Gathering detailed insights and metrics for @yoitsro/lerna-bootstrap
Gathering detailed insights and metrics for @yoitsro/lerna-bootstrap
Gathering detailed insights and metrics for @yoitsro/lerna-bootstrap
Gathering detailed insights and metrics for @yoitsro/lerna-bootstrap
npm install @yoitsro/lerna-bootstrap
Typescript
Module System
Min. Node Version
Node Version
NPM Version
38.4
Supply Chain
54.3
Quality
63.2
Maintenance
50
Vulnerability
93.8
License
TypeScript (96.63%)
JavaScript (2.36%)
Shell (0.51%)
CSS (0.5%)
Batchfile (0.01%)
Total Downloads
741
Last Day
1
Last Week
1
Last Month
5
Last Year
72
35,783 Stars
2,799 Commits
2,265 Forks
251 Watching
36 Branches
336 Contributors
Latest Version
3.5.1
Package Id
@yoitsro/lerna-bootstrap@3.5.1
Unpacked Size
39.22 kB
Size
11.53 kB
File Count
8
NPM Version
6.4.1
Node Version
10.13.0
Cumulative downloads
Total Downloads
Last day
0%
1
Compared to previous day
Last week
-66.7%
1
Compared to previous week
Last month
66.7%
5
Compared to previous month
Last year
-40.5%
72
Compared to previous year
23
@lerna/bootstrap
Link local packages together and install remaining package dependencies
1$ lerna bootstrap
Bootstrap the packages in the current Lerna repo. Installs all of their dependencies and links any cross-dependencies.
When run, this command will:
npm install
all external dependencies of each package.packages
that are dependencies of each other.npm run prepublish
in all bootstrapped packages.npm run prepare
in all bootstrapped packages.lerna bootstrap
respects the --ignore
, --ignore-scripts
, --scope
and --include-filtered-dependencies
flags (see Filter Flags).
Pass extra arguments to npm client by placing them after --
:
1$ lerna bootstrap -- --production --no-optional
May also be configured in lerna.json
:
1{ 2 ... 3 "npmClient": "yarn", 4 "npmClientArgs": ["--production", "--no-optional"] 5}
Install external dependencies matching glob
at the repo root so they're
available to all packages. Any binaries from these dependencies will be
linked into dependent package node_modules/.bin/
directories so they're
available for npm scripts. If the option is present but no glob
is given
the default is **
(hoist everything). This option only affects the
bootstrap
command.
1$ lerna bootstrap --hoist
For background on --hoist
, see the hoist documentation.
Note: If packages depend on different versions of an external dependency, the most commonly used version will be hoisted, and a warning will be emitted.
Do not install external dependencies matching glob
at the repo root. This
can be used to opt out of hoisting for certain dependencies.
1$ lerna bootstrap --hoist --nohoist=babel-*
1$ lerna bootstrap --ignore component-*
The --ignore
flag, when used with the bootstrap
command, can also be set in lerna.json
under the command.bootstrap.ignore
key. The command-line flag will take precedence over this option.
Example
1{ 2 "version": "0.0.0", 3 "command": { 4 "bootstrap": { 5 "ignore": "component-*" 6 } 7 } 8}
Hint: The glob is matched against the package name defined in
package.json
, not the directory name the package lives in.
--ignore-scripts
Skip any lifecycle scripts normally run (prepare
, etc) in bootstrapped packages.
1$ lerna bootstrap --ignore-scripts
--registry <url>
When run with this flag, forwarded npm commands will use the specified registry for your package(s).
This is useful if you do not want to explicitly set up your registry configuration in all of your package.json files individually when e.g. using private registries.
--npm-client <client>
Must be an executable that knows how to install npm package dependencies.
The default --npm-client
is npm
.
1$ lerna bootstrap --npm-client=yarn
May also be configured in lerna.json
:
1{ 2 ... 3 "npmClient": "yarn" 4}
--use-workspaces
Enables integration with Yarn Workspaces (available since yarn@0.27+).
The values in the array are the commands in which Lerna will delegate operation to Yarn (currently only bootstrapping).
If --use-workspaces
is true then packages
will be overridden by the value from package.json/workspaces.
May also be configured in lerna.json
:
1{ 2 ... 3 "npmClient": "yarn", 4 "useWorkspaces": true 5}
The root-level package.json must also include a workspaces
array:
1{ 2 "private": true, 3 "devDependencies": { 4 "lerna": "^2.2.0" 5 }, 6 "workspaces": ["packages/*"] 7}
This list is broadly similar to lerna's packages
config (a list of globs matching directories with a package.json),
except it does not support recursive globs ("**"
, a.k.a. "globstars").
--no-ci
When using the default --npm-client
, lerna bootstrap
will call npm ci
instead of npm install
in CI environments.
To disable this behavior, pass --no-ci
:
1$ lerna bootstrap --no-ci
To force it during a local install (where it is not automatically enabled), pass --ci
:
1$ lerna bootstrap --ci
This can be useful for "clean" re-installs, or initial installations after fresh cloning.
Let's use babel
as an example.
babel-generator
and source-map
(among others) are dependencies of babel-core
.babel-core
's package.json
lists both these packages as keys in dependencies
, as shown below.1// babel-core package.json 2{ 3 "name": "babel-core", 4 ... 5 "dependencies": { 6 ... 7 "babel-generator": "^6.9.0", 8 ... 9 "source-map": "^0.5.0" 10 } 11}
babel-generator
can be an internal dependency, while source-map
is always an external dependency.babel-generator
in the package.json
of babel-core
is satisfied by packages/babel-generator
, passing for an internal dependency.source-map
is npm install
ed (or yarn
ed) like normal.packages/babel-core/node_modules/babel-generator
symlinks to packages/babel-generator
npm install
ed (or yarn
ed) like normal.latest
, do not satisfy semver ranges.Webstorm locks up when circular symlinks are present. To prevent this, add node_modules
to the list of ignored files and folders in Preferences | Editor | File Types | Ignored files and folders
.
No vulnerabilities found.
Reason
10 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
Reason
Found 14/27 approved changesets -- score normalized to 5
Reason
6 existing vulnerabilities detected
Details
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
Reason
project is not fuzzed
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Score
Last Scanned on 2024-12-16
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More