yarn-no-save
Advanced tools
yarn-no-save - npm Package Compare versions
Comparing version 1.0.9 to 1.1.2
@@ -6,19 +6,56 @@ { | ||
| "@babel/traverse": "^7.18.9", | ||
| "@babel/types": "^7.18.9" | ||
| "@babel/types": "^7.18.9", | ||
| "single-instance": "^0.0.1" | ||
| }, | ||
| "name": "yarn-no-save", | ||
| "version": "1.0.9", | ||
| "description": "add --no-save option to yarn cli", | ||
| "sideEffects": false, | ||
| "version": "1.1.2", | ||
| "description": "Enabling --no-save/-N option to Yarn cli commands", | ||
| "keywords": [ | ||
| "yarn", | ||
| "no-save", | ||
| "nosave", | ||
| "npm", | ||
| "yarn-no-save", | ||
| "yarn-add-no-save", | ||
| "yarn-nosave", | ||
| "yarn-add-nosave", | ||
| "package.json", | ||
| "save", | ||
| "save-dev" | ||
| ], | ||
| "main": "./src/index.js", | ||
| "bin": { | ||
| "yarn-no-save": "./src/index.js", | ||
| "yns": "./src/index.js" | ||
| "yarn-no-save": "./dist/index.js", | ||
| "yns": "./dist/index.js", | ||
| "yarn-watcher": "./dist/watch.js" | ||
| }, | ||
| "scripts": { | ||
| "test": "./src/index.js", | ||
| "postinstall": "node ./src/index.js" | ||
| "build": "node ./build.js", | ||
| "test": "node ./dist/index.js", | ||
| "test:watch": "node ./build.js && node ./dist/watch.js", | ||
| "test:install": "node ./build.js && node ./dist/install.js", | ||
| "prepublish": "node ./build.js", | ||
| "install": "node ./dist/index.js && node ./dist/install.js", | ||
| "pretest": "node ./build.js" | ||
| }, | ||
| "repository": "git@github.com:shuangwhywhy/yarn-no-save.git", | ||
| "author": "qiangyizhou <qiangyizhou@bytedance.com>", | ||
| "license": "MIT" | ||
| "homepage": "https://github.com/shuangwhywhy/yarn-no-save#readme", | ||
| "repository": { | ||
| "type": "git", | ||
| "url": "https://github.com/shuangwhywhy/yarn-no-save.git" | ||
| }, | ||
| "bugs": { | ||
| "url": "https://github.com/shuangwhywhy/yarn-no-save/issues", | ||
| "email": "qyz.yswy@hotmail.com" | ||
| }, | ||
| "author": "qiangyizhou <qyz.yswy@hotmail.com>", | ||
| "license": "MIT", | ||
| "devDependencies": { | ||
| "@babel/core": "^7.18.10", | ||
| "@babel/preset-env": "^7.18.10", | ||
| "babel-loader": "^8.2.5", | ||
| "fs-extra": "^10.1.0", | ||
| "webpack": "^5.74.0", | ||
| "webpack-shebang-plugin": "^1.1.8" | ||
| } | ||
| } |
| # yarn-no-save | ||
| add --no-save option to yarn cli | ||
| Enabling `--no-save` / `-N` option to **Yarn** cli commands. The option prevents saving to package.json when you do `yarn add` stuff. | ||
| # How to Use | ||
| 1. install yarn | ||
| 2. $ yarn global add yarn-no-save | ||
| 3. $ yarn add --no-save xxxxxxxx | ||
| ## Basicly | ||
| 1. First you should have yarn installed globally. See more at [the official site](https://classic.yarnpkg.com/en/docs/install#mac-stable) | ||
| 2. install **yarn-no-save** globally: | ||
| ```bash | ||
| $ yarn global add yarn-no-save | ||
| ``` | ||
| 3. Now you can use **Yarn** with `--no-save` / `-N` option in your command: | ||
| ```bash | ||
| $ yarn add --no-save xxxxxxxx | ||
| ``` | ||
| ## Advanced | ||
| Firstly, let's see how it works. Basically, we are making a *feature injection* to Yarn: | ||
| - before saving to the root manifest (package.json), we try to stop the saving operation if `--no-save` / `-N` option is given. | ||
| - to prevent yarn to throw an exception when we are trying to remove packages which are not found in the manifest file (package.json). | ||
| - to update the help message. | ||
| Also, the *"feature injection"* will fail if Yarn in updated or reinstalled, so we need to check if any changes (including file replacement) are made to the file. Therefore, we build a watcher to surveil the changes. In order to ease you up, we register it as a system service at startup. So there is nothing more to do when you reinstall Yarn by default. | ||
| In advance, we offered you someway to control the service. Here are the advanced usages (**These commands are ONLY available for MacOS**): | ||
| 1. Stop watching and reset Yarn to default: | ||
| ```bash | ||
| $ yns reset | ||
| ``` | ||
| This will reinstall Yarn from your current registry. If you want `--no-save` option to come back, you should run the following commands: | ||
| ```bash | ||
| $ yns | ||
| $ yns start | ||
| ``` | ||
| 2. Start watching service: | ||
| ```bash | ||
| $ yns start | ||
| ``` | ||
| 3. Stop watching service: | ||
| ```bash | ||
| $ yns stop | ||
| ``` | ||
| 4. Restart watching service: | ||
| ```bash | ||
| $ yns restart | ||
| ``` | ||
| # To Mention | ||
| 1. The **--no-save / -N** option will be available in help message by typing "`yarn help add`" or "`yarn add --help`". | ||
| 2. You are free to uninstall any packages installed with `--no-save` / `-N` option by executing "`yarn uninstall xxxxx`" (postuninstall scripts will be executed by doing this, while the same thing won't happen by just deleting the folders from node_modules). | ||
| 3. Please [contact me](mailto:qyz.yswy@hotmail.com) if you have any problems into this tool. | ||
| # Author | ||
| [@shuangwhywhy](mailto:qyz.yswy@hotmail.com) |
New alerts
Known malware
Supply chain riskThis package is malware. We have asked the package registry to remove it.
Found 1 instance in 1 package
Install scripts
Supply chain riskInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Trivial Package
Supply chain riskPackages less than 10 lines of code are easily copied into your own project and may not warrant the additional supply chain risk of an external dependency.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 5 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
High entropy strings
Supply chain riskContains high entropy strings. This could be a sign of encrypted data, leaked secrets or obfuscated code.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Minified code
QualityThis package contains minified code. This may be harmless in some cases where minified code is included in packaged libraries, however packages on npm should not minify code.
Found 1 instance in 1 package
Unidentified License
License(Experimental) Something that seems like a license was found, but its contents could not be matched with a known license.
Found 1 instance in 1 package
Fixed alerts
Install scripts
Supply chain riskInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Found 1 instance in 1 package
Deprecated
MaintenanceThe maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
No bug tracker
MaintenancePackage does not have a linked bug tracker in package.json.
Found 1 instance in 1 package
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
No website
QualityPackage does not have a website.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by39735.41%
2326388
- Number of package files
- increased by100%
6
- Number of low maintenance alerts
- decreased by-100%
0
- Number of medium maintenance alerts
- decreased by-100%
0
- Number of lines in readme file
- increased by787.5%
71
Worsened metrics
- Dependency count
- increased by25%
5
- Dev dependency count
- increased byInfinity%
6
- Number of low license alerts
- increased byInfinity%
1
- License quality
- decreased by-20%
80
- Lines of code
- decreased by-97.5%
4
- Number of low quality alerts
- increased by200%
3
- Number of critical supply chain risk alerts
- increased byInfinity%
1
- Number of low supply chain risk alerts
- increased by3120%
161
- Number of medium supply chain risk alerts
- increased by500%
6
Dependency changes
+ Addedsingle-instance@^0.0.1
+ Addedrsvp@3.6.2(transitive)
+ Addedsingle-instance@0.0.1(transitive)