Comparing version 1.3.0 to 1.4.0
{ | ||
"name": "link", | ||
"version": "1.3.0", | ||
"version": "1.4.0", | ||
"description": "A better npm link", | ||
@@ -25,6 +25,19 @@ "keywords": [ | ||
"test": "esno tests/index.ts", | ||
"lint": "eslint ." | ||
"lint": "eslint --cache ." | ||
}, | ||
"husky": { | ||
"hooks": { | ||
"pre-commit": "lint-staged" | ||
} | ||
}, | ||
"lint-staged": { | ||
"*.{js,ts,md,json}": [ | ||
"eslint --cache", | ||
"npm test" | ||
] | ||
}, | ||
"devDependencies": { | ||
"@pvtnbr/eslint-config": "^0.19.1", | ||
"@types/cmd-shim": "^5.0.0", | ||
"@types/fs-extra": "^9.0.13", | ||
"@types/node": "^17.0.25", | ||
@@ -36,4 +49,7 @@ "cleye": "^1.1.0", | ||
"execa": "^6.1.0", | ||
"fs-extra": "^10.1.0", | ||
"get-node": "^12.1.0", | ||
"husky": "^4.3.8", | ||
"kolorist": "^1.5.1", | ||
"lint-staged": "^12.3.7", | ||
"manten": "^0.0.3", | ||
@@ -40,0 +56,0 @@ "pkgroll": "^1.0.4", |
@@ -5,2 +5,3 @@ # npx link | ||
Why is `npm link` unsafe? Read the [blog post](https://hirok.io/posts/avoid-npm-link). | ||
## Usage | ||
@@ -36,2 +37,5 @@ | ||
// Whether to run link on linked packages with link.config.json | ||
deepLink?: boolean | ||
// List of packages to link | ||
@@ -50,6 +54,18 @@ packages?: string[] | ||
### Deep linking | ||
By default, `npx link` only links packages in the current project. However, there are cases where the linked packages also needs linking setup. | ||
Deep linking recursively runs link on every linked package that has a `link.config.json` file. | ||
Enable with the `--deep` flag or `deepLink` property in `link.config.json`. | ||
```sh | ||
npx link --deep | ||
``` | ||
## FAQ | ||
### Why should I use this over `npm link`? | ||
Because `npm link` has foot guns that make it dangerous to use. | ||
Because `npm link` has [footguns that make it dangerous to use](https://hirok.io/posts/avoid-npm-link). | ||
@@ -56,0 +72,0 @@ ### Why does `npx link` point to `ln`? |
Sorry, the diff of this file is too big to display
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 3 instances in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
76014
348
90
0
18
9