Bulk download, publish, and copy packages and their dependencies by using the command line.
Currently supports npm but future support for pypi and other package managers is planned.
Install packman:
npm install @boco/packman -gpackman uses commander and is modular by design.
There are three layers of commands.
- The first layer are named after the package managers:
npm,pypi,nexus, etc. - The second layer are the names of the operations:
download,publish,copy, etc. - The third and last layer are modes of operation:
package,package-lock, etc.
We don't nest deeper than three layers.
Anything beyond that is an argument.
The primary arguments are typically unprefixed, whereas the rest are prefixed with --.
Check the usage info for the details.
You can append --help at any layer to see the relavent arguments and sub-commands.
So you can run:
packman --helppackman command --helppackman command sub-command --help
Download packages based on any of the following:
- the name [and version] of a package
- a local
package-lock.jsonfile - the url to a
package-lock.jsonfile - a local
package.jsonfile - the url to a
package.jsonfile - the results of an npm search by keyword
Packages can be downloaded from any npm repository.
- The default is https://registry.npmjs.org/.
- The registry can often be overriden by using the
--registry,--source, or--targetarguments, depending on the command. Check the command's arguments to be sure.
The downloaded packages will be stored by default in a tarballs subdirectory of the current directory.
- The subdirectory will be created if necessary.
- You can specify a different subdirectory by using the
--directoryargument.
packman npm download package lodash
Will download the latest version of the package.
packman npm download package lodash 4.17
packman npm download package lodash --devDependencies --peerDependencies
packman npm download package-lock ./path/to/package-lock.jsonpackman npm download package-lock https://path/to/package-lock.jsonpackman npm download package-json ./path/to/package.jsonpackman npm download package-json https://path/to/package.jsondownloads the packages returned from an npm search query (https://registry.npmjs.org/-/v1/search?)
packman npm download search lodash
Keep in mind that all of the packages returned in the search results and their dependencies will be downloaded. If you're not careful, this could download a huge number of packages, which is probably not what you want. Wield with care.
Publish packages stored in a directory generated by the npm download command (e.g., ./tarballs) to the current registry.
The packman npm publish command does not perform authentication.
You have to authenticate with the target registry before you run it.
packman npm publish tarballs ./path/to/tarballsBy default, the packages will be published to the current registry.
You can publish to a different registry by using the --registry argument.
packman npm publish --registry http://localhost:4873/The packman npm copy command essentially downloads all the specified packages from a source registry and publishes them to a target registry.
- The source registry must be specified, except for the package-lock mode.
- The default target registry is always the current registry, determined by running
npm get registry. It can be overridden by passing the--targetargument.
Many of the copy subcommands and arguments mirror the download subcommands and arguments, but there are a few important differences:
downloaduses the current registry as its source, whereascopyuses it as its target.copyuses--sourceand--targetarguments (as necessary) to specify the registries instead of thedownloadcommand's--registryargument.copygenerates a new timestamped tarballs directory every time the command is run, whereasdownloadreuses the singletarballssubdirectory.
Note that the list of differences is based on the default behavior when the relevant arguments are not overridden.
packman npm copy package lodash --source https://registry.npmjs.org/
Will download and then publish the latest version of the package.
packman npm copy package lodash 4.17 --source https://registry.npmjs.org/
packman npm copy package lodash --devDependencies --peerDependencies --source https://registry.npmjs.org/
The --source argument is not supported for the package-lock command because the absolute URIs of the packages are specified in the package-lock.json file.
packman npm copy package-lock ./path/to/package-lock.jsonpackman npm copy package-lock https://path/to/package-lock.jsonpackman npm copy package-json ./path/to/package.json --source https://registry.npmjs.org/packman npm copy package-json https://path/to/package.json --source https://registry.npmjs.org/downloads the packages returned from an npm search query (https://registry.npmjs.org/-/v1/search?)
packman npm copy search lodash --source https://registry.npmjs.org/
Keep in mind that all of the packages returned in the search results and their dependencies will be downloaded and then published. If you're not careful, this could download a huge number of packages, which is probably not what you want. It might also take a significant amount of time to publish them. Wield with care.
For the most part, we will work with packages hosted in Nexus using their respective clients and will almost never use the Nexus API directly. However, accessing the Nexus API directly is sometimes necessary.
Publishing packages stored in a directory generated by the npm download command (e.g., ./tarballs) to the current registry.
The packman nexus publish command does not perform authentication.
You have to authenticate with the target registry before you run it.
packman nexus publish tarballs ./path/to/tarballsBy default, the packages will be published to the current registry.
You can publish to a different registry by using the --registry argument.
packman nexus publish tarballs --registry http://localhost:4873/Forked from node-tgz-downloader and combined with other repositories by @Meir017