npm
What is npm?
- node package manager
- largest ecosystem of open source libraries
- makes it easy to share, reuse and update code
- helps us build complex things with simple parts
- not just for backend modules any more
Three parts of npm
- npm the company
- take open source to new places
- reduce friction
- npm the registry (free)
- npm the command line tool
- open source
- ships with Node.js
Module
Anything that can be loaded with require(...) in a Node.js program
Package
- directory
- package.json file
- something of value (like a module)
- gzip of (1)
- URL that resolves to (2)
- GIT URL that when cloned results in (1)
package.json
A text file in json format that describes your "package" and it's dependencies.
package.json
- Required properties
- name
- version
- Others properties
- description
- keywords
- homepage
- author, contributor
- dependencies & devDependencies
- main, bugs, license, scripts...
npm registry
- A website that implements the CommonJS Package Registry specification for reading package info
- Powered by CouchDB
- https://www.npmjs.com/
- Internal registry
- http://icsnpm.ldschurch.org/
npm registry
- Search - full text
- Filtering - human
- stars
- version (if they follow semver)
- downloads (relative)
- number of releases
- time since last release (abandoned)?
- badges
- author
- does it have a readme.md and docs?
- does it solve your problem?
- does it solve too many problems?
- is the license acceptable
- how many open issues? (relative)
- how many dependencies (relative to complexity)
- ...
npm init
npm i <pgk>
code & test
npm shrinkwrap
git clone
npm install
Publish
Deploy
?
npm init
npm i <pgk>
code & test
npm shrinkwrap
git clone
npm install
Publish
Deploy
?
Ramp Up
New blank project
Existing project
npm init
npm i <pgk>
code & test
npm shrinkwrap
git clone
npm install
Publish
Deploy
?
Develop
npm init
npm i <pgk>
code & test
npm shrinkwrap
git clone
npm install
Publish
Deploy
?
Publish/Deploy
npm init
npm i <pgk>
code & test
npm shrinkwrap
git clone
npm install
Publish
Deploy
?
Ramp Up - Blank Project
$ npm init --yes
Wrote to my-project/package.json:
{
"name": "my-project",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [],
"author": "Bruce Campbell <bruce@ldschurch.org>",
"license": "ISC"
}
$ ls
package.json
$npm init
npm i <pgk>
code & test
npm shrinkwrap
git clone
npm install
Publish
Deploy
?
Ramp Up - Existing Project or Generated Project
Use npm install to download project dependencies from the registry
- reads package.json for dependencies
- use the dependencies section for modules your app needs to run
- use the devDependencies for modules your app needs to build
- downloads dependencies and puts them in the ./node_modules folder within your project
npm init
npm i <pgk>
code & test
npm shrinkwrap
git clone
npm install
Publish
Deploy
?
Develop
- npm install <package>
- npm uninstall <package>
- Flags
- --save
- --save-dev
- --global
Demo
- my-app project
- previously we used npm install without a package name to read dependencies from package.json and install them.
- Now we want to add jQuery to the list of dependencies and install it.
- So we add jQuery and --save... npm i --save jQuery
- i is short for install
- see package.json and ./node_modules for jQuery
- off we go to write some code using jQuery
- But then the dev lead on your project points out that all the jQuery functionality you need is built into Javascript now.
- npm uninstall jQuery
- see ./node_modules
- see package.json - why is jQuery still there?
- npm uninstall --S jQuery (-S is short for --save) - now it's gond
- more...
- npm uninstall jQuery
Demo
- While we're talking about the install command I should probably talk about "global" installs even though it doesn't fit perfectly into this part of the cycle
- the --global, or -g for short installs a package "globally", or outside your project
- on a mac that's /usr/local/lib/node_modules
- on windows that's ... don't know,
- use npm ls -g --depth 0 to find it
- the docs say beside the node.exe binary
- "ls" or list tells you what packages are installed
- --depth 0 limits how deep into the dependency tree it will report. Zero lists just the direct dependencies.
- -g of course is for globally installed modules.
- use npm ls -g --depth 0 to find it
- there is a trend that less and less packages require that they be installed globally.
- more...
Demo
- While we are already on a tangent, we might as well talk about executable packages.
- Some packages can a CLI component to them.
- So instead of "require()"-ing it in to your code you use it as a tool and run it from the command line.
- Show npm list -g --depth 0
- notice n and yo... they are both command line tools
- they were installed onto my laptop as node packages using npm
- tools that need to be available from any directory on the system should be installed "globally"
tools that need only be available in the project directory can be installed "locally" and they can still be executed on the command line
npm init
npm i <pgk>
code & test
npm shrinkwrap
git clone
npm install
Publish
Deploy
?
Publish/Deploy
semver
- Bullet One
- Bullet Two
- Bullet Three
npm shrinkwrap
- Locks down the versions of a package's dependencies so that you can control exactly which versions of each dependency will be used when you install/deploy
- You could lock down dependencies by specifying exact versions in package.json
- npm shrinkwrap is preferred
npm shrinkwrap
Text
npm init
npm i <pgk>
code & test
npm shrinkwrap
git clone
npm install
Publish
Deploy
?
Publish/Deploy
Copy of npm
By Matthew Poulson
Copy of npm
- 532
