@boco/packman v0.22.0

@boco/packman

Bulk download, publish, and copy packages and their dependencies by using the command line.

Currently supports npm but future support for pypi and other package managers is planned.

Getting Started

Install packman:

npm install @boco/packman -g

Using the CLI

packman uses commander and is modular by design. There are three layers of commands.

1. The first layer are named after the package managers: npm, pypi, nexus, etc.
2. The second layer are the names of the operations: download, publish, copy, etc.
3. The third and last layer are modes of operation: package, package-lock, etc.

We don't nest deeper than three layers. Anything beyond that is an argument. The primary arguments are typically unprefixed, whereas the rest are prefixed with --. Check the usage info for the details.

You can append --help at any layer to see the relavent arguments and sub-commands. So you can run:

• packman --help
• packman command --help
• packman command sub-command --help

npm

Download packages

Download packages based on any of the following:

• the name and version of a package
• a local package-lock.json file
• the url to a package-lock.json file
• a local package.json file
• the url to a package.json file
• the results of an npm search by keyword

Packages can be downloaded from any npm repository.

• The default is https://registry.npmjs.org/.
• The registry can often be overriden by using the --registry, --source, or --target arguments, depending on the command. Check the command's arguments to be sure.

The downloaded packages will be stored by default in a tarballs subdirectory of the current directory.

• The subdirectory will be created if necessary.
• You can specify a different subdirectory by using the --directory argument.

package name and version

by name:

packman npm download package lodash

Will download the latest version of the package.

by name and version:

packman npm download package lodash 4.17

by name, including devDependencies and peerDependencies:

packman npm download package lodash --devDependencies --peerDependencies

package-lock.json

from local file:

packman npm download package-lock ./path/to/package-lock.json

from url:

packman npm download package-lock https://path/to/package-lock.json

package.json

from local file:

packman npm download package-json ./path/to/package.json

from url:

packman npm download package-json https://path/to/package.json

search keyword:

downloads the packages returned from an npm search query (https://registry.npmjs.org/-/v1/search?)

packman npm download search lodash

Keep in mind that all of the packages returned in the search results and their dependencies will be downloaded. If you're not careful, this could download a huge number of packages, which is probably not what you want. Wield with care.

Publish packages

Publish packages stored in a directory generated by the npm download command (e.g., ./tarballs) to the current registry.

The packman npm publish command does not perform authentication. You have to authenticate with the target registry before you run it.

Publish with npm

packman npm publish tarballs ./path/to/tarballs

By default, the packages will be published to the current registry. You can publish to a different registry by using the --registry argument.

packman npm publish --registry http://localhost:4873/

Copy packages

The packman npm copy command essentially downloads all the specified packages from a source registry and publishes them to a target registry.

• The source registry must be specified, except for the package-lock mode.
• The default target registry is always the current registry, determined by running npm get registry. It can be overridden by passing the --target argument.

Many of the copy subcommands and arguments mirror the download subcommands and arguments, but there are a few important differences:

• download uses the current registry as its source, whereas copy uses it as its target.
• copy uses --source and --target arguments (as necessary) to specify the registries instead of the download command's --registry argument.
• copy generates a new timestamped tarballs directory every time the command is run, whereas download reuses the single tarballs subdirectory.

Note that the list of differences is based on the default behavior when the relevant arguments are not overridden.

package name and version

by name:

packman npm copy package lodash --source https://registry.npmjs.org/

Will download and then publish the latest version of the package.

by name and version:

packman npm copy package lodash 4.17 --source https://registry.npmjs.org/

by name, including devDependencies and peerDependencies:

packman npm copy package lodash --devDependencies --peerDependencies --source https://registry.npmjs.org/

package-lock.json

The --source argument is not supported for the package-lock command because the absolute URIs of the packages are specified in the package-lock.json file.

from local file:

packman npm copy package-lock ./path/to/package-lock.json

from url:

packman npm copy package-lock https://path/to/package-lock.json

package.json

from local file:

packman npm copy package-json ./path/to/package.json --source https://registry.npmjs.org/

from url:

packman npm copy package-json https://path/to/package.json --source https://registry.npmjs.org/

search keyword:

downloads the packages returned from an npm search query (https://registry.npmjs.org/-/v1/search?)

packman npm copy search lodash --source https://registry.npmjs.org/

Keep in mind that all of the packages returned in the search results and their dependencies will be downloaded and then published. If you're not careful, this could download a huge number of packages, which is probably not what you want. It might also take a significant amount of time to publish them. Wield with care.

Nexus

For the most part, we will work with packages hosted in Nexus using their respective clients and will almost never use the Nexus API directly. However, accessing the Nexus API directly is sometimes necessary.

Publish packages

Publishing packages stored in a directory generated by the npm download command (e.g., ./tarballs) to the current registry.

The packman nexus publish command does not perform authentication. You have to authenticate with the target registry before you run it.

packman nexus publish tarballs ./path/to/tarballs

By default, the packages will be published to the current registry. You can publish to a different registry by using the --registry argument.

packman nexus publish tarballs --registry http://localhost:4873/

credit

Forked from node-tgz-downloader and combined with other repositories by @Meir017