Como instalar pacotes NPM do GitHub

O NPM é uma ferramenta de gerenciamento de pacotes de nós usada para baixar ou publicar pacotes de nós por meio do registro de pacotes npm . Ele vem junto com a node.jsconfiguração. npmjsoferece vários pacotes de código aberto, como Lodash, React e Chalk para acelerar o processo de desenvolvimento.

Muitas vezes, os pacotes não são publicados no npmjsregistro, mas ainda podem ser usados ​​em um projeto de nó usando a npmferramenta CLI. Este guia explica os detalhes da instalação de pacotes NPM públicos e privados do GitHub.

Instalar pacotes do Github

O npmcomando pode instalar pacotes públicos do npmjsregistro usando o installcomando:

npm install package-name package-name2
# or 
npm i package-name package-name2

Às vezes, os pacotes não são publicados no npmjsregistro, mas ainda podem ser instalados usando o npm. A npmferramenta pode acessar e instalar qualquer projeto de nó público como uma dependência do GitHub:

npm i https://github.com/user_name/node_project_name

O npmcomando tentará instalar o pacote usando git clone. O npmcomando também pode instalar o pacote de diferentes estados do repositório GitHub usando um commitvalor de hash, que pode ser usado para instalar o pacote com um ID de confirmação:

npm install use_name/node_project#commit

Nota: O @símbolo representa o npmescopo, uma técnica para agrupar todas as dependências de um usuário ou organização em uma pasta. Um nome de pacote sem @e com name\namepadrão será tratado como um repositório de pacotes do GitHub.

O branchnome pode ser usado para instalar uma ramificação como um pacote:

npm install use_name/node_project#branch_name

Da mesma forma, os nomes tagou versionpodem ser usados ​​para instalar uma versão específica de um pacote do GitHub:

npm install use_name/node_project@tag #user_name/node_project@release
npm install use_name/node_project@version #user_name/node_project@1.0.0

gisttambém pode ser adicionado usando o id de a gist:

npm install gist/gist_id

Instalar pacotes privados do Github

Um npmpacote pode ser instalado de um repositório GitHub privado usando um link de repositório SSH. Os links SSH estão disponíveis apenas para usuários logados e podem ser usados ​​para acessar os repositórios privados do seu GitHub. O protocolo SSH usa um algoritmo de criptografia de chave pública para autenticar o comando para acessar os repositórios do GitHub e precisa ser configurado com a conta do GitHub usando as chaves SSH. Um repositório privado do GitHub pode ser instalado usando o git+sshprotocolo as:

npm install git+ssh://git@github.com:user_name/node_project.git

Observação: um pacote do GitHub deve ter um package.jsonarquivo significativo para ser instalado como um pacote.

Sinalizadores adicionais de instalação do NPM

O npmcomando install também fornece muitos outros recursos. Por exemplo, rangepode ser usado para instalar um pacote com um determinado intervalo para a versão:

npm install use_name/node_project">=1.0.0 <=2.0.0"

As versões geralmente são baseadas em semver . --forceinstalará um pacote do repositório de pacotes remoto:

npm install pacakge_name --force

globalos pacotes são instalados na pasta global npm , que é acessível a todos os projetos:

npm install pacakge_name -global

O --ignore-scriptssinalizador é usado para pular a execução do npm-scriptsbloco. E, finalmente, o uninstallcomando é usado para remover as dependências de projetos locais e o -gsinalizador é usado para remover as dependências globais.

Pontas

• Um branch específico também pode ser instalado usando:

https://github.com/{USER}/{REPO}/tarball/{BRANCH}

• Considere ler a licença do repositório cuidadosamente antes de usar qualquer dependência.
• Encontre informações úteis sobre npmtrends .
• Use a ferramenta Bit para distribuir componentes de um projeto como um pacote independente.
• Use um alias curto como npm i package-namena npmversão 5 ou superior sem a --saveopção. npm5+ adicionará automaticamente o pacote como uma dependência.

 

A npminstalação do GitHub é bastante útil para testar pacotes. Ele também oferece a flexibilidade de instalar qualquer branch, versão, tag e assim por diante. Boa codificação!

What is GEEK

Buddha Community

How to Compare Multiple GitHub Projects with Our GitHub Stats tool

If you have project code hosted on GitHub, chances are you might be interested in checking some numbers and stats such as stars, commits and pull requests.

You might also want to compare some similar projects in terms of the above mentioned stats, for whatever reasons that interest you.

We have the right tool for you: the simple and easy-to-use little tool called GitHub Stats.

Let’s dive right in to what we can get out of it.

Getting started

This interactive tool is really easy to use. Follow the three steps below and you’ll get what you want in real-time:

1. Head to the GitHub repo of the tool

2. Enter as many projects as you need to check on

3. Hit the Update button beside each metric

In this article we are going to compare three most popular machine learning projects for you.

#github #tools #github-statistics-react #github-stats-tool #compare-github-projects #github-projects #software-development #programming

Stay Safe on GitHub: Security Practices to Follow

GitHub is undoubtedly the largest and most popular social development platform in the world. According to its 2019 State of the Octoverse Report, GitHub is home to over 40 million, and the community keeps expanding every day.

As developers in this deeply interconnected community use open source code to build software, Github security should be a top priority. This is because extensive code re-use increases the risk of distributing vulnerabilities from one dependency or repository to another. As such, every contributor should focus on creating a secure development environment.

Here are eight security practices that GitHub users can follow to stay safe and protect their code:

Strengthen Access Controls

Implementing proper access control is one of the best practices for enhancing security, not only on GitHub but in every other environment where code security is imperative.

GitHub offers several options that users can employ to reduce the risk of improper exposure. But to start with, it is important to employ the least privilege model where users are only granted necessary permissions.

Here are some basic access control guidelines that you should follow:

• Restrict the creation of repositories to prevent users from exposing organization information in public repositories.
• Enable branch protection and status checks to ensure users can merge commits or manipulate branches safely.
• Allow or disallow forking private repositories to ensure users do not expose or share organizational code with unauthorized parties.
• Revoke access for all inactive users who are no longer part of the contributors.

#tutorial #github #access control #software security #repository management #github issues #source code analysis #github apps #github enterprise #git best practices

Stay Safe on GitHub: Security Practices to Follow

GitHub is undoubtedly the largest and most popular social development platform in the world. According to its 2019 State of the Octoverse Report, GitHub is home to over 40 million, and the community keeps expanding every day.

As developers in this deeply interconnected community use open source code to build software, Github security should be a top priority. This is because extensive code re-use increases the risk of distributing vulnerabilities from one dependency or repository to another. As such, every contributor should focus on creating a secure development environment.

Here are eight security practices that GitHub users can follow to stay safe and protect their code:

Strengthen Access Controls

Implementing proper access control is one of the best practices for enhancing security, not only on GitHub but in every other environment where code security is imperative.

GitHub offers several options that users can employ to reduce the risk of improper exposure. But to start with, it is important to employ the least privilege model where users are only granted necessary permissions.

Here are some basic access control guidelines that you should follow:

• Restrict the creation of repositories to prevent users from exposing organization information in public repositories.
• Enable branch protection and status checks to ensure users can merge commits or manipulate branches safely.
• Allow or disallow forking private repositories to ensure users do not expose or share organizational code with unauthorized parties.
• Revoke access for all inactive users who are no longer part of the contributors.
• Review access rights to your GitHub projects periodically.
• Ensure users do not share GitHub accounts or passwords.
• Ensure every contributor uses two-factor authentication on their account.
• Rotate personal access tokens and SSH keys

#tutorial #github #access control #software security #repository management #github issues #source code analysis #github apps #github enterprise #git best practices

Stay Safe on GitHub: Security Practices to Follow

gthen Access Controls

Implementing proper access control is one of the best practices for enhancing security, not only on GitHub but in every other environment where code security is imperative.

GitHub offers several options that users can employ to reduce the risk of improper exposure. But to start with, it is important to employ the least privilege model where users are only granted necessary permissions.

Here are some basic access control guidelines that you should follow:

• Restrict the creation of repositories to prevent users from exposing organization information in public repositories.
• Enable branch protection and status checks to ensure users can merge commits or manipulate branches safely.
• Allow or disallow forking private repositories to ensure users do not expose or share organizational code with unauthorized parties.
• Revoke access for all inactive users who are no longer part of the contributors.
• Review access rights to your GitHub projects periodically.
• Ensure users do not share GitHub accounts or passwords.
• Ensure every contributor uses two-factor authentication on their account.
• Rotate personal access tokens and SSH keys

Never Store Credentials in Your GitHub Files

Leaking secrets to your GitHub repositories, either through code, configuration files, or commit messages, provides a gateway for attacks.

#tutorial #github #access control #software security #repository management #github issues #source code analysis #github apps #github enterprise #git best practices

How to Create a Custom GitHub Actions Using JavaScript — Beginner Level

In this blog, we are going to learn how to create our own custom GitHub action using javaScript.

Prerequisite

• Basic JavaScript Knowledge
• Basic Git & GitHub Knowledge

About GitHub Actions

Automate, customize, and execute your software development workflows right in your repository with GitHub Actions. You can discover, create, and share actions to perform any job you’d like, including CI/CD, and combine actions in a completely customized workflow.

Types of Actions

There are three types of actions: Docker container actions, JavaScript actions, and composite run steps actions.

JavaScript Custom Action

Let’s create a Custom GitHub Action using JavaScript by creating a public repo, once the repo is created, we can clone it to our local machine using VS Code or GitPod. You need to have Node.js 12.x or higher and npm installed on your machine to perform the steps described here. You can verify the node and npm versions with the following commands in a VS Code or GitPod terminal.

node --version 
npm --version

#github #github-tutorial #github-actions #github-trend