Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
pure-index
Advanced tools
Pure Index is utility for monorepos. It helps to find unused exports from packages.
There is a package a
which exports 2 functions
// "a" package index.ts file
export const T = () => true
export { myFn } from './myFn'
only 1 function from the package is used in the project
// some file
import { T } from 'a'
This means that package a
exports myFn
for nothing, so we can remove its export and possibly remove all the code.
As the code base develops, a large number of such unnecessary exports may accumulate in the monorepo. Pure Index allows you to find such exports.
npm install --save-dev pure-index
check-exports
script in the package.json
of each package that needs to be checked "scripts": {
"build": "webpack ./webpack.config.js",
+ "check-exports": "pure-index",
"test": "vitest"
}
Configure
Use flags if you need to override the config values for package
Pure Index supports three ways to define config.
.pure-index.json
config file:{
"entry": "index.ts",
"exclude": ["node_modules"],
"babelPlugins": ["typescript"],
"batch": {
"default": 100
}
}
pure-index
section in package.json
: "pure-index": {
"entry": "index.ts",
"exclude": ["node_modules"],
"babelPlugins": ["typescript"],
"batch": {
"default": 100
}
}
.pure-index.js
or .pure-index.cjs
config file:module.exports = {
entry: 'index.ts',
exclude: ['node_modules'],
babelPlugins: ['typescript'],
batch: {
default: 100
}
}
entry (String)
— path to the package index file. relative to the package directory.exclude (Array<string>)
— list of directories that will be excluded when searching for imports.babelPlugins (Array<string>)
— list of babel plugins that will be used when parsing files.batch.default (Number)
— number of files to be traversed in parallel. changing the value may speed up or slow down the script. choose the value yourself.Allows to override the config values for package.
--entry, -e
— sets specific value for entry "scripts": {
"build": "webpack ./webpack.config.js",
- "check-exports": "pure-index",
+ "check-exports": "pure-index --entry ./src/index.ts",
"test": "vitest"
}
In fact, the task is to compare all exports and imports of the package. Anything not imported but exported are unused exports.
FAQs
Pure Index is a tool for packages. It helps to clean your packages of unused exports with ease.
We found that pure-index demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.