JSPM

npq

1.1.1
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 2045
  • Score
    100M100P100Q101350F
  • License Apache-2.0

marshall your npm/yarn package installs with high quality and class 🎖

Package Exports

  • npq

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (npq) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

npq

Greenkeeper badge

npq - marshall your npm/yarn package installs with high quality and class 🎖

npm npm Build Status Known Vulnerabilities

semantic-release Commitizen friendly

About

Once npq is installed, you can safely* install packages:

npq install express

npq will perform the following steps to sanity check the package is safe:

  • Consult snyk.io database of publically disclosed vulnerabilities to check if a vulnerability exists for this package and its version.
  • If no match is found, it continues with the following syntactic herustics:
    • Package age on npm
    • Package download count, popularity
    • Package has pre/post install scripts

If npq is prompted to continue with the install it simply handover the actual package install job to the package manager (npm by default).

*safely - there's no guaranteed safety, a malicious or vulnerable package could still exist that has no discloure published and passes npq's checks.

Install

npm install -g npq

Usage

Install packages with npq:

npq install express

Embed in your day to day

Since npq is a pre-step to ensure that the npm package you're installing is safe, you can safely embed it in your day-to-day npm usage so there's no need to remember to run npq explicitly.

alias npm='npq'

Offload to package managers

npq by default will offload all commands and their arguments to the npm package manager after it finished its due-dilegence for the respective packages.

If you're using yarn, or generally want to explicitly tell npq which package manager should handle the command use one of the following methods:

  • A command line option: --packageManager <npm|yarn>
  • An environment variable: NPQ_PKG_MGR=yarn

Example: create an alias with yarn as the package manager:

alias npm='npq --packageManager yarn'

Contributing

Please consult the CONTIRBUTING for guidelines on contributing to this project

Author

Liran Tal liran.tal@gmail.com