Cli

This project is a command line interface for managing, installing, and publishing JavaScript packages to a remote registry. It serves as a dependency resolution tool, a software registry publishing client, and a security auditor for Node.js development workflows.

The tool distinguishes itself by providing integrated monorepo workspace management and a comprehensive registry authentication client that supports multi-factor authentication. It enables detailed control over the software supply chain through provenance attestations, package signature verification, and the generation of a Software Bill of Materials.

Capabilities cover the entire package lifecycle, including project bootstrapping through manifest initialization and the coordination of multi-package repositories. It handles dependency tree optimization via hoisting and version locking, provides vulnerability remediation through security auditing, and manages package distribution using version tags and deprecation markers.

The system includes a diagnostic utility to verify runtime environment health, registry connectivity, and file system permissions.

Features

Dependency Installers - Provides core functionality to download and manage external packages and their version requirements to ensure consistent environments.

Package Managers - Provides the primary system for installing, updating, and managing JavaScript libraries and project dependencies.

Publishing Clients - Ships a client for uploading code modules to a remote registry and managing version tags and access permissions.

Dependency Lockfiles - Uses lockfiles to fix dependency versions, ensuring reproducible installations across different environments.

Package Publishing - Provides capabilities to upload developed code and package metadata to remote registries for distribution.

Dependency Auditing - Scans installed packages for known security vulnerabilities and outdated versions.

Monorepo Managers - Coordinates multiple related packages within a single repository to manage shared dependencies and synchronized builds.

Package Manager CLIs - Provides a comprehensive command line interface for installing, managing, and publishing JavaScript packages.

Package Manager Preferences - Ships a comprehensive set of global and local preferences defining package resolution and installation behavior.

Package Registries - Manages the distribution of versioned code archives through a centralized remote package registry.

Package Registry Clients - Provides a CLI tool for interacting with package registries to upload modules and manage metadata.

Package Script Execution - Enables the execution of custom project commands defined within the package manifest.

Registry Authentication - Manages user logins and authentication tokens to provide secure access to package registries.

Deterministic Dependency Locking - Uses lockfiles to fix dependencies to specific versions, ensuring reproducible installations across different environments.

Multi-Package Workspaces - Enables the creation of sub-package directories and their registration in the root manifest for monorepo management.

Workspace Compilation - Orchestrates installation and build commands across multiple related packages within a single project workspace.

Workspace Execution Scoping - Supports executing specific commands across multiple project workspaces in a monorepo context.

Library Version Resolution - Implements logic for calculating compatible version sets for software libraries to satisfy project requirements.

Vulnerability Management - Applies updates to the dependency tree to remediate known security vulnerabilities.

Dependency Vulnerability Scanners - Analyzes project dependencies to detect known security vulnerabilities and protect the software supply chain.

Provenance Verification - Validates the authenticity and integrity of downloaded packages using cryptographic signatures and provenance attestations.

Dependency Vulnerability Scanning - Scans installed project packages for known security vulnerabilities using vulnerability databases to protect the supply chain.

Project Bootstrapping Tools - Provides interactive prompts and templates to generate initial project manifests and metadata.

Global Installation Managers - Enables installation of packages into specific project directories for local use or system-wide prefixes for global access.

Temporary Binary Execution - Provides a way to execute binaries from remote packages without requiring permanent local installation.

Ownership Management - Provides utilities to manage team membership and owner assignments for packages published to a registry.

Publishing Restrictions - Implements mechanisms to mark packages as private or target internal registries to prevent public leaks.

Clean Installations - Implements a clean installation process that removes existing modules to ensure a fresh environment from a lockfile.

Tree Structure Strategies - Determines how packages are structured in the dependency tree using hoisting, nesting, or linking strategies.

Installation Script Disablers - Controls the execution of installation scripts using an approved package list to enhance security.

Environment Path Management - Allows users to run binaries from installed packages by dynamically managing the environment path.

Local Package Linking - Creates symbolic links between local packages to enable real-time development and testing.

Node.js Development Utilities - Provides foundational utilities for executing custom project scripts and package binaries within the Node.js environment.

Optional Dependencies - Enables excluding specific dependency types, such as development or optional packages, from being installed on disk.

Package Caches - Stores downloaded package archives locally to accelerate future installations and reduce network traffic.

Dependency Bloat Reducers - Optimizes the local package tree by moving shared dependencies upward to reduce duplication and disk usage.

Visibility Controls - Allows toggling package visibility between public and private to control who can discover and install them.

Package Manifests - Provides a utility to create the manifest files that define project dependencies and metadata.

Project Initializers - Provides interactive prompts and templates to initialize new project manifest files.

CLI Configuration - Provides a system for configuring CLI behavior via command line switches, environment variables, and config files.

Dependency Source Restrictors - Limits package installation to trusted sources such as local directories, git repositories, or specific URLs.

Dependency Hoisting - Optimizes the dependency tree by hoisting shared packages to the root to reduce disk duplication.

Multi-Factor Authentication - Enforces multi-factor authentication for publishing and automation to secure the software supply chain.

Private Repository Access Controls - Manages read and write permissions for users and teams accessing private packages.

Registry Authentication Managers - Manages local API tokens and secure user logins to enable authenticated access to private package registries.

Signature Verification Tools - Validates registry signatures and provenance attestations to ensure the integrity of downloaded packages.

Peer Dependency Validators - Performs strict compatibility checks that treat conflicting peer dependencies as installation failures.

Software Bill of Materials Generators - Automatically generates comprehensive inventories of software components and dependencies for security and compliance auditing.

Build Tools and Bundlers - Standard package manager for the JavaScript ecosystem.

Developer Tools and Frameworks - Package management tool for the JavaScript ecosystem.

Package Management - Standard JavaScript package manager.

Package Managers - The official command-line interface for the registry.

npmcli

Features

Star history