Back to Details

aube-package-manager

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Aube Package Manager

Aube包管理器

Skill by ara.so — Daily 2026 Skills collection.
Aube is a fast Node.js package manager written in Rust. It drops into existing projects by reading and writing existing lockfiles (
pnpm-lock.yaml
, 
package-lock.json
, 
yarn.lock
, 
bun.lock
), uses a global content-addressable store to reduce disk usage, and delivers dramatically faster installs than pnpm or Bun — especially on warm CI.
ara.so提供的技能 — 2026每日技能合集。
Aube是一款用Rust编写的快速Node.js包管理器。它可以直接接入现有项目,读取并写入现有锁文件(
pnpm-lock.yaml
package-lock.json
yarn.lock
bun.lock
),使用全局内容寻址存储来减少磁盘占用,并且安装速度远快于pnpm或Bun——尤其是在缓存已预热的CI环境中。

Installation

安装

Via mise (recommended)

通过mise(推荐方式)

sh
undefined
sh
undefined

Install globally

全局安装

mise use -g aube
mise use -g aube

Pin to a project

固定到项目中

mise use aube
mise use aube

Verify

验证版本

aube --version
undefined
aube --version
undefined

Via npm

通过npm

sh
npm install -g @endevco/aube
sh
npm install -g @endevco/aube

Via Homebrew (beta tap)

通过Homebrew(测试源)

sh
brew install endevco/tap/aube
sh
brew install endevco/tap/aube

Core Concepts

核心概念

  • Lockfile compatibility: Reads and writes existing lockfiles in place — no forced migration.
  • Global store: Package files live in 
    ~/.local/share/aube/store/
    (XDG) and are shared across projects.
  • Isolated layout: Packages link through 
    node_modules/.aube/
    — phantom dependencies are blocked.
  • Secure defaults: New package releases wait a minimum age; lifecycle scripts require explicit approval.
  • 锁文件兼容性:读取并原地写入现有锁文件——无需强制迁移。
  • 全局存储:包文件存储在
    ~/.local/share/aube/store/
    (XDG标准路径),可在多个项目间共享。
  • 隔离式布局:包通过
    node_modules/.aube/
    链接——杜绝幽灵依赖。
  • 安全默认配置:新包版本需等待最短发布时长;生命周期脚本需要显式授权才能运行。

Key Commands

核心命令

Install & Dependency Management

安装与依赖管理

sh
aube install                    # Install all dependencies
aube install -r                 # Install across all workspace packages
aube install --prod             # Production dependencies only
aube install --lockfile-only    # Update lockfile without touching node_modules

aube add react                  # Add a runtime dependency
aube add -D vitest              # Add a dev dependency
aube add zod --filter @acme/api # Add to a specific workspace package
aube remove react               # Remove a dependency
aube update                     # Update deps within package.json ranges
sh
aube install                    # 安装所有依赖
aube install -r                 # 安装工作区所有包的依赖
aube install --prod             # 仅安装生产依赖
aube install --lockfile-only    # 更新锁文件但不修改node_modules

aube add react                  # 添加运行时依赖
aube add -D vitest              # 添加开发依赖
aube add zod --filter @acme/api # 为指定工作区包添加依赖
aube remove react               # 删除依赖
aube update                     # 在package.json版本范围内更新依赖

CI

CI环境

sh
aube ci    # Clean install: removes node_modules, verifies lockfile is fresh, installs
Use 
aube ci
in CI pipelines where the lockfile must be the source of truth.
sh
aube ci    # 纯净安装:删除node_modules,验证锁文件有效性,执行安装
在锁文件作为可信来源的CI流水线中使用
aube ci

Running Scripts and Binaries

运行脚本与二进制文件

sh
aube run build          # Run a package.json script
aube run test           # Run test script (auto-installs if deps are stale)
aube test               # Shortcut: same as `aube run test`
aube dev                # Any script name works directly as a subcommand
aube build
aube lint

aube exec vitest        # Run a local binary from node_modules/.bin
aube dlx cowsay hi      # Run a package in a throwaway environment (like npx)
sh
aube run build          # 运行package.json中的脚本
aube run test           # 运行测试脚本(若依赖过期则自动安装)
aube test               # 快捷命令:等同于`aube run test`
aube dev                # 任何脚本名称均可直接作为子命令使用
aube build
aube lint

aube exec vitest        # 运行node_modules/.bin中的本地二进制文件
aube dlx cowsay hi      # 在临时环境中运行包(类似npx)

Multicall Shims

多调用垫片

sh
aubr build        # Equivalent to: aube run build
aubx cowsay hi    # Equivalent to: aube dlx cowsay hi
sh
aubr build        # 等同于:aube run build
aubx cowsay hi    # 等同于:aube dlx cowsay hi

Inspection & Maintenance

检查与维护

sh
aube list                   # List installed packages
aube why react              # Explain why a package is installed
aube outdated               # Show outdated dependencies
aube audit                  # Security audit
aube store path             # Show global store location
aube store prune            # Remove unused packages from global store
aube config get registry    # Read config values
sh
aube list                   # 列出已安装的包
aube why react              # 解释某个包被安装的原因
aube outdated               # 显示过期依赖
aube audit                  # 安全审计
aube store path             # 显示全局存储路径
aube store prune            # 从全局存储中删除未被使用的包
aube config get registry    # 读取配置值

Publishing

发布

sh
aube pack       # Pack a package tarball
aube publish    # Publish to registry
aube link       # Link a local package
aube unlink     # Unlink a local package
sh
aube pack       # 打包成包压缩包
aube publish    # 发布到仓库
aube link       # 链接本地包
aube unlink     # 取消链接本地包

Lockfile Compatibility

锁文件兼容性

FileReadsWrites in place
aube-lock.yaml
pnpm-lock.yaml
v9
package-lock.json
v2/v3
npm-shrinkwrap.json
yarn.lock
(v1 classic + v2+ berry)
bun.lock
Not supported:
  • pnpm v5/v6 lockfiles (upgrade with pnpm first)
  • Yarn PnP projects (switch to 
    node_modules
    linker first)
文件读取原地写入
aube-lock.yaml
pnpm-lock.yaml
v9
package-lock.json
v2/v3
npm-shrinkwrap.json
yarn.lock
(v1经典版 + v2+ berry版)
bun.lock
不支持:
  • pnpm v5/v6锁文件(需先用pnpm升级)
  • Yarn PnP项目(需先切换到
    node_modules
    链接器)

Workspaces

工作区

sh
undefined
sh
undefined

Install across all workspace packages

安装工作区所有包的依赖

aube install -r
aube install -r

Run a script in all workspace packages

在工作区所有包中运行脚本

aube run test -r
aube run test -r

Add a dependency to a specific package

为指定包添加依赖

aube add zod --filter @acme/api aube add -D typescript --filter @acme/shared

Workspace config files:
- `pnpm-workspace.yaml` — read and written if present
- `aube-workspace.yaml` — used for aube-first projects

Example `aube-workspace.yaml`:

```yaml
packages:
  - "packages/*"
  - "apps/*"
aube add zod --filter @acme/api aube add -D typescript --filter @acme/shared

工作区配置文件:
- `pnpm-workspace.yaml` — 若存在则读取并写入
- `aube-workspace.yaml` — 用于优先使用aube的项目

`aube-workspace.yaml`示例:

```yaml
packages:
  - "packages/*"
  - "apps/*"

Dependency Lifecycle Scripts

依赖生命周期脚本

Aube skips lifecycle scripts by default for security.
sh
undefined
出于安全考虑,Aube默认跳过生命周期脚本。
sh
undefined

See which packages had scripts skipped

查看哪些包的脚本被跳过

aube ignored-builds
aube ignored-builds

Approve specific packages to run their build scripts

授权特定包运行其构建脚本

aube approve-builds

After approval, the allowed packages are recorded in your project config so teammates get the same behavior.
aube approve-builds

授权后,允许的包会被记录到项目配置中,确保团队成员拥有相同的行为。

Configuration

配置

Aube reads config from 
package.json
under 
"aube"
key or from 
.auberc
/ 
aube.config.yaml
.
json
{
  "name": "my-app",
  "aube": {
    "registry": "https://registry.npmjs.org/",
    "store-dir": "/custom/store/path"
  }
}
sh
undefined
Aube从
package.json
"aube"
字段或
.auberc
/ 
aube.config.yaml
读取配置。
json
{
  "name": "my-app",
  "aube": {
    "registry": "https://registry.npmjs.org/",
    "store-dir": "/custom/store/path"
  }
}
sh
undefined

Read a config value

读取配置值

aube config get registry
aube config get registry

Set a config value

设置配置值

aube config set registry https://my-private-registry.example.com
undefined
aube config set registry https://my-private-registry.example.com
undefined

CI/CD Patterns

CI/CD模式

GitHub Actions

GitHub Actions

yaml
name: CI
on: [push, pull_request]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install mise
        uses: jdx/mise-action@v2

      - name: Install aube
        run: mise use -g aube

      - name: Cache aube store
        uses: actions/cache@v4
        with:
          path: ~/.local/share/aube/store
          key: aube-store-${{ hashFiles('**/pnpm-lock.yaml', '**/aube-lock.yaml') }}
          restore-keys: |
            aube-store-

      - name: Install dependencies
        run: aube ci

      - name: Run tests
        run: aube test
yaml
name: CI
on: [push, pull_request]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install mise
        uses: jdx/mise-action@v2

      - name: Install aube
        run: mise use -g aube

      - name: Cache aube store
        uses: actions/cache@v4
        with:
          path: ~/.local/share/aube/store
          key: aube-store-${{ hashFiles('**/pnpm-lock.yaml', '**/aube-lock.yaml') }}
          restore-keys: |
            aube-store-

      - name: Install dependencies
        run: aube ci

      - name: Run tests
        run: aube test

Docker

Docker

dockerfile
FROM node:22-slim
dockerfile
FROM node:22-slim

Install aube via npm

通过npm安装aube

RUN npm install -g @endevco/aube
WORKDIR /app
RUN npm install -g @endevco/aube
WORKDIR /app

Copy lockfile and package.json first for layer caching

先复制锁文件和package.json以利用分层缓存

COPY package.json pnpm-lock.yaml ./
COPY package.json pnpm-lock.yaml ./

Frozen install — fail if lockfile would change

冻结安装——若锁文件需更改则失败

RUN aube ci
COPY . .
RUN aube run build
CMD ["node", "dist/index.js"]
undefined
RUN aube ci
COPY . .
RUN aube run build
CMD ["node", "dist/index.js"]
undefined

Lockfile-only update (for Docker layer caching)

仅更新锁文件(用于Docker分层缓存)

sh
undefined
sh
undefined

Only update the lockfile, don't install into node_modules

仅更新锁文件,不安装到node_modules

aube install --lockfile-only
undefined
aube install --lockfile-only
undefined

Migrating from pnpm

从pnpm迁移

sh
undefined
sh
undefined

1. Install aube

1. 安装aube

mise use -g aube
mise use -g aube

2. Run in your existing project — aube reads pnpm-lock.yaml

2. 在现有项目中运行——aube会读取pnpm-lock.yaml

cd my-project aube install
cd my-project aube install

3. Approve any build scripts that pnpm was running

3. 授权pnpm之前运行的所有构建脚本

aube approve-builds
aube approve-builds

4. Replace pnpm scripts in package.json (optional)

4. 替换package.json中的pnpm脚本(可选)

Before: "scripts": { "postinstall": "pnpm run build:native" }

替换前:"scripts": { "postinstall": "pnpm run build:native" }

After: keep as-is, aube runs package.json scripts the same way

替换后:保持原样,aube以相同方式运行package.json脚本

undefined
undefined

Migrating from npm/yarn

从npm/yarn迁移

sh
undefined
sh
undefined

npm — aube reads package-lock.json

npm — aube读取package-lock.json

cd my-npm-project aube install
cd my-npm-project aube install

yarn classic — aube reads yarn.lock

yarn经典版 — aube读取yarn.lock

cd my-yarn-project aube install
cd my-yarn-project aube install

Bun — aube reads bun.lock

Bun — aube读取bun.lock

cd my-bun-project aube install
undefined
cd my-bun-project aube install
undefined

Common Patterns

常见模式

Monorepo with filtered commands

带过滤命令的单体仓库

sh
undefined
sh
undefined

Build only the API package

仅构建API包

aube run build --filter @acme/api
aube run build --filter @acme/api

Run tests in all packages that changed

在所有有变更的包中运行测试

aube run test --filter '...[origin/main]'
aube run test --filter '...[origin/main]'

Install and run in one step (auto-install if stale)

一步完成安装与运行(若依赖过期则自动安装)

aube exec vitest --run
undefined
aube exec vitest --run
undefined

Global store management

全局存储管理

sh
undefined
sh
undefined

Find where the store lives

查看存储位置

aube store path
aube store path

→ ~/.local/share/aube/store

→ ~/.local/share/aube/store

Clean up packages no longer used by any project

清理所有项目不再使用的包

aube store prune
undefined
aube store prune
undefined

Checking why a package is installed

检查某个包被安装的原因

sh
aube why lodash
sh
aube why lodash

Shows the dependency chain that requires lodash

显示需要lodash的依赖链

undefined
undefined

Troubleshooting

故障排查

aube ci
fails with lockfile mismatch

aube ci
因锁文件不匹配失败

The lockfile is out of sync with 
package.json
. Fix locally:
sh
aube install          # updates lockfile
git add pnpm-lock.yaml
git commit -m "chore: update lockfile"
锁文件与
package.json
不同步。在本地修复:
sh
aube install          # 更新锁文件
git add pnpm-lock.yaml
git commit -m "chore: update lockfile"

Build scripts not running

构建脚本未运行

Aube skips lifecycle scripts by default. Check what was skipped:
sh
aube ignored-builds
aube approve-builds   # interactively approve packages
Aube默认跳过生命周期脚本。查看哪些脚本被跳过:
sh
aube ignored-builds
aube approve-builds   # 交互式授权包

Package phantom dependency errors

包幽灵依赖错误

Aube uses an isolated layout — packages can only import their declared dependencies. Fix by adding the missing dependency explicitly:
sh
aube add <missing-package>
Aube使用隔离式布局——包只能导入已声明的依赖。通过显式添加缺失的依赖修复:
sh
aube add <missing-package>

Slow first install / cold cache

首次安装慢/缓存未预热

The first install populates the global store. Subsequent installs (same or other projects with shared deps) will be significantly faster. Cache 
~/.local/share/aube/store
in CI for warm-cache performance.
首次安装会填充全局存储。后续安装(相同或有共享依赖的其他项目)将显著加快。在CI中缓存
~/.local/share/aube/store
以获得预热缓存的性能。

pnpm v5/v6 lockfile not supported

pnpm v5/v6锁文件不被支持

sh
undefined
sh
undefined

Upgrade lockfile with pnpm first

先用pnpm升级锁文件

pnpm install # regenerates as v9 format
pnpm install # 重新生成v9格式的锁文件

Then switch to aube

然后切换到aube

aube install
undefined
aube install
undefined

Yarn PnP projects

Yarn PnP项目

Aube writes 
node_modules
, not 
.pnp.cjs
. Switch the Yarn linker first:
sh
undefined
Aube写入
node_modules
,而非
.pnp.cjs
。先切换Yarn链接器:
sh
undefined

In .yarnrc.yml

在.yarnrc.yml中

nodeLinker: node-modules yarn install # regenerates yarn.lock for node-modules layout aube install # now aube can take over
undefined
nodeLinker: node-modules yarn install # 重新生成为node-modules布局的yarn.lock aube install # 现在aube可以接管
undefined

Links

链接