{"id":13452079,"url":"https://github.com/npm/tink","last_synced_at":"2025-09-27T10:31:57.310Z","repository":{"id":44454158,"uuid":"142602900","full_name":"npm/tink","owner":"npm","description":"a dependency unwinder for javascript ","archived":true,"fork":false,"pushed_at":"2021-05-09T18:17:05.000Z","size":1061,"stargazers_count":2153,"open_issues_count":23,"forks_count":64,"subscribers_count":66,"default_branch":"latest","last_synced_at":"2024-09-20T17:42:28.003Z","etag":null,"topics":["javascript","npm","package-manager","tink"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/npm.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-07-27T16:57:34.000Z","updated_at":"2024-08-13T02:57:38.000Z","dependencies_parsed_at":"2022-09-13T02:40:16.832Z","dependency_job_id":null,"html_url":"https://github.com/npm/tink","commit_stats":null,"previous_names":[],"tags_count":52,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/npm%2Ftink","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/npm%2Ftink/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/npm%2Ftink/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/npm%2Ftink/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/npm","download_url":"https://codeload.github.com/npm/tink/tar.gz/refs/heads/latest","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":219871972,"owners_count":16554475,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["javascript","npm","package-manager","tink"],"created_at":"2024-07-31T07:01:12.149Z","updated_at":"2025-09-27T10:31:51.982Z","avatar_url":"https://github.com/npm.png","language":"JavaScript","readme":"# tink [![npm](https://img.shields.io/npm/v/tink.svg)](https://npm.im/tink) [![license](https://img.shields.io/npm/l/tink.svg)](https://npm.im/tink) [![Travis](https://img.shields.io/travis/npm/tink.svg)](https://travis-ci.org/npm/tink) [![AppVeyor](https://ci.appveyor.com/api/projects/status/github/npm/tink?svg=true)](https://ci.appveyor.com/project/npm/tink) [![Coverage Status](https://coveralls.io/repos/github/npm/tink/badge.svg?branch=latest)](https://coveralls.io/github/npm/tink?branch=latest)\n\n[`tink`](https://github.com/npm/tink) is an experimental package manager for\nJavaScript. Don't expect to be able to use this with any of your existing\nprojects.\n\n## **IN DEVELOPMENT**\n\nThis package is still in development. Do **not** use it for production. It is\nmissing major features and the interface should be considered extremely\nunstable.\n\nIf you're feeling adventurous, though, read ahead...\n\n## Usage\n\n`$ npx tink`\n\n## Table of Contents\n\n* [Features](#features)\n* [Contributing](#contributing)\n* [Acknowledgements](#acknowledgements)\n* [Commands](#commands)\n* [Options](#options)\n\n### Features\n\n* (mostly) npm-compatible project installation\n\n### Contributing\n\nThe tink team enthusiastically welcomes contributions and project\nparticipation! There's a bunch of things you can do if you want to contribute!\nThe [Contributor Guide](CONTRIBUTING.md) has all the information you need for\neverything from reporting bugs to contributing entire new features. Please don't\nhesitate to jump in if you'd like to, or even ask us questions if something\nisn't clear.\n\n### Acknowledgements\n\nBig thanks to [Szymon Lisowiec](https://kysune.me/) for donating the `tink`\npackage name on npm! This package was previously an error logger helper tool,\nbut now it's a package manager runtime!\n\n### Commands\n\n#### A Note About These Docs\n\nThe commands documented below are not normative, and may not reflect the current\nstate of tink development. They are being written separately from the code\nitself, and may be entirely missing, or named something different, or behave\ncompletely different. tink is still under heavy development and you should\nexpect everything to change without notice.\n\n##### \u003ca name=\"tink-shell\"\u003e\u003c/a\u003e `$ tink shell [options] [arguments]`\n\n* Aliases: `tink sh`, `tish`\n\nStarts an interactive `tink` shell. If `-e` or `-p` options are used, the string\npassed to them will be executed as a single line and the shell will exit\nimmediately. If `[arguments]` is provided, it should be one or more executable\nJavaScript files, which will be loaded serially.\n\nThe interactive `tink` shell will automatically generate a `.package-map.json`\ndescribing all expected dependency files, and will fetch and make available any\nmissing or corrupted data, as it's required. `tink` overrides most of Node's\n`fs` API to virtually load `node_modules` off a centralized cache without ever\nlinking or extracting to `node_modules` itself.\n\nBy default, `tink shell` will automatically install and add any missing or\ncorrupted dependencies that are found during the loading process. To disable\nthis feature, use the `--production` or `--offline` options.\n\nTo get a physical `node_modules/` directory to interact with, see [`tink\nunwind`](#tink-unwind).\n\n##### \u003ca name=\"tink-prepare\"\u003e\u003c/a\u003e `$ tink prepare [options] [package...]`\n\n* Aliases: `tink prep`\n\nPreloads declared dependencies. You can use this to make sure that by the time\nyou use [`tink shell`](#tink-shell), all declared dependencies will already be\ncached and available, so there won't be any execution delay from inline fetching\nand repairing. If anything is missing or corrupted, it will be automatically\nre-fetched.\n\nIf one or more `package`s are passed in, they should be the names of packages\nalready in `package.json`, and only the listed packages will be preloaded,\ninstead of preloading all of them. If you want to add a new dependency, use\n[`tink add`](#tink-add) instead, which will also `prepare` the new dependencies\nfor you (so `tink prepare` isn't necessary after a `tink add`).\n\n##### \u003ca name=\"tink-exec\"\u003e\u003c/a\u003e `$ tink exec [options] \u003cpkg\u003e [--] [args...]`\n\n* Aliases: `tink x`, `tx`\n\nLike [`npx`](https://npm.im/npx), but for tink. Runs any binaries directly\nthrough tink.\n\n##### \u003ca name=\"tink-unwind\"\u003e\u003c/a\u003e `$ tink unwind [options] [package...]`\n\n* Aliases: `tink extract`, `tink frog`, `tink unroll`\n\nUnwinds the project's dependencies into physical files in `node_modules/`,\ninstead of using the fs overrides to load them. This \"unwound\" mode can be used\nto directly patch dependencies (for example, when debugging or preparing to\nfork), or to enable compatibility with non-tink-related tools.\n\nIf one or more `[package...]` arguments are provided, the unwinding process will\nonly apply to those dependencies *and their dependencies*. In this case,\n`package` **must** be a **direct** dependency of your toplevel package. You\ncannot selectively unwind transitive dependencies, but you **can** make it so\nthey're the only ones that stick around when you go back to tink mode. See\n[`tink wind`](#tink-wind) for the corresponding command.\n\nIf `--production`, `--only=\u003cprod|dev\u003e`, or `--also=\u003cprod|dev\u003e` options are\npassed in, they can be used to limit which dependency types get unwound.\n\nBy default, this command will leave any files that were already in\n`node_modules/` intact, so your patches won't be clobbered. To do a full reset,\nor a specific reset on a file, remove the specific file or all of\n`node_modules/` manually before calling `tink unwind`\n\n##### \u003ca name=\"tink-wind\"\u003e\u003c/a\u003e `$ tink wind [options] [package...]`\n\n* Aliases: `tink roll`, `tink rewind`, `tink knit`\n\nRemoves physical files from `node_modules/` and configures a project to use\n\"tink mode\" for development -- a mode where dependency files are virtually\nloaded through `fs` API overrides off a central cache. This mode can greatly\nspeed up install and start times, as well as conserve large amounts of space by\nsharing files (securely) across multiple projects.\n\nIf one or more `[package...]` arguments are provided, the wind-up process will\nonly move the listed packages and any non-shared dependencies into the global\ncache to be served from there. Note that only direct dependencies can be\nrequested this way -- there is no way to target specific transitive dependencies\nin `tink wind`, much like in `tink unwind`.\n\nAny individual files in `node_modules` which do not match up with their standard\nhashes from their original packages will be left in place, unless the\n`--wind-all` option is used. For example, if you use [`tink\nunwind`](#tink-unwind), then patch one of your dependencies with some\n`console.log()` calls, and you then do `tink rewind`, then the files you added\n`console.log()` to will remain in `node_modules/`, and be prioritized by `tink`\nwhen loading your dependencies. Any other files, including those for the same\npackage, will be moved into the global cache and loaded from there as usual.\n\n##### \u003ca name=\"tink-add\"\u003e\u003c/a\u003e `$ tink add [options] [spec...]`\n\nDownloads and installs each `spec`, which must be a valid dependency specifier\nparseable by [`npm-package-arg`](https://npm.im/npm-package-arg), and adds the\nnewly installed dependency or dependencies to both `package.json` and\n`package-lock.json`, as well as updating `.package-map.json` as needed.\n\n##### \u003ca name=\"tink-rm\"\u003e\u003c/a\u003e `$ tink rm [options] [package...]`\n\nRemoves each `package`, which should be a package name currently specified in\n`package.json`, from the current project's dependencies, updating\n`package.json`, `package-lock.json`, and `.package-map.json` as needed.\n\n##### \u003ca name=\"tink-update\"\u003e\u003c/a\u003e `$ tink update [options] [spec...]`\n\n* Aliases: `tink up`\n\nRuns an interactive dependency update/upgrade UI where individual package\nupdates can be selected. If one or more `package` arguments are passed in, the\nupdate prompts will be limited to packages in the tree matching those\nspecifiers. The specifiers support full\n[`npm-package-arg`](https://npm.im/npm-package-arg) specs and are used for\n**matching existing dependencies**, not the target versions to upgrade to.\n\nIf run outside of a TTY environment or if the `--auto` option is passed in, all\ndependencies, optionally limited to each named `package`, are updated to their\nmaximum semver-compatible version, effectively simulating a fresh install of the\nproject with the current declared `package.json` dependencies and no\n`node_modules` or `package-lock.json` present.\n\n##### \u003ca name=\"tink-audit\"\u003e\u003c/a\u003e `$ tink audit [options]`\n\n* Aliases: `tink odd`, `tink audi`\n\nExecutes a full security scan of the project's dependencies, using the\nconfigured registry's audit service. `--production`, `--only`, and `--also` can\nbe used to filter which dependency types are checked. `--level` can be used to\nspecify the minimum vulnerability level that will make the command exit with\na non-zero exit code (an error).\n\n##### \u003ca name=\"tink-check-lock\"\u003e\u003c/a\u003e `$ tink check-lock [options]`\n\n* Aliases: `tink lock`\n\nVerifies that `package.json` and `package-lock.json` are in sync. If `--auto` is\nspecified, the inconsistency will be automatically corrected, using\n`package.json` as the source of truth.\n\n##### \u003ca name=\"tink-check-licenses\"\u003e\u003c/a\u003e `$ tink check-licenses [options] [spec...]`\n\nBy default, verifies that the current project has a valid `\"license\"` field, and\nthat all dependencies (and transitive dependencies) have valid licenses\nconfigured.\n\nIf one or more `spec` arguments are provided, this behavior changes such that\nonly the packages specified by the `spec`s get verified according to current\nsettings.\n\nA list of detected licenses will be printed out. Use `--json` to get the\nlicenses in a parseable format.\n\nAdditionally, two `package.json` fields can be used to further configure the\nlicense-checking behavior:\n\n* `\"blacklist\": [licenses...]` - Any detected licenses listed here will trigger an error for `tink check-licenses`. This takes precedence over `\"whitelist\"`\n* `\"whitelist\": [licenses...]` - Any detected licenses NOT listed in here will trigger an error.\n\n##### \u003ca name=\"tink-lint\"\u003e\u003c/a\u003e `$ tink lint [options]`\n\n* Aliases: `tink typecheck`, `tink type`\n\nExecutes the configured `lint` and `typecheck` script(s) (in that order), or a\ndefault baseline linter will be used to report obvious syntax errors in the\ncodebase's JavaScript.\n\n##### \u003ca name=\"tink-build\"\u003e\u003c/a\u003e `$ tink build [options]`\n\nExecutes the configured `build` script, if present, or executes silently.\n\n##### \u003ca name=\"tink-clean\"\u003e\u003c/a\u003e `$ tink clean [options]`\n\nRemoves `.package-map.json` and executes the `clean` run-script, which should\nremove any artifacts generated by [`tink build`](#tink-build).\n\n##### \u003ca name=\"tink-test\"\u003e\u003c/a\u003e `$ tink test [options]`\n\nExecuted the configured `test` run-script. Exits with an error code if no `test`\nscript is configured.\n\n##### \u003ca name=\"tink-check\"\u003e\u003c/a\u003e `$ tink check`\n\nExecutes all verification-related scripts in the following sequence, grouping\nthe output together into one big report:\n\n1. [`tink check-lock`](#tink-check-lock) - verify that the `package-lock.json` and `package.json` are in sync, and that `.package-map.json` is up to date.\n1. [`tink audit`](#tink-audit) - runs a security audit of the project's dependencies.\n1. [`tink check-licenses`](#tink-check-licenses) - verifies that the current project has a license configured, and that all dependencies have valid licenses, and that none of those licenses are blacklisted (or, if using a whitelist, that they are all in said whitelist -- see the `tink check-licenses` docs for details).\n1. [`tink lint`](#tink-lint) - runs the configured linter, or a general, default linter that statically scans for syntax errors.\n1. [`tink build`](#tink-build) - if a build script is configured, the build will be executed to make sure it completes successfully -- otherwise, this step is skipped.\n1. [`tink test`](#tink-test) - runs the configured test suite. skipped if no tests configured, but a warning will be emitted.\n\nThe final report includes potential action items related to each step. Use\n`--verbose` to see more detailed output for each report.\n\n##### \u003ca name=\"tink-publish\"\u003e\u003c/a\u003e `$ tink publish [options] [tarball...]`\n\nPublishes the current package to the configured `registry`. The package will be\nturned into a tarball using `tink pack`, and the tarball will then be uploaded.\nThis command will also print out a summary of tarball details, including the\nfiles that were included and the hashes for the tarball.\n\nIf One-Time-Passwords are configured on the registry and the terminal is a TTY,\nthis command will prompt for an OTP token if `--otp \u003ctoken\u003e` is not used. If\nthis happens outside of a TTY, the command will fail with an EOTP error.\n\nUnlike `npm publish`, `tink publish` **requires** that `package.json` include a\n`\"files\":[]` array specifying which files will be included in the publish,\notherwise the publish will fail with an error. `.npmignore` is obeyed, but does\nnot remove the requirement for `\"files\"`.\n\nIf `--dry-run` is used, all steps will be done, except the final data upload to\nthe registry. Because the upload never happens, `--dry-run` can't be used to\nverify that publish credentials work.\n\nIf one or more `tarball` arguments are passed, they will be treated as\n[`npm-package-arg`](https://npm.im/npm-package-arg) specifiers, fetched, and\nre-published. This is most useful with git repositories and local tarballs that\nhave already been packaged up by [`tink pack`](#tink-pack)\n\n##### \u003ca name=\"tink-pack\"\u003e\u003c/a\u003e `$ tink pack [options] [spec...]`\n\nCollects the current package into a tarball and writes it to\n`./\u003cpkgname\u003e-\u003cpkgversion\u003e.tgz`. Also prints out a summary of tarball details,\nincluding the files that were included and the hashes for the tarball.\n\nUnlike `npm pack`, `tink pack` **requires** that `package.json` include a\n`\"files\":[]` array specifying which files will be included in the publish,\notherwise the publish will fail with an error. `.npmignore` is obeyed, but does\nnot remove the requirement for `\"files\"`.\n\nIf one or more `spec` arguments are passed, they will be treated as\n[`npm-package-arg`](https://npm.im/npm-package-arg) specifiers, fetched, and\ntheir tarballed packages written to the current directory. This is most useful\nfor fetching the tarballs of registry-hosted dependencies. For example: `$ tink\npack react@1.2.3` will write the tarball to `./react-1.2.3.tgz`.\n\n##### \u003ca name=\"tink-login\"\u003e\u003c/a\u003e `$ tink login`\n\nUse this command to log in to the current npm registry. This command may open a\nbrowser window.\n\n##### \u003ca name=\"tink-logout\"\u003e\u003c/a\u003e `$ tink logout`\n\nUse this command to remove any auth tokens for the current registry from your\nconfiguration.\n","funding_links":[],"categories":["JavaScript","package-manager"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnpm%2Ftink","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnpm%2Ftink","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnpm%2Ftink/lists"}