A rather geeky/technical weblog, est. 2001, by Bramus
Bundle Scanner identifies which npm libraries are used on any website. It downloads every Javascript file from a URL and searches through the files for code that matches one of the 35,000 most popular npm libraries. The scanning itself works in a pretty ingenious way: When a user requests to scan a website, Bundle Scanner …
Continue reading “Identify which NPM libraries are used on a website with Bundle Scanner”
While looking at a package.json from a public project from PayPal, Alex Birsan noticed that it held some references to private NPM packages used internally by PayPal. Birsan noticed some of the manifest file packages were not present on the public npm repository but were instead PayPal’s privately created npm packages, used and stored internally …
The folks at Voorhoede share how they integrated the actions/cache@v2 build step into their GitHub Workflow so that it caches npm install results. Super fast npm install on Github Actions → Related: By Shallow + Single Branch Cloning you can speed up the git clone step of your build pipeline. The actions/checkout@v2 build step already …
Directly installing a package with npm install and referring to its local path is a quick way to work with a local package. To be safe though, the usage of npm link is still recommended. The npm link way To work with local NPM packages on can reside to using npm link. You make a …
Continue reading “Easily install local NPM packages by simply referring to their local path”
It was suggested that Microsoft/GitHub should have bought npm back in the day, instead of launching their own registry. Today is the day they’ve actually done it: We at GitHub are honored to be part of the next chapter of npm’s story and to help npm continue to scale to meet the needs of the …
When watching a diff that contains a lockfile (say: a yarn.lock for example) on GitHub, GitHub doesn’t always show the differences (see screenshot above) as the changes in such files tend to be quite big. And even if it were to show the changes, does one really take a close look into it? With this …
Continue reading “Beware when merging Pull Requests with a changed lockfile”
When automating the publishing of an NPM package, 2FA can get in the way, as you can’t really automate entering a 2FA auth code off a cellphone. Enter Wombat Dressing Room from Google: With Wombat Dressing Room, rather than an individual configuring two factor authentication in an authenticator app, 2FA is managed by a shared …
Continue reading “Wombat Dressing Room, an npm publication proxy on GCP”
package.json
Recently I needed to test a branch of a forked GitHub repository inside a project. Instead of cloning the fork and symlinking the package locally, I installed the remote dependency directly into the project. To achieve I used the following command: Using NPM: npm install git@github.com:user/repo.git#branchname or npm install git+ssh://git@github.com:user/repo.git#branchname Using Yarn: yarn add ssh://git@github.com:user/repo.git#branchname …
Continue reading “Use a Github repository branch or commit as a dependency in package.json“
package.json with npm-add-script Recently I needed to automate the addition of the addition of a script defined in a package.json‘s scripts section. To do this I used npm-add-script (an older, but still functioning project), along with the aforementioned npx. For example, to add a script labelled start with the contents webpack-dev-server –config ./config/webpack.config.babel.js –env.MODE=development –open –hot, I use: …
Continue reading “Programmatically add scripts to package.json with npm-add-script“
Ever wondered what the (size) impact of adding an NPM package to your project is? BundlePhobia is a tool that does not only that, it also recommends you other similar packages that have a lesser load. This thing lets you understand the performance cost of npm install‘ing a new npm package before actually adding it …
Continue reading “Find the cost of adding a npm package to your bundle with BundlePhobia”