There are lots of good options out there in the ecosystem to help you with managing child processes in nodejs, and it does not really make sense to treat some of lerna's implementation details around child processes as if they were a public API. The package will be officially deprecated on npm in the future. You can of course take the code and fork it and adapt it for your own purposes if you wish!
@lerna/
on npm have been officially marked as deprecatedUnder prior stewardship the lerna repo used to publish a very large (>65) number of packages. The vast majority of these should not form part of the public API of lerna and so they have no longer been published as packages since v6. We have now officially marked them as deprecated packages on the npm registry so that users get clear feedback that they are using packages which are no longer maintained (which they can of course fork and do whatever they want with). NOTE: We have not yet marked @lerna/child-process
as deprecated so as not to create noise for lerna v7 users until they have had chance to migrate to v8.
Readme
Lerna is a fast, modern build system for managing and publishing multiple JavaScript/TypeScript packages from the same repository.
Check out our docs site here.
FAQs
Lerna is a fast, modern build system for managing and publishing multiple JavaScript/TypeScript packages from the same repository
The npm package lerna receives a total of 1,116,360 weekly downloads. As such, lerna popularity was classified as popular.
We found that lerna demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.