Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The core Nx plugin contains the core functionality of Nx like the project graph, nx commands and task orchestration.
The nx npm package is a suite of powerful, extensible dev tools to help you architect, test, build, and develop your software projects. It is particularly well-suited for monorepo development, where multiple projects coexist in a single repository. Nx provides tools for project scaffolding, dependency graph analysis, affected change analysis, and more.
Project Scaffolding
This command sets up a new workspace. Nx supports many presets to scaffold applications using various frameworks like Angular, React, or Node.js.
npx create-nx-workspace@latest myworkspace
Generating Components
Generates a new component within a specified project in the workspace. This helps maintain consistency and follows best practices.
nx generate component my-component --project=my-app
Running Tasks
Executes a specific task, such as building a project. Nx uses an executor to run tasks which can be configured for different environments.
nx run my-app:build
Affected Change Analysis
Determines which apps and libs are affected by changes to the current git branch, and performs the build task only for those.
nx affected:build
Dependency Graph
Visualizes the dependency graph of the workspace, showing how projects depend on one another. This is useful for understanding the structure and ensuring that changes do not have unintended consequences.
nx dep-graph
Lerna is a tool for managing JavaScript projects with multiple packages, optimizing the workflow around managing multi-package repositories with git and npm. Compared to Nx, Lerna focuses more on the versioning and publishing of multi-package repositories, whereas Nx provides a broader range of tools for development and build optimization.
Nx is a next generation build system with first class monorepo support and powerful integrations.
Using npx
npx create-nx-workspace
Using npm init
npm init nx-workspace
Using yarn create
yarn create nx-workspace
The create-nx-workspace
command will ask you to select a preset, which will configure some plugins and create your applications to help you get started.
? What to create in the new workspace (Use arrow keys)
❯ apps [an empty workspace with no plugins with a layout that works best for building apps]
core [an empty workspace with no plugins set up to publish npm packages (similar to yarn workspaces)]
ts [an empty workspace with the JS/TS plugin preinstalled]
react [a workspace with a single React application]
angular [a workspace with a single Angular application]
next.js [a workspace with a single Next.js application]
nest [a workspace with a single Nest application]
express [a workspace with a single Express application]
web components [a workspace with a single app built using web components]
react-native [a workspace with a single React Native application]
Select the preset that works best for you
Run:
npx add-nx-to-monorepo@latest
A few links to help you get started:
FAQs
The core Nx plugin contains the core functionality of Nx like the project graph, nx commands and task orchestration.
The npm package nx receives a total of 4,837,623 weekly downloads. As such, nx popularity was classified as popular.
We found that nx demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.