The CLI Series: NPM

The CLI Series:  NPM


Please take the information presented below with a pinch of salt. As we know , technology is ever developing and expanding and as such concepts and commands and understandings may radically change or become deprecated. 

All information contained herein is subject to interpretation and cross verification and should not be taken as fact or best practice

NOTE: This guide is meant for the windows environment , but its concepts and tools should easily transfer to the mac and linux environments as well.

NodeJs and NPM pre-requisites

  • An IDE capable of interpreting , compiling and executing nodejs code and npm commands 

    • I use VSCODE as my main editor when working with anything javascript related

  • A stable version of nodejs installed 

    • At time of writing this , the version I have installed is v12.18.2

  • The appropriate authorities and permissions to execute various commands and scripts on your machine

  • A nodejs based project to test these scripts that can be easily reset / cloned without permanent damage

    • The project should also be able implement NPM for package management

What is NPM ?

In order to make use of the rich ecosystem of packages and libraries available in the nodejs open-source community , we need to be able to install them and manage them in a meaningful way , this is where NPM ( node package manager ) comes in handy.

Put simply , it is a command line interface which allows us to install , update and manage packages in a NodeJS application. 

How do I check if NPM is already installed ?

This parts easy , all you need to do is navigate to your node js project and type in the following command in the terminal

npm -v

How do I install NPM on my windows machine ?

That parts also easy , if not already installed , you can navigate to a terminal and install the latest version of NPM as follows

npm install --global --production npm-windows-upgrade npm-windows-upgrade --npm-version latest

Basic commands

Checking all the packages we have installed globally 

You can go ahead and fire up your favourite terminal and run the following command:

npm list 

Checking for outdated packages

This is really useful as sometimes we forget to update our dependencies and this can open us up to security risks. The command to run is:

npm outdated

Searching for packages

I'm going to do a simple search across the package registry for a package I use all the time , the command to run is:

npm search prettier

Viewing a package 

You can also view information about a package quiet easily from the command line , I want to check the typescript package on my angular app , the command I run is 

npm view typescript

Checking the directories path

This command will resolve to the closest parent directory to contain a package.json file or node_modules directory. Usually the root of your project.

npm prefix

Clean installing node_modules

Other than the typical npm i , there's another command we can run which does a bunch of useful things , unlike npm install , npm ci will remove our existing modules and re-install the exact versions from our package.json. This command won't update our package. json

npm ci

Managing the cache

When npm installs a package, it keeps a copy, so the next time you want to install that package, it doesn’t need to hit the network. There are various commands you can use to manage your cache

Adding a package to the cache

In order to add a package to the cache you can execute this command , I want to add prettier to my cache

npm cache add prettier

Verifying the contents of cache

In order to verify the contents of the cache folder, garbage collecting any unneeded data, and verifies the integrity of the cache index and all cached data. You can run the following command.

npm cache verify

Auditing your packages

 There are quite a few useful commands in npm that allows developers to scan the dependencies for known security vulnerabilities.

Performing an audit

In order to list packages that might have potential vulnerabilities or dependencies which are not managed properly we can run the following command:

npm audit

Fixing audit vulnerabilities

NPM allows us to quickly fix certain vulnerabilities by running the following command:

NOTE: this can introduce breaking changes so exercise some caution when running this command , especially if you opt for the --force flag

npm audit fix

Advanced package management

Listing package dependencies at level 1

In order to list parent dependencies , you can use the following command

npm list --depth 0 or npm list -g --depth 0 ( for globally installed packages)

Removing unused packages

Sometimes our modules can get cluttered , luckily there's an easy command to remove unused packages that may arise when we constantly add and remove modules.

npm prune

Resolving duplicate dependencies in the dependency tree

This sounds pretty complicated but what it does is go through the dependency tree and identify packages that depend on common dependencies and then simplifies the entire structure where they can be more effectively shared by multiple dependent packages.

Taken from the CLI documentation

The command to run to do this is:

npm dedupe

The deduplication algorithm walks the tree, moving each dependency as far up in the tree as possible, even if duplicates are not found. This will result in both a flat and deduplicated tree.

If a suitable version exists at the target location in the tree already, then it will be left untouched, but the other duplicates will be deleted. Arguments are ignored. Dedupe always acts on the entire tree.

Note that this operation transforms the dependency tree, but will never result in new modules being installed.