Here's me trying to make sure we ship as secure as possible software, and there's someone who doesn't know how to use an npm ignore file to not ship their shitty docker files in their modules #node#npm
So many #npm projects have a lot of crap in node_modules that are really not needed when deploying apps - SO MANY DOT FILES. I built a script that will clear them all out recursively, just leaving required files. Will probably add *.ts when creating containers.
I've now moved a few of my personal projects that used regular ol' #npm to the superior #pnpm. It was a bit of setup, and Github Actions erred out for a while until I figured out a fix, but all in all I think I'm better off. Thank you, #EmberJS project, for shining the light.
Sunday…
And one new post in this searchable & translatable collection of links to free access #education content … https://saraslistofedresources.wordpress.com
Thanks to @pragmarxist an example of the #Swedish#edupolitics debate, this time from university level (read last week’s post if you missed it)
I’m grateful if you boost this here or in networks elsewhere 🙏🏻‼️ Website is meant to be used
Have a great day …
OK, I should really change all my projects that use #npm/#yarn to use #pnpm. If you barely use Node then it's probably not worth it, but for a webdev it now seems like a no-brainer.
Considering that every year we have a new ambitious replacement for #npm in the JavaScript world, @naderman and @seldaek apparently did a very good job when building and maintaining #composer for #php. Thanks a lot to you two and everyone else involved.
@Rob_Bos Great! naming-confusion is indeed a big issue and becoming more prominently present in the open source world, which is not good. I'm a package maintainer for various projects, and I notice that my projects also get cloned with malicious code. Too bad PyPi isn't handle those security issues fast enough IMO.
So I just saw a PR for a Node.js project, where the developer had used an npm command I'm unfamiliar with.. or at least, I didn't know of:
npm clean-install
Now, I'm familiar with npm ci, but I had absolutely no idea that the alias of npm clean-install existed. I didn't even realise that's what "ci" stood for "clean install”.
I always thought npm ci meant “the npm command you wanna run in CI environments”
If you run into a "EACCES: permission denied" issue with #npm, try clearing your cache. This article saved the day for me, as I'm not a terminal wizard and rather deal with something else:
On macOS, I’m using these scripts:
"build": "npm run clean && tsc && npm run chmod",
"clean": "shx rm -rf ./dist/*",
"chmod": "chmod u+x ./dist/src/cmd.js",
Alas, the last script won’t work on Windows. What’s a good way to fix this?