Repo for tricking NPM into not hoisting your package. No dependencies and a warning if imported.

Overview

noist (Short for No Hoist)

Repo for tricking NPM into not hoisting your package. No dependencies and a warning if imported.

Why?

As of npm@7 NPM supports NPM Workspaces which allows you to have multiple npm packages in a single folder structure.

NPM workspaces has a feature that deduplicates packages that are found multiple times in the folder structure.

For example, say there are two packages, package-a and package-b that both depend on jest@24

NPM 7+ will recognize this dependency is identical and "hoist" that package to the root of your mono repo, resulting in a tree like this:

node_modules/
  jest@24
packages/
  package-a
  package-b

The node resolution algorithm will search up the tree and find it successfully.

There are quite a few pitfalls related to hoisting, notably if the package has peerDependencies or requires a single-copy in the tree this can cause issues where sibling dependencies end up importing the wrong package.

Thankfully, until this is fixed in npm itself @ruyadorno from the npm team proposed a workaround prisma/prisma#9649

This package is created to facilitate that workaround with the following requirements:

  • There are NO dependencies of this node package
  • The package instantly throws an error warning you and linking to this document if you accidentally import it

How?

If you want to use this, first of all, try not to have to by syncing up your dependency tree and aligning to similar versions.

If you do need to use this you can install it at the root of your NPM workspaces repo with:

npm i package-to-not-hoist@npm:noist@1

Confirm you have it downloaded by:

cat node_modules/package-to-not-hoist/package.json

Make sure you replace package-to-not-hoist with the actual npm package you want to replace.

Security

The reason I made this package with 0 dependencies is to protect from having erroneous packages with random dependencies being injected into the tree (especially when they won't end up matching the names).

One thing to consider if you are looking to use this package however is to not use it straight away, after all that would be trusting me entirely to not do the same thing I was not willing to trust above, but to fork this repo and publish your own version of this package for your and your companies use.

I don't anticipate publishing any new version of this package ever, but it is always best to be cautious with any dependency you install.

Contributing

If you want to contribute docs or examples to this repo feel free, my hope is that this is a stop gap measure and won't be needed once npm supports a nohoist flag or some feature that is similar.

Subscribe to this RFC on npm to be notified if and when this feature is built-into npm workspaces.

You might also like...

NPM Package to integrate ONDC into Node.js backend

ondc-node This library can be used to integrate ONDC in JavaScript based applications. Package is developed in TypeScript and will work with Node.Js &

Dec 11, 2022

portfolio-project is a npm package to automatically update your projects section in your portfolio website. It will fetch the selected repositories directly from your GitHub account.

portfolio-project is a npm package to automatically update your projects section in your portfolio website. It will fetch the selected repositories directly from your GitHub account.

portfolio-project Those days of manually updating portfolio website after every new project made are gone ⚡ Yesss . . . you read that right. 😉 portfo

Aug 3, 2021

Another logger in JS. This one offers a console.log-like API and formatting, colored lines and timestamps (or not if desired), all that with 0 dependencies.

Another logger in JS. This one offers a console.log-like API and formatting, colored lines and timestamps (or not if desired), all that with 0 dependencies.

hellog Your new logger ! hellog is a general-purpose logging library. It offers a console.log-like API and formatting, extensible type-safety colored

Jan 5, 2022

This package is for developers to be able to easily integrate bad word checking into their projects.\r This package can return bad words in array or regular expression (regex) form.

Vietnamese Bad Words This package is for developers to be able to easily integrate bad word checking into their projects. This package can return bad

Nov 3, 2022

A "Basic-to-Lisp" compiler. But Basic is not real Basic, and Lisp is not real Lisp.

Basic2Lisp A "Basic-to-Lisp" compiler. But Basic is not real Basic, and Lisp is not real Lisp. Syntax Print-Sth Put some-value to standard output. PRI

Jul 10, 2022

🧩 TypeScript utility type in order to ensure to return only properties (not methods) containing values in primitive types such as number or boolean (not Value Objects)

🧩 TypeScript utility type in order to ensure to return only properties (not methods) containing values in primitive types such as number or boolean (not Value Objects)

🧩 TypeScript Primitives type TypeScript utility type in order to ensure to return only properties (not methods) containing values in primitive types

Dec 7, 2022

Free to use and not for sale. This repo uses scrape or data.json

Aine-MD This script is free, if caught sold, this script will be deleted immediately. Don't forget to follow my github Script ini gratis, Jika ketahua

Dec 30, 2022
Comments
  • extends functionality to typescript

    extends functionality to typescript

    This adds typings to the package so typescript doesn't error out when used to no hoist types packages.

    Let me know if I should increment the package version or anything else.

    Thanks!

    opened by knoid 0
Owner
Zackery Griesinger
Software Developer in Kansas City
Zackery Griesinger
Package fetcher is a bot messenger which gather npm packages by uploading either a json file (package.json) or a picture representing package.json. To continue...

package-fetcher Ce projet contient un boilerplate pour un bot messenger et l'executable Windows ngrok qui va permettre de créer un tunnel https pour c

AILI Fida Aliotti Christino 2 Mar 29, 2022
Show npm package authors and maintainers of your dependencies and devDependencies.

your-deps-authors Show npm package authors and maintainers of your dependencies and devDependencies. Usage $ npx your-deps-authors ╔══════════════════

Sosuke Suzuki 6 Sep 29, 2022
In this project, I built a simple HTML list of To-Do tasks. This simple web page was built using Webpack, creating everything from a JavaScript index file that imported all the modules and assets

To Do List In this project, I built a simple HTML list of To-Do tasks. This simple web page was built using Webpack, creating everything from a JavaSc

Andrés Felipe Arroyave Naranjo 10 Mar 31, 2022
npm i uuid, npm i nodemon, npm i commander

goit-nodejs-hw-01 Получаем и выводим весь список контактов в виде таблицы (console.table) node index.js --action list Получаем контакт по id node inde

Oksana Banshchykova 3 Jul 5, 2022
Colorconsole provides an interesting way to display colored info, success, warning and error messages on the developer console in your browser

ColorConsole NPM Package Colorconsole provides an interesting way to display colored info, success, warning and error messages on the developer consol

Hasin Hayder 17 Sep 19, 2022
Grupprojekt för kurserna 'Javascript med Ramverk' och 'Agil Utveckling'

JavaScript-med-Ramverk-Laboration-3 Grupprojektet för kurserna Javascript med Ramverk och Agil Utveckling. Utvecklingsguide För information om hur utv

Svante Jonsson IT-Högskolan 3 May 18, 2022
Hemsida för personer i Sverige som kan och vill erbjuda boende till människor på flykt

Getting Started with Create React App This project was bootstrapped with Create React App. Available Scripts In the project directory, you can run: np

null 4 May 3, 2022
Convert mapart from MapartCraft to Horion NBT data, which can be imported with .nbt load

Horion-Mapart This project aims to convert MCEDIT Schematics generated by MapartCraft to Horion NBT's so you can easily make maparts in minutes in Min

null 2 Jun 22, 2022
A simple and useful jquery plugin that allows you to create a Text Area Character Count Effect with limited warning.

jquery-character-counter A simple and useful jquery plugin that allows you to create a Text Area Character Count Effect with limited warning. #Demo Us

Abdoulie Kassama 0 Dec 28, 2020
Extract a JS/TS module and its dependencies into a new package

module-extractor Extract a module and its dependencies into a new package Usage import { extractModules } from 'module-extractor' const extraction =

Alec Larson 12 Aug 9, 2022