npm/tink npm/tink

  • This repository has been archived on 28/Jul/2021
  • Stars
    star
    2,156
  • Rank 20,575 (Top 0.5 %)
  • Language
    JavaScript
  • License
    Other
  • Created almost 6 years ago
  • Updated almost 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
npm/tink
github

npm

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

a dependency unwinder for javascript

tink npm license Travis AppVeyor Coverage Status

tink is an experimental package manager for JavaScript. Don't expect to be able to use this with any of your existing projects.

IN DEVELOPMENT

This package is still in development. Do not use it for production. It is missing major features and the interface should be considered extremely unstable.

If you're feeling adventurous, though, read ahead...

Usage

$ npx tink

Table of Contents

Features

  • (mostly) npm-compatible project installation

Contributing

The tink team enthusiastically welcomes contributions and project participation! There's a bunch of things you can do if you want to contribute! The Contributor Guide has all the information you need for everything from reporting bugs to contributing entire new features. Please don't hesitate to jump in if you'd like to, or even ask us questions if something isn't clear.

Acknowledgements

Big thanks to Szymon Lisowiec for donating the tink package name on npm! This package was previously an error logger helper tool, but now it's a package manager runtime!

Commands

A Note About These Docs

The commands documented below are not normative, and may not reflect the current state of tink development. They are being written separately from the code itself, and may be entirely missing, or named something different, or behave completely different. tink is still under heavy development and you should expect everything to change without notice.

$ tink shell [options] [arguments]
  • Aliases: tink sh, tish

Starts an interactive tink shell. If -e or -p options are used, the string passed to them will be executed as a single line and the shell will exit immediately. If [arguments] is provided, it should be one or more executable JavaScript files, which will be loaded serially.

The interactive tink shell will automatically generate a .package-map.json describing all expected dependency files, and will fetch and make available any missing or corrupted data, as it's required. tink overrides most of Node's fs API to virtually load node_modules off a centralized cache without ever linking or extracting to node_modules itself.

By default, tink shell will automatically install and add any missing or corrupted dependencies that are found during the loading process. To disable this feature, use the --production or --offline options.

To get a physical node_modules/ directory to interact with, see tink unwind.

$ tink prepare [options] [package...]
  • Aliases: tink prep

Preloads declared dependencies. You can use this to make sure that by the time you use tink shell, all declared dependencies will already be cached and available, so there won't be any execution delay from inline fetching and repairing. If anything is missing or corrupted, it will be automatically re-fetched.

If one or more packages are passed in, they should be the names of packages already in package.json, and only the listed packages will be preloaded, instead of preloading all of them. If you want to add a new dependency, use tink add instead, which will also prepare the new dependencies for you (so tink prepare isn't necessary after a tink add).

$ tink exec [options] <pkg> [--] [args...]
  • Aliases: tink x, tx

Like npx, but for tink. Runs any binaries directly through tink.

$ tink unwind [options] [package...]
  • Aliases: tink extract, tink frog, tink unroll

Unwinds the project's dependencies into physical files in node_modules/, instead of using the fs overrides to load them. This "unwound" mode can be used to directly patch dependencies (for example, when debugging or preparing to fork), or to enable compatibility with non-tink-related tools.

If one or more [package...] arguments are provided, the unwinding process will only apply to those dependencies and their dependencies. In this case, package must be a direct dependency of your toplevel package. You cannot selectively unwind transitive dependencies, but you can make it so they're the only ones that stick around when you go back to tink mode. See tink wind for the corresponding command.

If --production, --only=<prod|dev>, or --also=<prod|dev> options are passed in, they can be used to limit which dependency types get unwound.

By default, this command will leave any files that were already in node_modules/ intact, so your patches won't be clobbered. To do a full reset, or a specific reset on a file, remove the specific file or all of node_modules/ manually before calling tink unwind

$ tink wind [options] [package...]
  • Aliases: tink roll, tink rewind, tink knit

Removes physical files from node_modules/ and configures a project to use "tink mode" for development -- a mode where dependency files are virtually loaded through fs API overrides off a central cache. This mode can greatly speed up install and start times, as well as conserve large amounts of space by sharing files (securely) across multiple projects.

If one or more [package...] arguments are provided, the wind-up process will only move the listed packages and any non-shared dependencies into the global cache to be served from there. Note that only direct dependencies can be requested this way -- there is no way to target specific transitive dependencies in tink wind, much like in tink unwind.

Any individual files in node_modules which do not match up with their standard hashes from their original packages will be left in place, unless the --wind-all option is used. For example, if you use tink unwind, then patch one of your dependencies with some console.log() calls, and you then do tink rewind, then the files you added console.log() to will remain in node_modules/, and be prioritized by tink when loading your dependencies. Any other files, including those for the same package, will be moved into the global cache and loaded from there as usual.

$ tink add [options] [spec...]

Downloads and installs each spec, which must be a valid dependency specifier parseable by npm-package-arg, and adds the newly installed dependency or dependencies to both package.json and package-lock.json, as well as updating .package-map.json as needed.

$ tink rm [options] [package...]

Removes each package, which should be a package name currently specified in package.json, from the current project's dependencies, updating package.json, package-lock.json, and .package-map.json as needed.

$ tink update [options] [spec...]
  • Aliases: tink up

Runs an interactive dependency update/upgrade UI where individual package updates can be selected. If one or more package arguments are passed in, the update prompts will be limited to packages in the tree matching those specifiers. The specifiers support full npm-package-arg specs and are used for matching existing dependencies, not the target versions to upgrade to.

If run outside of a TTY environment or if the --auto option is passed in, all dependencies, optionally limited to each named package, are updated to their maximum semver-compatible version, effectively simulating a fresh install of the project with the current declared package.json dependencies and no node_modules or package-lock.json present.

$ tink audit [options]
  • Aliases: tink odd, tink audi

Executes a full security scan of the project's dependencies, using the configured registry's audit service. --production, --only, and --also can be used to filter which dependency types are checked. --level can be used to specify the minimum vulnerability level that will make the command exit with a non-zero exit code (an error).

$ tink check-lock [options]
  • Aliases: tink lock

Verifies that package.json and package-lock.json are in sync. If --auto is specified, the inconsistency will be automatically corrected, using package.json as the source of truth.

$ tink check-licenses [options] [spec...]

By default, verifies that the current project has a valid "license" field, and that all dependencies (and transitive dependencies) have valid licenses configured.

If one or more spec arguments are provided, this behavior changes such that only the packages specified by the specs get verified according to current settings.

A list of detected licenses will be printed out. Use --json to get the licenses in a parseable format.

Additionally, two package.json fields can be used to further configure the license-checking behavior:

  • "blacklist": [licenses...] - Any detected licenses listed here will trigger an error for tink check-licenses. This takes precedence over "whitelist"
  • "whitelist": [licenses...] - Any detected licenses NOT listed in here will trigger an error.
$ tink lint [options]
  • Aliases: tink typecheck, tink type

Executes the configured lint and typecheck script(s) (in that order), or a default baseline linter will be used to report obvious syntax errors in the codebase's JavaScript.

$ tink build [options]

Executes the configured build script, if present, or executes silently.

$ tink clean [options]

Removes .package-map.json and executes the clean run-script, which should remove any artifacts generated by tink build.

$ tink test [options]

Executed the configured test run-script. Exits with an error code if no test script is configured.

$ tink check

Executes all verification-related scripts in the following sequence, grouping the output together into one big report:

  1. tink check-lock - verify that the package-lock.json and package.json are in sync, and that .package-map.json is up to date.
  2. tink audit - runs a security audit of the project's dependencies.
  3. tink check-licenses - verifies that the current project has a license configured, and that all dependencies have valid licenses, and that none of those licenses are blacklisted (or, if using a whitelist, that they are all in said whitelist -- see the tink check-licenses docs for details).
  4. tink lint - runs the configured linter, or a general, default linter that statically scans for syntax errors.
  5. tink build - if a build script is configured, the build will be executed to make sure it completes successfully -- otherwise, this step is skipped.
  6. tink test - runs the configured test suite. skipped if no tests configured, but a warning will be emitted.

The final report includes potential action items related to each step. Use --verbose to see more detailed output for each report.

$ tink publish [options] [tarball...]

Publishes the current package to the configured registry. The package will be turned into a tarball using tink pack, and the tarball will then be uploaded. This command will also print out a summary of tarball details, including the files that were included and the hashes for the tarball.

If One-Time-Passwords are configured on the registry and the terminal is a TTY, this command will prompt for an OTP token if --otp <token> is not used. If this happens outside of a TTY, the command will fail with an EOTP error.

Unlike npm publish, tink publish requires that package.json include a "files":[] array specifying which files will be included in the publish, otherwise the publish will fail with an error. .npmignore is obeyed, but does not remove the requirement for "files".

If --dry-run is used, all steps will be done, except the final data upload to the registry. Because the upload never happens, --dry-run can't be used to verify that publish credentials work.

If one or more tarball arguments are passed, they will be treated as npm-package-arg specifiers, fetched, and re-published. This is most useful with git repositories and local tarballs that have already been packaged up by tink pack

$ tink pack [options] [spec...]

Collects the current package into a tarball and writes it to ./<pkgname>-<pkgversion>.tgz. Also prints out a summary of tarball details, including the files that were included and the hashes for the tarball.

Unlike npm pack, tink pack requires that package.json include a "files":[] array specifying which files will be included in the publish, otherwise the publish will fail with an error. .npmignore is obeyed, but does not remove the requirement for "files".

If one or more spec arguments are passed, they will be treated as npm-package-arg specifiers, fetched, and their tarballed packages written to the current directory. This is most useful for fetching the tarballs of registry-hosted dependencies. For example: $ tink pack [email protected] will write the tarball to ./react-1.2.3.tgz.

$ tink login

Use this command to log in to the current npm registry. This command may open a browser window.

$ tink logout

Use this command to remove any auth tokens for the current registry from your configuration.

More Repositories

1

npm

This repository is moving to: https://github.com/npm/cli
17,473
star
2

cli

the package manager for JavaScript
JavaScript
8,032
star
3

node-semver

The semver parser for node (the one npm uses)
JavaScript
4,772
star
4

npm-expansions

Send us a pull request by editing expansions.txt
JavaScript
2,209
star
5

ini

An ini parser/serializer in JavaScript
JavaScript
733
star
6

npx

npm package executor
JavaScript
721
star
7

rfcs

Public change requests/proposals & ideation
JavaScript
711
star
8

npm-registry-couchapp

couchapp bits of registry.npmjs.org
JavaScript
615
star
9

nopt

Node/npm Option Parsing
JavaScript
527
star
10

npmlog

The logger that npm uses
JavaScript
423
star
11

registry

npm registry documentation
422
star
12

marky-markdown

npm's markdown parser
JavaScript
406
star
13

arborist

npm's tree doctor
JavaScript
370
star
14

pacote

npm fetcher
JavaScript
329
star
15

download-counts

Background jobs and a minimal service for collecting and delivering download counts
JavaScript
328
star
16

gauge

A terminal based horizontal guage aka, a progress bar
JavaScript
319
star
17

node-which

Like which(1) unix command. Find the first instance of an executable in the PATH.
JavaScript
305
star
18

documentation

Documentation for the npm registry, website, and command-line interface.
MDX
291
star
19

init-package-json

A node module to get your node module started
JavaScript
284
star
20

validate-npm-package-name

Is the given string an acceptable npm package name?
JavaScript
282
star
21

npm-merge-driver

git merge driver for resolving conflicts in npm-related files
JavaScript
271
star
22

cacache

npm's content-addressable cache
JavaScript
266
star
23

npm-registry-client

JavaScript
264
star
24

lockfile

A very polite lock file utility, which endeavors to not litter, and to wait patiently for others.
JavaScript
259
star
25

registry-issue-archive

An archive of the old npm registry issue tracker
250
star
26

write-file-atomic

Write files in an atomic fashion w/configurable ownership
JavaScript
217
star
27

read-package-json

The thing npm uses to read package.json files with semantics and defaults and validation and stuff
JavaScript
214
star
28

roadmap

Public roadmap for npm
214
star
29

hosted-git-info

Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab
JavaScript
206
star
30

fstream

Advanced FS Streaming for Node
JavaScript
205
star
31

read

read(1) for node.
JavaScript
187
star
32

normalize-package-data

normalizes package metadata, typically found in package.json file.
JavaScript
184
star
33

make-fetch-happen

making fetch happen for npm
JavaScript
183
star
34

ndm

ndm allows you to deploy OS-specific service-wrappers directly from npm-packages.
JavaScript
181
star
35

are-we-there-yet

Track complex hiearchies of asynchronous task completion statuses.
JavaScript
173
star
36

abbrev-js

Like ruby's Abbrev module
JavaScript
158
star
37

statusboard

Public monitor/status/health board for @npm/cli-team's maintained projects
JavaScript
146
star
38

security-holder

An npm package that holds a spot.
145
star
39

feedback

Public feedback discussions for npm
138
star
40

osenv

Look up environment settings specific to different operating systems.
JavaScript
137
star
41

npm-registry-fetch

like fetch() but for the npm registry
JavaScript
118
star
42

npm-package-arg

Parse the things that can be arguments to `npm install`
JavaScript
116
star
43

libnpm

programmatic npm API
JavaScript
113
star
44

npm-collection-staff-picks

JavaScript
112
star
45

promzard

A prompting json thingie
JavaScript
101
star
46

npm-packlist

Walk through a folder and figure out what goes in an npm package
JavaScript
101
star
47

npm-remote-ls

Examine a package's dependency graph before you install it
JavaScript
89
star
48

npmconf

npm config thing
JavaScript
75
star
49

cmd-shim

The cmd-shim used in npm
JavaScript
75
star
50

npm-tips

A collection of short (5 words or so) tips and tricks that can be sprinkled about the npm site.
JavaScript
73
star
51

www

community space for the npm website
68
star
52

policies

Privacy policy, code of conduct, license, and other npm legal stuff
Shell
67
star
53

npm_conf

A conference about npm, maybe. Not to be confused with npmconf.
59
star
54

git

a util for spawning git from npm CLI contexts
JavaScript
58
star
55

registry-follower-tutorial

write you a registry follower for great good
JavaScript
56
star
56

ignore-walk

Nested/recursive `.gitignore`/`.npmignore` parsing and filtering.
JavaScript
55
star
57

ci-detect

Detect what kind of CI environment the program is in
JavaScript
53
star
58

ssri

subresource integrity for npm
JavaScript
53
star
59

read-installed

Read all the installed packages in a folder, and return a tree structure with all the data.
JavaScript
52
star
60

run-script

Run a lifecycle script for a package (descendant of npm-lifecycle)
JavaScript
51
star
61

minipass-fetch

An implementation of window.fetch in Node.js using Minipass streams
JavaScript
51
star
62

package-json

Programmatic API to update package.json
JavaScript
50
star
63

mute-stream

Bytes go in, but they don't come out (when muted).
JavaScript
49
star
64

fs-write-stream-atomic

Like `fs.createWriteStream(...)`, but atomic.
JavaScript
48
star
65

libnpmpublish

programmatically publish and unpublish npm packages
JavaScript
46
star
66

read-package-json-fast

Like read-package-json, but faster
JavaScript
46
star
67

logical-tree

Calculates a nested logical tree using a package.json and a package lock.
JavaScript
44
star
68

read-package-tree

Read the contents of node_modules
JavaScript
42
star
69

jobs

41
star
70

unique-filename

Generate a unique filename for use in temporary directories or caches.
JavaScript
40
star
71

lock-verify

Report if your package.json is out of sync with your package-lock.json
JavaScript
38
star
72

npm-lifecycle

npm lifecycle script runner
JavaScript
37
star
73

fstream-ignore

JavaScript
37
star
74

wombat-cli

The wombat cli tool.
JavaScript
35
star
75

npme-installer

npm Enterprise installer
JavaScript
35
star
76

benchmarks

The npm CLI's benchmark suite
JavaScript
33
star
77

couch-login

A module for doing logged-in requests against a couchdb server
JavaScript
33
star
78

npm-audit-report

npm audit security report
JavaScript
33
star
79

libnpmexec

npm exec (npx) Programmatic API
JavaScript
33
star
80

ansible-nagios

Ansible role for building Nagios 4.
Perl
32
star
81

config

Configuration management for https://github.com/npm/cli
JavaScript
32
star
82

npm-profile

Make changes to your npmjs.com profile via cli or library
JavaScript
31
star
83

unique-slug

Generate a unique character string suitible for use in files and URLs.
JavaScript
31
star
84

parse-conflict-json

Parse a JSON string that has git merge conflicts, resolving if possible
JavaScript
31
star
85

fstream-npm

fstream class for creating npm packages
JavaScript
30
star
86

redsess

Yet another redis session thing for node.
JavaScript
30
star
87

concurrent-couch-follower

a couch follower wrapper that you can use to be sure you don't miss any documents even if you process them asynchronously.
JavaScript
28
star
88

npm-registry-mock

mock the npm registry
JavaScript
27
star
89

lint

lint the npmcli way
JavaScript
26
star
90

libnpmsearch

programmatic API for the shiny new npm search endpoint
JavaScript
25
star
91

fs

filesystem helper functions, wrappers, and promisification for the npm cli
JavaScript
24
star
92

libnpmaccess

programmatic api for `npm access`
JavaScript
24
star
93

bin-links

.bin/ script linker
JavaScript
23
star
94

logos

official logos for npm, Inc
22
star
95

public-api

21
star
96

deprecate-holder

An npm package that holds a spot.
21
star
97

libnpmversion

library to do the things that 'npm version' does
JavaScript
20
star
98

ui

user interface layer for the npm CLI
19
star
99

captain-hook

slack bot that provides subscription service for npm webhooks
JavaScript
19
star
100

npm-hook-slack

Report on registry events to slack, tersely.
JavaScript
19
star