Categories
JavaScript Nodejs

How to Use NPM to Manage JavaScript Dependencies

Spread the love

NPM is the most popular package manager for Node.js. It is often used for installing and uninstalling packages. but can also be used for running custom scripts and performing other operations to packages.

The most common operations for developers are installation, clean up, removing duplicates, and running scripts.

npm install

npm install , or npm i for short, is used to install packages. If you don’t put a package name after install, it downloads all the packages listed in package.json if the dependencies aren’t installed yet or the version installed is outdated. If you put a package name after npm install, it will install the package with that name as long as it finds the package. During the installation process, npm will run npm run link and npm run build to compile the packages. You can install packages globally by running npm install -g packageName

npm audit

npm audit is used for running a security audit of the npm packages you installed. It will display the results of the audit in various formats. You can also fix any security vulnerabilities with npm audit fix. To do a dry run, you can do npm audit fix --dry-run .

Both the audit and fix can be displayed in JSON by including --json to the command, such as npm audit --json and npm audit fix --json.

Example output:

=== npm audit security report ===
# Run  npm update set-value --depth 12  to resolve 66 vulnerabilities
High            Prototype Pollution
Package         set-value
Dependency of   @angular-devkit/build-angular [dev]
Path            @angular-devkit/build-angular > sass > chokidar > anymatch >
                  micromatch > braces > snapdragon > base > cache-base >
                  set-value
More info       https://npmjs.com/advisories/1012
High            Prototype Pollution
Package         set-value
Dependency of   @angular-devkit/build-angular [dev]
Path            @angular-devkit/build-angular > webpack > watchpack >
                  chokidar > anymatch > micromatch > braces > snapdragon >
                  base > cache-base > set-value
More info       https://npmjs.com/advisories/1012
High            Prototype Pollution
Package         set-value
Dependency of   @angular-devkit/build-angular [dev]
Path            @angular-devkit/build-angular > webpack-dev-server >
                  chokidar > anymatch > micromatch > braces > snapdragon >
                  base > cache-base > set-value
More info       https://npmjs.com/advisories/1012
High            Prototype Pollution
Package         set-value
Dependency of   @angular/compiler-cli [dev]
Path            @angular/compiler-cli > chokidar > anymatch > micromatch >
                  braces > snapdragon > base > cache-base > set-value
More info       https://npmjs.com/advisories/1012
...

npm bin

npm bin prints the folder where packages are installed.

Example output:

c:\math-calculator>npm bin  
c:\math-calculator\node\_modules\.bin

npm ci

npm ci is used to install all packages from scratch from package-lock.json. If there are any discrepancies between package.json and package-lock.json, it will fail. node_modules will be deleted and everything will be installed from scratch.

You can tab completion to npm by including npm completion in your ~/.bashrc or ~/.zshrc.

npm-config

npm-config is used for saving configuration key-value pairs to npmrc . To set a key-value pair in npmrc, we put:

npm config set key value

To get a value from the key, we run:

npm config get key

We can list all values by running:

npm config list

We can delete the key-value pair by running:

npm config delete key

and we can edit the key-value pair by running:

npm config edit

You can append — global to the above commands to change global config.

npm dedupe

npm dedupe will remove duplicate dependencies from your node_modules folder by moving the dependencies up the dependency tree, allowing common dependencies for multiple packages to reference one dependency.

npm doctor

npm doctor runs checks to make sure your environment has everything to manage Git packages. It checks if Node.js and Git can be run. It also checks if the primary npm registry or an alternative is accessible. node_modules is checked if it can be accessed and is writable, and it checks if the npm cache exists and there are no corrupt packages:

Example output of npm doctor:

npm notice PING https://registry.npmjs.org/
npm WARN verifyCachedFiles Content garbage-collected: 1328 (139761056 bytes)
npm WARN verifyCachedFiles Missing content: 5
npm WARN verifyCachedFiles Cache issues have been fixed
Check                               Value                             Recommendation
npm ping                            OK
npm -v                              v6.9.0                            Use npm v6.10.3
node -v                             v10.16.0                          Use node v10.16.2
npm config get registry             https://registry.npmjs.org/
which git                           C:\Program Files\Git\cmd\git.EXE
Perms check on cached files         ok
Perms check on global node_modules  ok
Perms check on local node_modules   ok
Verify cache contents               verified 8899 tarballs

npm explore

npm explore is used when you need to browse for an installed package. Once you’re in the package directory, you can run commands there.

npm help

npm help-search and npm help commands are used to find help with npm commands.

npm init

npm init is used for adding package.json to a project if it doesn’t already exist. npm init -y is used for skipping all the questions asked before creating the file.

npm outdated

npm outdated is used for checking for outdated packages.

Example output:

Package                            Current   Wanted   Latest  Location
@angular-devkit/build-angular      0.800.3  0.800.6  0.802.1  math-calculator
@angular/animations                  8.0.2    8.2.1    8.2.1  math-calculator
@angular/cdk                         8.0.1    8.1.2    8.1.2  math-calculator
@angular/cli                         8.0.3    8.0.6    8.2.1  math-calculator
@angular/common                      8.0.2    8.0.3    8.2.1  math-calculator
@angular/compiler                    8.0.2    8.0.3    8.2.1  math-calculator
@angular/compiler-cli                8.0.2    8.0.3    8.2.1  math-calculator
@angular/core                        8.0.2    8.0.3    8.2.1  math-calculator
@angular/forms                       8.0.2    8.0.3    8.2.1  math-calculator
@angular/language-service            8.0.2    8.0.3    8.2.1  math-calculator
@angular/material                    8.0.1    8.1.2    8.1.2  math-calculator
@angular/platform-browser            8.0.2    8.0.3    8.2.1  math-calculator
@angular/platform-browser-dynamic    8.0.2    8.0.3    8.2.1  math-calculator
@angular/router                      8.0.2    8.0.3    8.2.1  math-calculator
@ngrx/store                          8.0.1    8.2.0    8.2.0  math-calculator
@types/jasmine                      3.3.13   3.3.16    3.4.0  math-calculator
@types/node                          8.9.5    8.9.5   12.7.1  math-calculator
karma                                4.1.0    4.1.0    4.2.0  math-calculator
karma-chrome-launcher                2.2.0    2.2.0    3.0.0  math-calculator
karma-coverage-istanbul-reporter     2.0.5    2.0.6    2.1.0  math-calculator
mathjs                               6.0.2    6.0.4    6.0.4  math-calculator
rxjs                                 6.4.0    6.4.0    6.5.2  math-calculator
ts-node                              7.0.1    7.0.1    8.3.0  math-calculator
tslint                              5.15.0   5.15.0   5.18.0  math-calculator
typescript                           3.4.5    3.4.5    3.5.3  math-calculator
zone.js                              0.9.1    0.9.1   0.10.1  math-calculator

npm ls

npm ls lists installed packages in the current project. npm list and npm la are aliases of this command.

npm prune

npm prune removes unused packages. npm run --production is used to delete packages from the devDependencies section. The --dry-run option is used for checking which packages will be deleted before the actual run. The --json option can be used to display results in JSON. With package-lock enabled, pruning is automatic.

npm root

npm root displays the root folder for Node packages in the project.

npm run

npm run-script lets you run custom scripts that you write. npm run is an alias of this command.

npm start

npm start starts a package by running the command you define.

npm search

npm search is used to search for packages by name.

npm shrinkwrap

npm shrinkwrap creates npm-shrinkwrap.json by repurposing package-lock.json or creating from scratch. npm-shrinkwrap.json takes precedence over package-lock.json .

npm stop

npm stop stops a package by running stop command that you define.

npm test

npm test allows you to run tests with a script that you define.

npm uninstall

npm uninstall is used for uninstalling packages. You can add -g at the end to remove global packages.

npm update

npm updateupdates packages in the project. npm update packageName updates only the package with the name packageName . It will record the latest version to package-lock.json .

To upgrade npm to the latest version, run npm install -g npm.

Leave a Reply

Your email address will not be published. Required fields are marked *