Git based, decentralized and secure package management for JavaScript and Node.js libraries and applications.
v1.1.0).node-gyp..npmignore and .gitignore.Clone and verify:
git clone https://github.com/braydonf/gpk
cd gpk
git verify-commit HEAD
Install globally:
gpk install Install dependencies and verify signatures.gpk install https://<url>/<org>/<repo> Install latest tag and add a dependency.gpk install https://<url>/<org>/<repo>#<branch> Install from a specific branch.gpk install -g https://<url>/<org>/<repo> Install a global module.gpk install -g Link a module globally.gpk test Run package tests.gpk run <script> Run package defined script.gpk rebuild Build native addons.gpk uninstall <name> Uninstall and remove a dependency.gpk uninstall -g <name> Uninstall a global module.gpk init Initialize a package.gpk help Display all available commands.Here is how to specify dependencies in package.json:
{
"dependencies": {
"bcoin": "git+https://github.com/bcoin-org/bcoin.git#semver:~2.0.0",
"bcrypto": "git+https://github.com/bcoin-org/bcrypto.git#semver:~4.2.6",
"bmultisig": "git+https://github.com/bcoin-org/bmultisig.git#semver:~2.0.0",
"buffer-map": "git+https://github.com/chjj/buffer-map.git#semver:~0.0.7",
"n64": "git+https://github.com/chjj/n64.git#semver:~0.2.10"
}
}
The signature of the matching Git tag or commit is verified for each dependency. The dependencies must be from a Git repository. The referenced Git tag or commit must be signed and the necessary public keys imported.
You can also use gpk specific shorthand in package.json:
{
"remotes": {
"bcoin-org": "git+https://github.com/bcoin-org/",
"chjj": "git+https://github.com/chjj/"
},
"dependencies": {
"bcoin": "bcoin-org:bcoin.git#semver:~2.0.0",
"bcrypto": "bcoin-org:bcrypto.git#semver:~4.2.6",
"bmultisig": "bcoin-org:bmultisig.git#semver:~2.0.0",
"buffer-map": "chjj:buffer-map.git#semver:~0.0.7",
"n64": "chjj:n64.git#semver:~0.2.10"
}
}
And specify Git branches:
{
"remotes": {
"bcoin-org": "git+https://github.com/bcoin-org/",
},
"dependencies": {
"bcoin": "bcoin-org:bcoin.git#pkg-dependencies",
}
}
The behavior of gpk is that gpk install will not replace an existing module, and will otherwise give an error if an existing installation does not satisfy the current package.json specification.
To upgrade a dependency:
node_modules.gpk install again to fetch an updated version.To upgrade to a version greater than the current version as specified by the semantic version in package.json, it's necessary to update the package.json specification before installing.
It is recommended to commit dependencies into the Git repository, this provides the following benefits:
package-lock.json or npm-shrinkwrap.json from npm-land. For committed dependencies to be used when the package is a dependency, the dependencies should be added to bundleDependencies in package.json.gpk is only necessary for the management and upgrade of dependencies by contributors and maintainers.gpk rebuild, npm rebuild or yarn rebuild can all be used.Note: You can use git commit --author="<alternative-authors>" when commiting a large number of dependencies for purposes of commit statistics.
Nearly all existing Node.js modules can be migrated to use gpk with signature verification. This is because Git and signed tags are already widely for JavaScript and Node.js modules. Migrating to use gpk is handled by specifying the Git remote.
The following package.json specification:
{
"dependencies": {
"bcrypto": "~5.0.4"
}
}
Is replaced with a Git remote:
{
"dependencies": {
"bcrypto": "git+https://github.com/bcoin-org/bcrypto.git#semver:~5.0.4"
}
}
For modules that do not specify Git remotes for their dependencies, it will be necessary to specify those dependencies as well, for example:
{
"dependencies": {
"bcrypto": "git+https://github.com/bcoin-org/bcrypto.git#semver:~5.0.4",
"bufio": "git+https://github.com/bcoin-org/bufio.git#semver:~1.0.6",
"loady": "git+https://github.com/chjj/loady.git#semver:~0.0.1",
"nan": "git+https://github.com/braydonf/nan.git#semver:~2.14.0"
}
}
Otherwise there would be an error, such as Error: Unknown remote for 'bufio'.
To customize the global installation path, use the PREFIX environment variable, for example:
export PREFIX=/home/user/global_node_modules
And then add that to your path, for example:
export PATH="$PREFIX/bin:$PATH"
This may be necessary if the installation of Node.js was via an operating system package manager or otherwise installed at /usr/bin or another path that requires root or admin permissions.
Import the key used for signing:
gpg --recv-keys "5B7D C58D 90FE C1E9 90A3 10BA F24F 232D 108B 3AD4"
And run the tests:
For detailed logging when running tests you can use the environment variable TEST_LOG, for example:
Test data in created in a temporary directory, using this format: /tmp/gpk-test-<name>-<id>/.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4