Gathering detailed insights and metrics for @lerna/bootstrap
Gathering detailed insights and metrics for @lerna/bootstrap
Gathering detailed insights and metrics for @lerna/bootstrap
Gathering detailed insights and metrics for @lerna/bootstrap
@erquhart/lerna-bootstrap
Link local packages together and install remaining package dependencies
@yoitsro/lerna-bootstrap
Link local packages together and install remaining package dependencies
@0x-lerna-fork/bootstrap
Link local packages together and install remaining package dependencies
@spryker-lerna/bootstrap
Link local packages together and install remaining package dependencies
Lerna is a fast, modern build system for managing and publishing multiple JavaScript/TypeScript packages from the same repository.
npm install @lerna/bootstrap
Typescript
Module System
Min. Node Version
Node Version
NPM Version
62.2
Supply Chain
70.5
Quality
69.6
Maintenance
50
Vulnerability
91.4
License
TypeScript (96.63%)
JavaScript (2.36%)
Shell (0.51%)
CSS (0.5%)
Batchfile (0.01%)
Total Downloads
257,071,289
Last Day
50,530
Last Week
374,668
Last Month
1,828,262
Last Year
25,238,792
35,782 Stars
2,799 Commits
2,264 Forks
251 Watching
36 Branches
336 Contributors
Minified
Minified + Gzipped
Latest Version
6.6.2
Package Id
@lerna/bootstrap@6.6.2
Unpacked Size
624.25 kB
Size
116.37 kB
File Count
241
NPM Version
lerna/6.6.2/node@v18.15.0+arm64 (darwin)
Node Version
18.15.0
Publised On
04 May 2023
Cumulative downloads
Total Downloads
Last day
-26.1%
50,530
Compared to previous day
Last week
-6.4%
374,668
Compared to previous week
Last month
-16.4%
1,828,262
Compared to previous month
Last year
-44.8%
25,238,792
Compared to previous year
1
lerna bootstrap
Link local packages together and install remaining package dependencies
Install lerna for access to the lerna
CLI.
1$ lerna bootstrap
Bootstrap the packages in the current Lerna repo. Installs all of their dependencies and links any cross-dependencies.
When run, this command will:
npm install
all external dependencies of each package.packages
that are dependencies of each other.npm run prepublish
in all bootstrapped packages (unless --ignore-prepublish
is passed).npm run prepare
in all bootstrapped packages.lerna bootstrap
accepts all filter flags.
Pass extra arguments to npm client by placing them after --
:
1$ lerna bootstrap -- --production --no-optional
May also be configured in lerna.json
:
1{ 2 ... 3 "npmClient": "yarn", 4 "npmClientArgs": ["--production", "--no-optional"] 5}
Install external dependencies matching glob
at the repo root so they're
available to all packages. Any binaries from these dependencies will be
linked into dependent package node_modules/.bin/
directories so they're
available for npm scripts. If the option is present but no glob
is given
the default is **
(hoist everything). This option only affects the
bootstrap
command.
1$ lerna bootstrap --hoist
For background on --hoist
, see the hoist documentation.
Note: If packages depend on different versions of an external dependency, the most commonly used version will be hoisted, and a warning will be emitted.
Note: --hoist
is incompatible with file:
specifiers. Use one or the other.
Note: --hoist
no longer accepts multiple string values since v3.18.0. Use the following instead:
a. Wrap string values by quotes:
$ lerna bootstrap --hoist "{rollup,postcss-cli,webpack-cli,babel-loader,npm-run-all}"
b. Specify the list of values in lerna.json
:
1{ 2 "command": { 3 "bootstrap": { 4 "hoist": [ 5 "rollup", 6 "postcss-cli", 7 "webpack-cli", 8 "babel-loader", 9 "npm-run-all" 10 ] 11 } 12 }, 13 ... 14}
When used in conjunction with hoist will throw an error and stop bootstrapping after emitting the version warnings. Has no effect if you aren't hoisting, or if there are no version warnings.
1$ lerna bootstrap --hoist --strict
Do not install external dependencies matching glob
at the repo root. This
can be used to opt out of hoisting for certain dependencies.
1$ lerna bootstrap --hoist --nohoist=babel-*
1$ lerna bootstrap --ignore component-*
The --ignore
flag, when used with the bootstrap
command, can also be set in lerna.json
under the command.bootstrap.ignore
key. The command-line flag will take precedence over this option.
Example
1{ 2 "version": "0.0.0", 3 "command": { 4 "bootstrap": { 5 "ignore": "component-*" 6 } 7 } 8}
Hint: The glob is matched against the package name defined in
package.json
, not the directory name the package lives in.
--ignore-prepublish
Skip prepublish lifecycle scripts run by default in bootstrapped packages. Note, this lifecycle is deprecated, and will likely be removed in the next major version of Lerna.
1$ lerna bootstrap --ignore-prepublish
--ignore-scripts
Skip any lifecycle scripts normally run (prepare
, etc) in bootstrapped packages.
1$ lerna bootstrap --ignore-scripts
--registry <url>
When run with this flag, forwarded npm commands will use the specified registry for your package(s).
This is useful if you do not want to explicitly set up your registry configuration in all of your package.json files individually when e.g. using private registries.
--npm-client <client>
Must be an executable that knows how to install npm package dependencies.
The default --npm-client
is npm
.
1$ lerna bootstrap --npm-client=yarn
May also be configured in lerna.json
:
1{ 2 ... 3 "npmClient": "yarn" 4}
--use-workspaces
Enables integration with Yarn Workspaces (available since yarn@0.27+).
The values in the array are the commands in which Lerna will delegate operation to Yarn (currently only bootstrapping).
If --use-workspaces
is true then packages
will be overridden by the value from package.json/workspaces.
, and both --ignore
and --scope
will be ignored.
May also be configured in lerna.json
:
1{ 2 ... 3 "npmClient": "yarn", 4 "useWorkspaces": true 5}
The root-level package.json must also include a workspaces
array:
1{ 2 "private": true, 3 "devDependencies": { 4 "lerna": "^2.2.0" 5 }, 6 "workspaces": ["packages/*"] 7}
This list is broadly similar to lerna's packages
config (a list of globs matching directories with a package.json),
except it does not support recursive globs ("**"
, a.k.a. "globstars").
--no-ci
When using the default --npm-client
, lerna bootstrap
will call npm ci
instead of npm install
in CI environments.
To disable this behavior, pass --no-ci
:
1$ lerna bootstrap --no-ci
To force it during a local install (where it is not automatically enabled), pass --ci
:
1$ lerna bootstrap --ci
This can be useful for "clean" re-installs, or initial installations after fresh cloning.
--force-local
1$ lerna bootstrap --force-local
When passed, this flag causes the bootstrap
command to always symlink local dependencies regardless of matching version range.
publishConfig.directory
This non-standard field allows you to customize the symlinked subdirectory that will be the source directory of the symlink, just like how the published package would be consumed.
1 "publishConfig": { 2 "directory": "dist" 3 }
In this example, when this package is bootstrapped and linked, the dist
directory will be the source directory (e.g. package-1/dist => node_modules/package-1
).
Let's use babel
as an example.
babel-generator
and source-map
(among others) are dependencies of babel-core
.babel-core
's package.json
lists both these packages as keys in dependencies
, as shown below.1// babel-core package.json 2{ 3 "name": "babel-core", 4 ... 5 "dependencies": { 6 ... 7 "babel-generator": "^6.9.0", 8 ... 9 "source-map": "^0.5.0" 10 } 11}
babel-generator
can be an internal dependency, while source-map
is always an external dependency.babel-generator
in the package.json
of babel-core
is satisfied by packages/babel-generator
, passing for an internal dependency.source-map
is npm install
ed (or yarn
ed) like normal.packages/babel-core/node_modules/babel-generator
symlinks to packages/babel-generator
npm install
ed (or yarn
ed) like normal.latest
, do not satisfy semver ranges.Webstorm locks up when circular symlinks are present. To prevent this, add node_modules
to the list of ignored files and folders in Preferences | Editor | File Types | Ignored files and folders
.
No vulnerabilities found.
Reason
10 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
Reason
Found 14/27 approved changesets -- score normalized to 5
Reason
6 existing vulnerabilities detected
Details
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
Reason
project is not fuzzed
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Score
Last Scanned on 2024-12-16
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More