NCMP is a simple tool which allows you to perform some postprocessing after npm installs or updates. It is mainly designed for usage in client infrastructures. So if you use npm as your main client package manager.
npm install ncmp
One of the goals of this project is to provide a modular as possible tool for npm postprocessing in web client infrastructures. The developers should have full control about all steps at any time.
The following snippet shows a example ncmp.json configuration file:
{
"packages": {
"jquery": ["dist/jquery.js", "dist/jquery.min.js"],
"aurelia-framework": "dist/amd/aurelia-framework.js",
"aurelia-templating": "dist/amd/aurelia-templating.js"
},
"ignore": [
"bootstrap"
],
"plugins": []
}
Contains all "registered" packages for further postprocessing. It's a mapping of package names to files for processing.
All package names listed here are ignored for further steps.
Lists a set of plugins (in their execution order) which can do more specific postprocessing.
NCMP has a command-line interface. The following commands are available:
With ncmp init you can initialize your local ncmp installation. It creates you a new ncmp.json
(if it does not exists) with the default values in it.
This is the main command from ncmp. It executes all configured plugins in a chain.
Detects all new installed or uninstalled packages (listed under "dependencies" in package.json) and modifies the
ncmp.json in this way. Use -s or --silent to avoid user prompts.
There are some requirements for new plugins:
ncmp-XXX-plugin. Where XXX is the string for the
"plugins" config section.runPlugin(chain).
The chain has to be returned directly or as promise.ncmp as a peerDependency.
You can fetch the config with configManager.load() with the exported configManager variable.configManager.save(newConfig).MIT
FAQs
NPM client modules postprocessor
We found that ncmp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Mini Shai-Hulud expands into the Go ecosystem after hitting LeoPlatform npm packages and targeting GitHub Actions workflows.
Security News
The Fable shutdown shows how quickly model access can become a business continuity risk for AI-dependent engineering teams.
Security News
AI agents are pulling packages into environments no scanner is watching, creating exposure before security teams can see it.