A safer version of npm link.
Why is npm link unsafe? Read the blog post.
npx link simply symlinks the target package as a dependency in the current project.
Unlike npm link, it doesn't install the target package globally or re-install project dependencies.
From the project you want to link a package to:
npx link <package-path>
Create a link.config.json configuration file at the root of your npm project to automatically setup links to multiple packages.
Example link.config.json:
{
"packages": [
"/path/to/package-path-a",
"../package-path-b"
]
}
The configuration has the following type schema:
type LinkConfig = {
// Whether to run link on linked packages with link.config.json
deepLink?: boolean
// List of packages to link
packages?: string[]
}
Note: It's not recommended to commit this file to source control since this is for local development with local paths.
To link the dependencies defined in link.config.json, run:
npx link
By default, npx link only links packages in the current project. However, there are cases where the linked packages also needs linking setup.
Deep linking recursively runs link on every linked package that has a link.config.json file.
Enable with the --deep flag or deepLink property in link.config.json.
npx link --deep
npm link?Because npm link has footguns that make it dangerous to use.
npx link point to ln?You must use npx v7 or higher. Check the version with npx -v.
In the obsolete npx v6, local binaries take precedence over npm modules so npx link can point to the native link/ln command:
$ npx link
usage: ln [-s [-F] | -L | -P] [-f | -i] [-hnv] source_file [target_file]
ln [-s [-F] | -L | -P] [-f | -i] [-hnv] source_file ... target_dir
link source_file target_file
To work around this, install link globally first:
$ npm i -g link
$ npx link
npx ci - A better npm ci.FAQs
A better npm link
The npm package link receives a total of 8,628 weekly downloads. As such, link popularity was classified as popular.
We found that link demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.
Security News
NIST's new password guidelines remove periodic changes and special character requirements, focusing on longer, more secure passwords for better authentication practices.