NPM is the most popular package manager for Node.js and the Node.js Module repository. While a lot of Yarn buzz is going on, most of the people who develop Node.js do not know the true potential of NPM client but some basic commands like init
, install
, uninstall
, update
. There are a lot of tasks that can be done with the help of NPM without using any other third party tools/packages.
NPM as a Build Tool
NPM is not only a package manager. It can be a build tool as well. You can run custom scripts such as uglify, minify, nsp and many other build tasks without any use of any other build tools such as Gulp or Grunt. This can be done using npm scripts. In the following example, I use it to concurrently start two npm scripts using the module ‘concurrently’.
"scripts": {
"websockServer": "concurrently ./webserver.js ./core/filewatcher.js"
}
This script can be invoked by running:
npm run-script websockServer
Similar to above, you can add any command which you have installed globally using npm scripts including eslint, uglifyjs, minify, nsp etc.
Installing fixed versions of npm packages
When you install a package using npm
, you might have seen these ~
and ^
symbols in front of package versions in package.json
file. These symbols indicate that the package will be upgraded to its latest minor/major version during npm install if there’s a newer version available.
This might cause problems when you develop your application locally and deploy it to another server somewhere. Later, when you deploy the application in a different server, a new version of the same package might be available which have a slight chance of breaking your code. To ensure the version won’t change in different npm installs, you need to make sure that the exact package version is installed. To make sure this, you can add the following two lines in ~/.npmrc
file in your home directory. If the file is not there, you can create it.
save=true
save-exact=true
When using save=true
, npm install
will automatically add the package into package.json
without the need of using npm install --save
every time you run the command. save-exact=true
will make sure that no sliding versions (with ~
or ^
) will not be installed.
NPM Shrinkwrap
For NodeJS v8.x.x/NPM v5.x.x and above, you will not need to use npm shrinkwrap anymore as NPM by default provides this support using
package-lock.json
. For older versions, you can use this.
Even though you use fixed versions in your package.json
you cannot guarantee that the other npm module publishers do so in their package.json files. This could cause problems when you deploy your applications in a different environment. To resolve this problem, you can use npm shrinkwrap
command. It goes through the installed node_modules
dependency tree in your NodeJS project and creates a npm-shrinkwrap.json
including the versions of all the dependencies and the dependencies of dependencies. When you deploy the application in another environment, npm install
will use this npm-shrinkwrap.json
file instead of package.json
in order to restore the exact versions of the dependencies as in your local project.
Check for Outdated Packages in your project
You can check for outdated packages in your project easily by running npm outdated
command. Running the command will result in an output similar to this which you can use to know the latest versions available of your packages.
Finding high-quality NPM packages
Growth of the number of NPM modules (source:http://www.modulecounts.com/)
Finding a good npm package is a nightmare. With hundreds of thousands of packages in npm where there is more than one module serving the same purpose, it is really difficult to find packages with fewer issues, adequate unit testing coverage, and proper maintenance. Using the wrong module will cause irreversible failures at the time you understand it just does not work with your app anymore and you can’t get rid of it easily since the most of your code depends on it.
State of the art approach of finding a good module is going through the module’s GitHub repository, looking at open issues, how often new releases are published and how often new features are added.
I recently used a service called npms.io which does the above for me.
It will analyze the quality of the node modules in the npm repository and will rate the module based on the above criteria which are very helpful to find a properly maintained node module for your purpose.
On December 2016, NPM announced that they have integrated npms.io’s search functionality into NPM itself to make NPM search better. Check out the following link:
There are more cool things that NPM can do. You can browse the documentation for more.