Installations
npm install @pectin/babelrc
Releases
rollup-config-pectin@4.0.4
Published on 22 May 2020
pectin@3.6.2
Published on 22 May 2020
@pectin/api@4.0.6
Published on 22 May 2020
@pectin/core@4.0.4
Published on 22 May 2020
@pectin/api@4.0.5
Published on 17 Oct 2019
pectin@3.6.1
Published on 17 Oct 2019
Developer
evocateur
Developer Guide
Module System
CommonJS
Min. Node Version
>=8.9
Typescript Support
No
Node Version
10.16.0
NPM Version
lerna/3.16.4/node@v10.16.0+x64 (darwin)
Statistics
58 Stars
243 Commits
7 Forks
1 Watching
25 Branches
5 Contributors
Updated on 26 Apr 2024
Languages
TypeScript (97.13%)
JavaScript (2.87%)
Total Downloads
Cumulative downloads
Total Downloads
64,398
Last day
0%
1
Compared to previous day
Last week
-68.8%
5
Compared to previous week
Last month
33.3%
32
Compared to previous month
Last year
-65.5%
357
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
5
Peer Dependencies
1
Pectin
Rollup-related tools for incremental transpilation of packages in Lerna-based monorepos
Getting Started
The easiest way to start using Pectin is to install the CLI and run it during an npm lifecycle, such as "prerelease"
:
1npm i -D pectin
In your monorepo's root package.json
(aka "manifest"):
1{ 2 "scripts": { 3 "clean": "git clean -fdx packages", 4 "prerelease": "npm run clean && pectin", 5 "release": "lerna publish", 6 "lint": "eslint .", 7 "pretest": "pectin && npm run lint", 8 "test": "jest" 9 } 10}
Configured this way, you can always ensure your packages have the latest build output whenever anyone executes npm run release
or incrementally build recent changes before npm test
.
Once installed locally, you can experiment with the CLI via npx
:
1npx pectin -h
To watch packages and rebuild on source change, pass -w
, just like Rollup's CLI:
1npx pectin -w
Motivation
One advantage of a Lerna monorepo is that you can reduce the amount of repetition between modules by running all development-related tasks (build, lint, test, and so on) from the root of the repository instead of each package one-by-one. This works fine for tools that are capable of running over many packages simultaneously without breaking a sweat, like jest
and eslint
.
Running Rollup builds over many different package roots, however, is a much trickier business. Pectin was built to facilitate running Rollup builds for all packages in a monorepo, with special consideration for unique monorepo circumstances such as incremental builds, npm lifecycle behavior, and per-package options.
For example, it isn't always the case that every package in a monorepo actually needs to be rebuilt every time the build is run. Consider running jest --watch
in a monorepo with 15 packages, but you're only working on one. The naïve approach finds all the packages and passes all of them to Rollup, which means Rollup builds for every package. Pectin optimizes this by testing the "freshness" of the built output against the source tree and only building when a file in the source tree has a more recent change (a higher mtime
, for filesystem wizards).
Pectin's CLI was written to seamlessly wrap rollup
. It helps avoid, among other things, Rollup's CLI emitting a warning and exiting non-zero when you pass an empty array (that is, no changes since the last build) to Rollup via the default export of rollup.config.js
. Pectin's CLI supports all options supported by Rollup's CLI.
Contributing
Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.
Packages
@pectin/api
@pectin/babelrc
@pectin/core
pectin
rollup-config-pectin
rollup-plugin-main-entry
rollup-plugin-subpath-externals
Customizing Plugins
When calling the pectin
CLI, there is no support for adding plugins beyond those already included.
However, as pectin
is mostly just a fancy wrapper around the rollup
CLI, it is possible to generate Rollup config programmatically and simulate the "lazy build" behavior of pectin
.
First, create a rollup.config.js
in the root of your monorepo:
1import * as path from 'path'; 2import { findConfigs } from '@pectin/api'; 3import visualizer from 'rollup-plugin-visualizer'; 4 5export default findConfigs().then(configs => 6 configs.map(cfg => { 7 const { 8 // format can be 'cjs', 'esm', or 'umd' 9 format, 10 // absolute directory from pkg.main, 11 // e.g. '<root>/packages/<pkg>/dist' 12 dir: outputDir, 13 } = cfg.output[0]; 14 15 // plugins are assigned per-format, as certain 16 // formats require different plugin configuration 17 if (format === 'esm') { 18 cfg.plugins.push( 19 visualizer({ 20 filename: path.join(outputDir, 'stats.html'), 21 }) 22 ); 23 } 24 25 return cfg; 26 }) 27);
Then change any references to pectin
in your npm scripts to rollup -c
:
1{ 2 "scripts": { 3 "build": "rollup -c || echo 'no changed packages to build, probably?'", 4 "watch": "rollup -c -w" 5 } 6}
The caveat highlighted by the ||
alternation above is that rollup
will complain if the array generated by findConfigs()
is empty, and exits non-zero. Unless caught by the ||
, npm run build
would exit with an error.
Ignoring Packages
If you have a package that you do not want Pectin to build, you can add the following to its package.json
:
1"rollup": { 2 "skip": true 3}
Related
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: ISC License: LICENSE:0
Reason
Found 1/30 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 1 are checked with a SAST tool
Reason
64 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-6chw-6frg-f759
- Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-ff7x-qrg7-qggm
- Warn: Project is vulnerable to: GHSA-8r6j-v8pm-fqw3
- Warn: Project is vulnerable to: MAL-2023-462
- Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
- Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44
- Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m / GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-w7rc-rwvf-8q5r
- Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
- Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p
- Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4
- Warn: Project is vulnerable to: GHSA-4p35-cfcx-8653
- Warn: Project is vulnerable to: GHSA-7f3x-x4pr-wqhj
- Warn: Project is vulnerable to: GHSA-jpp7-7chh-cf67
- Warn: Project is vulnerable to: GHSA-q6wq-5p59-983w
- Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2
- Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-h9rv-jmmf-4pgx
- Warn: Project is vulnerable to: GHSA-hxcc-f52p-wc94
- Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq
- Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
- Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
- Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
- Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
- Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
- Warn: Project is vulnerable to: GHSA-29xr-v42j-r956
- Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Score
2
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More