bunches
v0.0.1-final
Published
I've got my hunches, they come in bunches.
Downloads
3
Maintainers
Readme
Bunches
Bunches allows you to open up most of your application, whilst keeping your secret sauce secret. Bunches provides conventions for installing node modules without adding dependencies to your package.json
. This enables you to inject code which needs to remain secret—code which is proprietary or contains core business logic—within both your local and cloud environments.
Bunches defines the bunches
script which has the flags --mixin-secret-plugins
and --remove-secret-plugins
, which when used in conjunction around your npm install
step install your secret dependencies without modifying your package.json
.
Installation
npm install bunches
Usage
Add the following setup and teardown scripts to your package.json
.
"preinstall": "bunches --mixin-secret-plugins", "postinstall": "bunches --remove-secret-plugins",
Then, add a bunches dependencies object to your .env
file.
For example, the following declaration will install bananaphone 0.0.5.
BUNCHES_DEPENDENCIES="{"bananaphone":"0.0.5"}"
Use JSON.stringify to convert a JavaScript object into a string and assign it to BUNCHES_DEPENDENCIES
. The example above was generated with JSON.stringify({ bananaphone: "0.0.5" })
which returns the string "{"bananaphone":"0.0.5"}"
.
When requiring a secret dependency you may be relying on a secure remote git repo. Take whatever URI your service provides for cloning and ensure its protocol begins with git. If it's protocol is ssh
, replace it with git+ssh
, if it's protocol is https
, replace it with git+https
.
NOTE: Bunches will modify the package-lock.json
for the project which you are installing optional dependencies, indicating that those modules are installed. Only commit this file if you want to expose optional dependencies.