Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
prebuild-install
Advanced tools
A command line tool to easily install prebuilt binaries for multiple version of node/iojs on a specific platform
The prebuild-install npm package is used to install prebuilt binaries for Node.js modules, if available, before falling back to building from source. This can significantly speed up installation times and avoid the need for a full development environment with build tools like gcc or Visual Studio.
Installing prebuilt binaries
Automatically downloads and installs prebuilt binaries for a module if they are available for the current platform and Node.js version. If prebuilt binaries are not available, it will fall back to building from source.
npm install --save <module-name>
Custom binary hosting
Allows specifying custom hosting URLs and tag prefixes for prebuilt binaries, enabling the use of private or alternative binary hosting solutions.
npm install --build-from-source --prebuild-tag-prefix="<custom-prefix>-" --prebuild-download="<custom-hosting-url>"
Skipping prebuilt binary download
Forces the installation process to compile the module from source, bypassing the download of prebuilt binaries.
npm install --build-from-source
node-pre-gyp is a similar package that facilitates the installation of precompiled binaries for Node.js modules. It differs from prebuild-install in its configuration and build process, but serves a similar purpose of avoiding the need to compile modules from source.
node-gyp is not a direct alternative to prebuild-install but is often used in conjunction with it. node-gyp is a cross-platform command-line tool for compiling Node.js native addon modules from source. It is used when prebuilt binaries are not available or when a build from source is explicitly requested.
prebuild is a tool for creating and managing prebuilt binaries for Node.js modules. It is often used in tandem with prebuild-install. While prebuild is focused on the creation of the binaries, prebuild-install is designed for the end-user installation experience.
A command line tool to easily install prebuilt binaries for multiple versions of Node.js & Electron on a specific platform. By default it downloads prebuilt binaries from a GitHub release.
Instead of prebuild
paired with prebuild-install
, we recommend prebuildify
paired with node-gyp-build
.
With prebuildify
, all prebuilt binaries are shipped inside the package that is published to npm, which means there's no need for a separate download step like you find in prebuild
. The irony of this approach is that it is faster to download all prebuilt binaries for every platform when they are bundled than it is to download a single prebuilt binary as an install script.
Upsides:
node-gyp-build
runtime dependency is dependency-free and will remain so out of principle, because introducing dependencies would negate the shorter install time.Downsides:
npm publish
must be done after compiling and fetching prebuilt binaries (typically in CI).Use prebuild
to create and upload prebuilt binaries. Then change your package.json install script to:
{
"scripts": {
"install": "prebuild-install || node-gyp rebuild"
}
}
prebuild-install [options]
--download -d [url] (download prebuilds, no url means github)
--target -t version (version to install for)
--runtime -r runtime (Node runtime [node, napi or electron] to build or install for, default is node)
--path -p path (make a prebuild-install here)
--token -T gh-token (github token for private repos)
--arch arch (target CPU architecture, see Node OS module docs, default is current arch)
--platform platform (target platform, see Node OS module docs, default is current platform)
--tag-prefix <prefix> (github tag prefix, default is "v")
--build-from-source (skip prebuild download)
--verbose (log verbosely)
--libc (use provided libc rather than system default)
--debug (set Debug or Release configuration)
--version (print prebuild-install version and exit)
When prebuild-install
is run via an npm
script, options --build-from-source
, --debug
, --download
, --target
, --runtime
, --arch
and --platform
may be passed through via arguments given to the npm
command.
Alternatively you can set environment variables npm_config_build_from_source=true
, npm_config_platform
, npm_config_arch
, npm_config_target
and npm_config_runtime
.
prebuild-install
supports downloading prebuilds from private GitHub repositories using the -T <github-token>
:
$ prebuild-install -T <github-token>
If you don't want to use the token on cli you can put it in ~/.prebuild-installrc
:
token=<github-token>
Alternatively you can specify it in the prebuild-install_token
environment variable.
Note that using a GitHub token uses the API to resolve the correct release meaning that you are subject to the (GitHub Rate Limit).
To create a token:
Generate new token
buttonGenerate token
button, see belowThe default scopes should be fine.
The end user can override binary download location through environment variables in their .npmrc file.
The variable needs to meet the mask % your package name %_binary_host
or % your package name %_binary_host_mirror
. For example:
leveldown_binary_host=http://overriden-host.com/overriden-path
Note that the package version subpath and file name will still be appended.
So if you are installing leveldown@1.2.3
the resulting url will be:
http://overriden-host.com/overriden-path/v1.2.3/leveldown-v1.2.3-node-v57-win32-x64.tar.gz
If you want to use prebuilds from your local filesystem, you can use the % your package name %_local_prebuilds
.npmrc variable to set a path to the folder containing prebuilds. For example:
leveldown_local_prebuilds=/path/to/prebuilds
This option will look directly in that folder for bundles created with prebuild
, for example:
/path/to/prebuilds/leveldown-v1.2.3-node-v57-win32-x64.tar.gz
Non-absolute paths resolve relative to the directory of the package invoking prebuild-install, e.g. for nested dependencies.
All prebuilt binaries are cached to minimize traffic. So first prebuild-install
picks binaries from the cache and if no binary could be found, it will be downloaded. Depending on the environment, the cache folder is determined in the following order:
${npm_config_cache}/_prebuilds
${APP_DATA}/npm-cache/_prebuilds
${HOME}/.npm/_prebuilds
MIT
FAQs
A command line tool to easily install prebuilt binaries for multiple version of node/iojs on a specific platform
The npm package prebuild-install receives a total of 5,855,310 weekly downloads. As such, prebuild-install popularity was classified as popular.
We found that prebuild-install demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.