Npm (Node package manager)

Introduction

  • NPM – or "Node Package Manager" – is the default package manager for JavaScript's runtime Node.js.

Package.json

  • package.json will be generated when npm init is run to initialise a JavaScript/Node.js project, with these basic metadata provided by developers:

    • name: the name of your JavaScript library/project

    • version: the version of your project. Often times, for application development, this field is often neglected as there's no apparent need for versioning opensource libraies. But still, it can come handy as a source of the deployment's version.

    • description: the project's description

    • license: the project's license

Dependency vs devDependencies

  "dependencies": {
    "@actions/core": "^1.2.3",
    "@actions/github": "^2.1.1"
  },
  "devDependencies": {
    "@types/jest": "^25.1.4",
    "@types/node": "^13.9.0",
    "@typescript-eslint/parser": "^2.22.0",
    "@zeit/ncc": "^0.21.1",
    "eslint": "^6.8.0",
    "eslint-plugin-github": "^3.4.1",
    "eslint-plugin-jest": "^23.8.2",
    "jest": "^25.1.0",
    "jest-circus": "^25.1.0",
    "js-yaml": "^3.13.1",
    "prettier": "^1.19.1",
    "ts-jest": "^25.2.1",
    "typescript": "^3.8.3"
  }
}

  • Dependencies: The Building Blocks of Your Project

  • DevDependencies: Essential for Development, Not for Production

  • To add a devDependency to your project, you use the npm install command with the -D or --save-dev flag. Here's how you might add a linter like ESLint to your devDependencies:

    npm install eslint --save-dev

Package-lock.json

  • If package.json is a generic descriptive label, package-lock.json is an ingredient table

  • This file describes the exact versions of the dependencies used in an npm js project

  • package-lock.json is usually generated by the npm install command, and is also read by our NPM CLI tool to ensure reproduction of build environments for the project with npm ci.

Commands

npm install

  • By default, npm install <package-name> will install the latest version of a package with the ^ version sign. An npm install within the context of an npm project will download packages into the project's node_modules folder according to package.json specifications, upgrading the package version (and in turn regenerating package-lock.json) wherever it can based on ^ and ~ version matching.

  • When installing package, the package dependency library, e.g: typescript, will also be installed

npm ci

  • npm ci consumes this file to download the exact version of each individual package that the project depends on. package-lock.json

  • Unlike npm install, the version will not be updated

  • It is properly used in pipeline or production deployment

Npx vs Npm

  • npm by itself doesn’t run any packages. If you want to run a package using npm, you must specify that package in your package.json file.

  • When executables are installed via npm packages, npm creates links to them:

    • local installs have links created at the ./node_modules/.bin/ directory

    • global installs have links created from the global bin/ directory on your own computer

  • npx is a package runner, can exectute the nodejs package without installing them globally or locally, so that it can make sure the package is the newest verision for every execution

Yarn vs Npm

  • Yarn is generally faster than NPM, especially when installing large projects with many dependencies, and priorize the sequence of installation

  • Npm has a larger community

Git library

  • The library can be install through git url, but make sure the version is based on tagging

"my-lib": "github:headshootcheng/node-lib-test#v0.0.1",

Publishing library

  • In order to publish your library into npm repo, you firstly need to login

npm login

  • Edit the .npmignore to make sure that only the production file is uploaded to npm repo

.npmignore
src/

  • Edit the package.json to fill in the content, here is an example

package.json
{
  "name": "node-lib-test",
  "version": "1.0.2",
  "description": "it is for testing purpose",
  "main": "dist/test.js",
  "types": "dist/test.d.ts",
  "scripts": {
    "build": "tsc"
  },
  "repository": {
    "type": "git",
    "url": "https://github.com/headshootcheng/node-lib-test"
  },
  "keywords": [
    "nodejs"
  ],
  "author": "Peter Cheng",
  "license": "ISC",
  "dependencies": {
    "typescript": "^5.5.4"
  }
}

  • Publish the library

npm publish

  • Here is the result

PreviousTypeof & InstanceofNextTypeScript

Last updated

Was this helpful?