Wednesday, July 25, 2018

Do Things Right with npm install

Lately I've been wrestling with npm. Here are some rules I've learned:

Use `npm ci` rather than `npm install`

`npm ci` will bring down exactly the dependencies specified in package-lock.json. `npm install` does more than that; it also tries to update some libraries to a more recent version. Sometimes it updates URLs or nonsense in package.json so that it my `git status` is dirty. Sometimes it does deduping. Sometimes it sticks the version you have lying around. I haven't figured it out. It seems to be pretty dependent on the current circumstances on my file system.

Now I only use `npm install` if I specifically want to change the dependencies in my filesystem.

Use `npm install --save-exact`

Especially for snapshots. Semver does not work for snapshots or branches or anything but releases. And npm only works with semver. If you are not using a release; if you publish with build tags or branch tags or anything like that; do not give npm any sort of flexibility. It will not work. Specify a precise version or else it will give you nasty surprises, like deciding some alphabetically-later branch is better than the master-branch version you specified.

Use `npm view` to check the status of a library

This is quite useful. Try `npm view <lib-name>` and it brings to your command line the info you can get from the npm website. You can ask it for specific fields. To get the latest version of chalk:

$ npm view chalk dist-tags.latest
2.4.1


If you want to do anything programmatic with this info, the "do things right" flag for `npm view` is `--json`.

Try `npm ls` but then dig around on the filesystem

Exploring the dependency tree, `npm ls` is really cool; it shows it to you. You can see where you're getting a specific library with `npm ls <lib-name>` except that it doesn't always work. In the end, I dig around in my node_modules directory, using `find -name <lib-name> .` to look for the real thing.

Other times I use my little node-dependency dungeon explorer game to see what version of stuff is where. 

These are just a few of the nasty surprises I've found moving from Java to TypeScript, from maven dependencies to npm. Dependency management is an unsolved problem, and the people working on npm have made huge improvements in the last few years. I look forward to more.

14 comments:

  1. Your blog so nice I appreciate you for the great job I want to share home decorating and designing website http://abbasmukeshinteriors.com/

    ReplyDelete
  2. The writes you are shared is really great, good information, keep sharing like this.
    web designing company in faridabad

    ReplyDelete

  3. Your selection of topic is very good and also well written. Thanks for sharing. I feel like all your ideas are incredible! Great job!!!
    Prestige Lake Ridge
    Rohan Iksha
    Sobha HRC Pristine
    Sobha Palm Court
    Goyal Orchid Whitefield

    ReplyDelete
  4. I'm eager to reveal this page. I have to thank you for ones time for this especially incredible read!! I unquestionably truly preferred all aspects of it and I additionally have you spared to fav to take a gander at new data in your site.
    Apple mac ipad

    ReplyDelete
  5. This blog is really great. The information here will surely be of some help to me. Thanks!.
    outdoor kitchen design ideas

    ReplyDelete
  6. I really appreciate you for your blog but i want to share one of the best website for grow your muscles and your weight we are offering you genuine steroids online http://roidsmania.com/

    ReplyDelete
  7. If more people that write articles really concerned themselves with writing great content like you, more readers would be interested in their writings. Thank you for caring about your content.
    professional web design services

    ReplyDelete
  8. Hello,

    Thanks for sharing informative article with us.. nice post...
    Advertising Agency in Hyderabad

    ReplyDelete
  9. New site is solid. A debt of gratitude is in order for the colossal exertion.

    ReplyDelete