Hello,
I’m getting into toolbox & everything npm, web development seems like a good use case for it (?)
I’ve always been concerned from a security point of view everytime I run use npm…
Does it makes sense ?
If yes what are the best practice and workflow to best use toolbox in this context ? (I searched but I haven’t found anything & toolbox is not google friendly)
Many thanks
If yes what are the best practice and workflow to best use toolbox in this context?
I guess that would depend on how you wish to handle module installation.
Do you usually npm install globally or locally (node_modules)?
If you need globally installed modules, but still wish to handle them and their versioning on a per project basis, you could theoretically just create separate instances of toolbox for each project.
In which case you would soon end up with a ton of toolbox instances just so you can isolate a few js packages. That doesn’t feel right.
I’d settle with separate virtual environments in a single node-focused toolbox instead.
That way you can even install common system deps for stuff that’s not likely to break your projects.
You could use nodeenv inside your toolbox to accomplish that.
For a project I usually have them installed locally : express, react, etc.
But I do have a few tools globally of course like npx, create-react-app, now, etc.
For the globally installed tools I have them in my home (to avoid sudo) somewhere (by doing npm config set prefix "${HOME}/.npm-global" & a few lines in my .bashrc.
Of course that does not make much sense in the context of Toolbox and that’s when I figured out I was missing something…