search

Npm (Node package manager)

hashtag
Introduction

  • NPM – or "Node Package Manager" – is the default package manager for JavaScript's runtime Node.js.

hashtag
Package.json

  • package.json will be generated when npm init is run to initialise a JavaScript/Node.js project, with these basic metadata provided by developers:

    • name: the name of your JavaScript library/project

    • version: the version of your project. Often times, for application development, this field is often neglected as there's no apparent need for versioning opensource libraies. But still, it can come handy as a source of the deployment's version.

    • description: the project's description

    • license: the project's license

hashtag
Dependency vs devDependencies

  "dependencies": {
    "@actions/core": "^1.2.3",
    "@actions/github": "^2.1.1"
  },
  "devDependencies": {
    "@types/jest": "^25.1.4",
    "@types/node": "^13.9.0",
    "@typescript-eslint/parser": "^2.22.0",
    "@zeit/ncc": "^0.21.1",
    "eslint": "^6.8.0",
    "eslint-plugin-github": "^3.4.1",
    "eslint-plugin-jest": "^23.8.2",
    "jest": "^25.1.0",
    "jest-circus": "^25.1.0",
    "js-yaml": "^3.13.1",
    "prettier": "^1.19.1",
    "ts-jest": "^25.2.1",
    "typescript": "^3.8.3"
  }
}

  • Dependencies: The Building Blocks of Your Project

  • DevDependencies: Essential for Development, Not for Production

  • To add a devDependency to your project, you use the npm install command with the -D or --save-dev flag. Here's how you might add a linter like ESLint to your devDependencies:

hashtag
Package-lock.json

  • If package.json is a generic descriptive label, package-lock.json is an ingredient table

  • This file describes the exact versions of the dependencies used in an npm js project

  • package-lock.json is usually generated by the npm install command, and is also read by our NPM CLI tool to ensure reproduction of build environments for the project with npm ci.

hashtag
Commands

hashtag
npm install

  • By default, npm install <package-name> will install the latest version of a package with the ^ version sign. An npm install within the context of an npm project will download packages into the project's node_modules folder according to package.json specifications, upgrading the package version (and in turn regenerating package-lock.json) wherever it can based on ^ and ~ version matching.

  • When installing package, the package dependency library, e.g: typescript, will also be installed

hashtag
npm ci

  • npm ci consumes this file to download the exact version of each individual package that the project depends on. package-lock.json

  • Unlike npm install, the version will not be updated

  • It is properly used in pipeline or production deployment

hashtag
Npx vs Npm

  • npm by itself doesn’t run any packages. If you want to run a package using npm, you must specify that package in your package.json file.

  • When executables are installed via npm packages, npm creates links to them:

    • local installs have links created at the ./node_modules/.bin/ directory

    • global installs have links created from the global bin/ directory on your own computer

  • npx is a package runner, can exectute the nodejs package without installing them globally or locally, so that it can make sure the package is the newest verision for every execution

hashtag
Yarn vs Npm

  • Yarn is generally faster than NPM, especially when installing large projects with many dependencies, and priorize the sequence of installation

  • Npm has a larger community

hashtag
Git library

  • The library can be install through git url, but make sure the version is based on tagging

hashtag
Publishing library

  • In order to publish your library into npm repo, you firstly need to login

  • Edit the .npmignore to make sure that only the production file is uploaded to npm repo

  • Edit the package.json to fill in the content, here is an example

  • Publish the library

  • Here is the result

PreviousTypeof & InstanceofNextSymbol

Last updated