[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-787":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":16,"forks30d":16,"starsTrendScore":16,"compositeScore":19,"rankGlobal":10,"rankLanguage":10,"license":20,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":23,"hasPages":23,"topics":24,"createdAt":10,"pushedAt":10,"updatedAt":25,"readmeContent":26,"aiSummary":27,"trendingCount":16,"starSnapshotCount":16,"syncStatus":28,"lastSyncTime":29,"discoverSource":30},787,"aube","endevco\u002Faube","endevco","A fast Node.js package manager","https:\u002F\u002Faube.en.dev",null,"Rust",1353,28,5,3,0,115,406,82.39,"MIT License",false,"main",true,[],"2026-06-11 04:00:33","\u003Cp align=\"center\">\n \u003Ca href=\"https:\u002F\u002Faube.en.dev\">\n \u003Cimg src=\"assets\u002Flogo.svg\" alt=\"aube logo\" width=\"140\" height=\"140\">\n \u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Ch1 align=\"center\">aube\u003C\u002Fh1>\n\n\u003Cp align=\"center\">\n A fast Node.js package manager that drops into existing projects.\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n \u003Cstrong>aube\u003C\u002Fstrong> means dawn in French. Pronounced \u003Ccode>\u002Fob\u002F\u003C\u002Fcode>, like \"ohb\".\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n \u003Cstrong>\u003Ca href=\"https:\u002F\u002Faube.en.dev\">Read the docs\u003C\u002Fa>\u003C\u002Fstrong>\n\u003C\u002Fp>\n\n## Why Try It\n\n\u003C!-- BENCH_RATIOS:START -->\n**[Fast installs](https:\u002F\u002Faube.en.dev\u002Fbenchmarks).** Warm installs are about 6x faster than pnpm and about 3x faster than Bun in the current benchmarks. Repeat test commands run up to 35x faster than pnpm and up to 4x faster than Bun.\n\u003C!-- BENCH_RATIOS:END -->\n\n**[Existing lockfiles](https:\u002F\u002Faube.en.dev\u002Fpackage-manager\u002Flockfiles).** Reads and writes `pnpm-lock.yaml`, `package-lock.json`, `npm-shrinkwrap.json`, `yarn.lock`, and `bun.lock` in place.\n\n**[Cheap repeat commands](https:\u002F\u002Faube.en.dev\u002Fpackage-manager\u002Fscripts).** `aubr test`, `aube test`, and `aube exec vitest` auto-install when dependencies are stale, then skip that work when nothing changed. `aubx` uses a local binary when one is installed, or a throwaway environment for one-off tools.\n\n**[Less disk use](https:\u002F\u002Faube.en.dev\u002Fpackage-manager\u002Fnode-modules).** A global content-addressable store lets projects share package files instead of keeping a full copy of the same dependencies in every checkout.\n\n**[Secure defaults](https:\u002F\u002Faube.en.dev\u002Fsecurity).** Out of the box, exotic transitive deps are blocked, lifecycle scripts wait for approval, trust downgrades fail at resolve, and brand-new releases sit in a 24h cooling window. One `paranoid: true` line adds the build jail and turns the soft gates into hard fails.\n\n## Install\n\nThe recommended path is mise:\n\n```sh\nmise use -g aube\n```\n\nmise can also manage the [Node.js versions](https:\u002F\u002Fmise.jdx.dev\u002Flang\u002Fnode.html)\nyour projects need. If your projects already pin Node through `package.json`\n(`devEngines.runtime`), `.nvmrc`, or `.node-version`, enable mise's\nidiomatic version-file support for Node:\n\n```sh\nmise settings add idiomatic_version_file_enable_tools node\n```\n\nCheck that it is on your `PATH`:\n\n```sh\naube --version\n```\n\nInside a project, you can also pin aube with mise:\n\n```sh\nmise use aube\n```\n\naube is also published on npm:\n\n```sh\nnpm install -g --ignore-scripts=false @endevco\u002Faube\nnpx --ignore-scripts=false @endevco\u002Faube --version\n```\n\nThe npm package uses an install script to fetch native binaries for\nperformance. The npm commands above include the flag that keeps that\nworking even if your npm config disables scripts. We still recommend mise\nfor the smoothest install and runtime management path.\n\nHomebrew installs come from the Endev tap:\n\n```sh\nbrew install endevco\u002Ftap\u002Faube\n```\n\nSee [other install methods](https:\u002F\u002Faube.en.dev\u002Finstallation).\n\n## First Run\n\nRun aube in an existing Node.js project:\n\n```sh\naubr test\n```\n\n`aubr` is shorthand for `aube run`. Before it starts the script, aube checks\nwhether `node_modules` is fresh for the current `package.json` and lockfile.\nIf dependencies are missing or stale, it installs them first; otherwise it\ngoes straight to the script.\n\nYou usually do not need a separate `aube install` in day-to-day work. Run the\nscript or binary you actually wanted:\n\n```sh\naubr build\naube test\naube exec vitest\naubx cowsay hi\n```\n\nUse `aube install` when the install itself is the task: first local setup\nwithout running a script, updating a lockfile, Docker layers, production-only\ninstalls, or CI flows.\n\nIf the project already has a supported lockfile, aube reads it and writes updates back to the same file. That makes it easy to try aube locally without forcing the rest of the team to switch package managers first.\n\nFor a new project with no lockfile, aube creates `aube-lock.yaml`.\n\n## Daily Commands\n\n```sh\naube add react # add a dependency\naube add -D vitest # add a dev dependency\naube remove react # remove a dependency\naube update # update dependencies within package.json ranges\naubr build # run a package.json script, auto-installing first if needed\naube test # run the test script, auto-installing first if needed\naube exec vitest # run a local binary, auto-installing first if needed\naubx cowsay hi # run a local bin, or fetch one in a throwaway environment\naube install # install only, for setup or lockfile\u002Finstall modes\naube ci # clean, frozen install for CI\n```\n\nYou can also run scripts directly:\n\n```sh\naube dev\naube build\naube lint\n```\n\nIf the script exists in `package.json`, aube treats that as `aube run \u003Cscript>`.\n\n### Shortcuts: `aubr` and `aubx`\n\n`aubr` and `aubx` are multicall shims for `aube run` and `aube dlx`. They\nshare a binary with `aube` and dispatch purely on `argv[0]`, so every flag\nthat works on the full command also works on the shim:\n\n```sh\naubr build # aube run build\naubx cowsay hi # aube dlx cowsay hi\n```\n\n`aubr \u003Cname>` runs a package script first, then falls back to a matching\nlocal binary. `aubx \u003Cname>` prefers an installed local binary before fetching\ninto a throwaway environment; pass `-p` \u002F `--package` to force the package\nthat should be installed for a one-off command.\n\nThe release archives ship all three binaries side by side; no extra\nsetup is needed when you install aube via mise or the tarball.\n\n## CI\n\nUse `aube ci` when the lockfile must be treated as the source of truth:\n\n```sh\naube ci\n```\n\nIt removes `node_modules`, verifies the lockfile is fresh for the current `package.json`, then installs.\n\nFor Docker layers or workflows where you only want to update the lockfile:\n\n```sh\naube install --lockfile-only\n```\n\nFor production-only installs:\n\n```sh\naube install --prod\n```\n\n## Workspaces\n\naube supports workspace projects and the `workspace:` protocol.\n\n```sh\naube install -r\naube run test -r\naube add zod --filter @acme\u002Fapi\n```\n\nIf a project already uses `pnpm-workspace.yaml`, aube can read and write it. New aube-first workspaces can use `aube-workspace.yaml`.\n\n## Lockfile Compatibility\n\n| File | Reads | Writes in place |\n| --- | --- | --- |\n| `aube-lock.yaml` | yes | yes |\n| `pnpm-lock.yaml` v9 | yes | yes |\n| `package-lock.json` v2\u002Fv3 | yes | yes |\n| `npm-shrinkwrap.json` | yes | yes |\n| `yarn.lock` (v1 classic + v2+ berry) | yes | yes |\n| `bun.lock` | yes | yes |\n\naube is not compatible with every historical lockfile shape. Older pnpm v5\u002Fv6 lockfiles should be upgraded with pnpm before switching. Yarn PnP projects need to move to a `node_modules` linker first — aube writes `node_modules`, not `.pnp.cjs`.\n\nWhen more than one lockfile exists, prefer keeping one canonical lockfile for the project so teammates and CI do not fight over dependency state.\n\n## Dependency Scripts\n\naube skips dependency lifecycle scripts by default. That protects installs from unexpected build steps in transitive packages.\n\nTo allow packages that need build scripts:\n\n```sh\naube approve-builds\n```\n\nYou can inspect packages whose scripts were skipped:\n\n```sh\naube ignored-builds\n```\n\nFor approved packages, `jailBuilds: true` runs lifecycle scripts with a scrubbed env and temporary `HOME`. It defaults to `false` today and is planned to default to `true` in the next major version. Use package globs in `jailBuildPermissions` or `jailBuildExclusions` for packages that need specific env vars, paths, network, or a full opt-out.\n\n## Package Layout\n\naube uses an isolated `node_modules` layout. Packages are linked through `node_modules\u002F.aube\u002F`, and package files are stored once in `$XDG_DATA_HOME\u002Faube\u002Fstore\u002F` (defaulting to `~\u002F.local\u002Fshare\u002Faube\u002Fstore\u002F`).\n\nThat means:\n\n- several projects with similar dependencies share package files and use less disk space;\n- dependencies stay isolated, so phantom dependencies are harder to rely on accidentally;\n- repeated installs can reuse package files already on disk.\n\n## Commands You May Recognize\n\naube supports the common package-manager surface:\n\n```sh\naube list\naube why react\naube outdated\naube audit\naube pack\naube publish\naube link\naube unlink\naube config get registry\naube store path\naube store prune\n```\n\nSome pnpm commands are intentionally out of scope. Runtime-management commands such as `env`, `runtime`, `setup`, and `self-update` belong in tools like mise. Registry account helpers such as `whoami`, `token`, `owner`, `search`, `pkg`, and `set-script` are compatibility stubs that point you to the npm command instead.\n\n## Learn More\n\n- [Documentation](https:\u002F\u002Faube.en.dev)\n- [Benchmarks](https:\u002F\u002Faube.en.dev\u002Fbenchmarks)\n- [Lockfile compatibility](https:\u002F\u002Faube.en.dev\u002Fpackage-manager\u002Flockfiles)\n- [Run scripts and binaries](https:\u002F\u002Faube.en.dev\u002Fpackage-manager\u002Fscripts)\n\n## CI\n\n\u003Cp>\n \u003Ca href=\"https:\u002F\u002Fnamespace.so\">\n \u003Cimg src=\"assets\u002Fnamespace-logo.svg\" alt=\"Namespace\" width=\"64\">\n \u003C\u002Fa>\n\u003C\u002Fp>\n\nThanks to [Namespace](https:\u002F\u002Fnamespace.so) for providing CI for aube.\n\n## Star History\n\n\u003Ca href=\"https:\u002F\u002Fwww.star-history.com\u002F?repos=endevco%2Faube&type=date&legend=top-left\">\n \u003Cpicture>\n \u003Csource media=\"(prefers-color-scheme: dark)\" srcset=\"https:\u002F\u002Fapi.star-history.com\u002Fchart?repos=endevco\u002Faube&type=date&theme=dark&legend=top-left\" \u002F>\n \u003Csource media=\"(prefers-color-scheme: light)\" srcset=\"https:\u002F\u002Fapi.star-history.com\u002Fchart?repos=endevco\u002Faube&type=date&legend=top-left\" \u002F>\n \u003Cimg alt=\"Star History Chart\" src=\"https:\u002F\u002Fapi.star-history.com\u002Fchart?repos=endevco\u002Faube&type=date&legend=top-left\" \u002F>\n \u003C\u002Fpicture>\n\u003C\u002Fa>\n\n## Contributors\n\n[![Contributors](https:\u002F\u002Fcontrib.rocks\u002Fimage?repo=endevco\u002Faube)](https:\u002F\u002Fgithub.com\u002Fendevco\u002Faube\u002Fgraphs\u002Fcontributors)\n\n\u003Cp>\n \u003Ca href=\"https:\u002F\u002Fen.dev\">\n \u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Fendevco.png?size=96\" alt=\"en.dev\" width=\"42\" height=\"42\" align=\"left\">\n \u003C\u002Fa>\n Built by \u003Ca href=\"https:\u002F\u002Fen.dev\">en.dev\u003C\u002Fa>.\n\u003C\u002Fp>\n\n\u003Cbr clear=\"left\">\n\n## License\n\nMIT\n","aube 是一个快速的 Node.js 包管理器,旨在无缝集成到现有项目中。它采用 Rust 语言编写,具有显著的性能优势,如安装速度比 pnpm 快约6倍,比 Bun 快约3倍。aube 支持多种锁定文件格式(包括 pnpm-lock.yaml、package-lock.json 等),并能有效减少磁盘使用量,通过全局内容寻址存储让多个项目共享相同的包文件。此外,它还提供了安全默认设置,阻止了不寻常的传递依赖,并对生命周期脚本进行了审批控制。适用于需要高效管理和加速 Node.js 项目的场景,尤其是在大规模或复杂依赖关系的项目中表现尤为突出。",2,"2026-06-06 02:39:52","CREATED_QUERY"]