Tuesday, 25 September 2018

Introduction to Node Package Manager (npm)

What is npm?

  • package manager
  • task runner that can serve as a replacement for Gulp

How to install npm?


Upon installation user variable Path (in environment variables) gets a new entry:
C:\Users\user\AppData\Roaming\npm


How to see command line arguments?




How to check its version?




How to update npm?




To verify it:



Packages


See here a complete definition of the package.

Node applications usually use (or depend on) multiple packages. There are three types of packages and each of them is listed within the object with the same name in packages.json:

  • regular (dependencies) - used in development in production
  • development (devDependencies) - packages are used only during application development and testing; we don't want to include them in the production and make users of our app unnecessarily download and build them 
  • optional (optionalDependencies) - dependencies which are used optionally - if they are found; their absence does not make application to fail

Configuration


npm gets its config settings from:

  • command line
  • environment variables
  • npmrc files
  • package.json file (in some cases)

.npmrc 


Global (per machine) 

Location: C:\Users\user\AppData\Roaming\npm\etc\npmrc

To find its location use:

>npm config get globalconfig
C:\Users\user\AppData\Roaming\npm\etc\npmrc

User-specific

Location:  %USERPROFILE%\.npmrc

To find its location use:

>npm config get userconfig
C:\Users\user\.npmrc

Local (per project) 

Location: in project's root directory.

It defines where can npm look for and fetch packages - package registries by listing their URLs:

# use npmjs registry by default
registry=https://registry.npmjs.org/

# use xyz registry for packages in @xyz scope
@xyz:registry=https://xyz.com/npm

package.json


It lets npm know what the name of your package is as well as what dependencies it uses.

It is created and initialized via npm init command. This can be done retroactively - npm init can be executed for the already existing project...it will only add to it package.json file.

It is a manifest of your project that includes the packages and applications it depends on, information about its unique source control, and specific metadata like the project's name, description, and author. [source]

The biggest reason for using package.json to specify a project’s dependencies is portability. For example, when you clone someone else’s code, all you have to do is run npm i in the project root and npm will resolve and fetch all of the necessary packages for you to run the app. [source]

All modules from package.json are installed to ./node_modules/. [source] This is npm install's default behavior. [source]

npm opens and reads package.json from the current directory. If it can't find it, it issues an error like:


Working with package.json
package.json - Specifics of npm's package.json handling
What's the difference between tilde(~) and caret(^) in package.json?


Properties


scripts


If within the project we have some tool we want to call frequently e.g. after every code change we don't want to type it every time but want to automate the process by adding a command within scripts object. See Babel example.



-w instructs npm to watch for changes in the src folder. Every time you make a change to a file in src, this command is automatically executed.


package-lock.json

package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json. [package-lock.json - A manifestation of the manifest]

Is there a way to force npm to generate package-lock.json?
Shall package-lock.json be added to version control?


CLI commands

adduser
alias: login

>npm login
Username: bojan
Password:
Email: (this IS public) bojan@example.com

Logged in as bojan on https://registry.npmjs.org/.

If logging for the first time and if %USERPROFILE%/.npmrc does not already exist, it will be created with the content similar to this one:

//registry.npmjs.org/:_authToken=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx


cache
Used to add, list, or clean the npm cache folder.[npm-cache]
Try clearing the npm cache

cache clean

Cleans the npm cache.  Deletes all data out of the cache folder.

config
used to update and edit the contents of the user and global npmrc files.
Sub-commands:
config get


init
Creates package.json. It is used when creating/initializing a package (not when installing it).

install
Installs in the local node_modules folder all dependencies listed in package.json.

install --production
npm will not install modules listed in devDependencies. Same applies when --production is omitted but the NODE_ENV environment variable is set to production.

install -g npm
Updates npm package itself.

install --save-dev package1 package2...
Installs packages locally (in  project's devDependencies)


list
Lists all packages installed locally (for the current project) and also their dependencies.

list --depth=0
Lists all packages installed locally but without their dependencies.

Example:



list -g
Lists all packages installed globally and also full path to the installation directory.
On Windows, that directory is: C:\Users\user\AppData\Roaming\npm.

Example:



list -g --depth=0
Lists globally installed packages but not their dependencies.

Example:


login
see adduser

run script_name
run-script script_name
Runs an arbitrary command (script) from a package's scripts key (scripts object in package.json). Optional argument: command. If no command is provided, it will list the available scripts (all properties of "scripts" object). [npm-run-script]

search search_terms...
Searches the registry for packages matching the search terms. [npm-search]

start
(short for run start)
npm runs the start script which is a command defined under scripts key in packages.json. This command usually starts the application with special configuration options (all listed in packages.json).

uninstall
uninstalls a package, completely removing everything npm installed on its behalf.
-S, --save: Package will be removed from your dependencies.
-D, --save-dev: Package will be removed from your devDependencies.
-O, --save-optional: Package will be removed from your optionalDependencies.

If all packages are uninstalled package.json contains empty dependency list:

"dependencies": {}



uninstall -g package_name
uninstall --global package_name
Uninstalls globally installed package

update
Updates local packages to their latest versions allowed by the version specified with syntax (^ or ~) in package.json. Changes package.json and package-lock.json.

update -g 
Updates global packages.

view package_name
Shows data about a package. This can be used to check if some package actually exists as if package doesn't exist a message "404 Not found : package_name" is printed out. [npm-view]

    Packages


    Products (tools, apps) used to come with a single package which contained both the core functionality and CLI.  Nowadays products are moving away from coupling the CLI and library together. The CLI now usually lives in the xxx-cli package.

    Installing package locally vs globally


    Sometimes it is better to install a package locally (project by project) then globally. There are couple of reasons for this:
    • Different projects on the same machine can depend on different versions of the package allowing you to update them individually.
    • Not having an implicit dependency on the environment you are working in makes your project far more portable and easier to setup.

    Where to install development dependencies?


    Shall development dependencies (e.g. Rollup, Webpack, Browserify, Gulp...) be installed globally or locally? Looking at reasons listed in the previous paragraph it makes more sense to install them locally. Benefits:
    • if required, different versions of these tools can be used in different projects 
    • all required dependencies can be installed in one go with npm install. There is no need for extra steps for installing packages globally (which, in turn, might also require root or admin privileges opening potential security holes...)

    How to run locally installed packages?


    • use npx to run their binaries directly (usually for some quick demonstrations, not in the real-world projects)
    • add them to scripts section of package.json and call them via npm run
    • add them to gulpfile and then Gulp takes care of executing them

    How to find quickly the version of some package installed on the local machine?


    >npm list dtrace-provider
    my-app@0.1.0 C:\dev\my-app
    `-- web-ext@2.9.1
    `-- bunyan@1.8.12
    `-- dtrace-provider@0.8.7

    Use -g to look for package installed globally on the machine.

    Resources

    https://stackoverflow.com/questions/18412129/how-can-i-update-npm-on-windows
    https://www.npmjs.com/package/npm-windows-upgrade
    http://thecodebarbarian.com/3-neat-tricks-with-npm-run
    Common npm mistakes
    Post a Comment