The CLI Series: NPM
The CLI Series: NPM
Disclaimer
Please take the information presented below with a pinch of salt. As we know , technology is ever developing and expanding and as such concepts and commands and understandings may radically change or become deprecated.
All information contained herein is subject to interpretation and cross verification and should not be taken as fact or best practice
NOTE: This guide is meant for the windows environment , but its concepts and tools should easily transfer to the mac and linux environments as well.
NodeJs and NPM pre-requisites
An IDE capable of interpreting , compiling and executing nodejs code and npm commands
I use VSCODE as my main editor when working with anything javascript related
A stable version of nodejs installed
At time of writing this , the version I have installed is v12.18.2
The appropriate authorities and permissions to execute various commands and scripts on your machine
A nodejs based project to test these scripts that can be easily reset / cloned without permanent damage
The project should also be able implement NPM for package management
What is NPM ?
In order to make use of the rich ecosystem of packages and libraries available in the nodejs open-source community , we need to be able to install them and manage them in a meaningful way , this is where NPM ( node package manager ) comes in handy.
Put simply , it is a command line interface which allows us to install , update and manage packages in a NodeJS application.
How do I check if NPM is already installed ?
This parts easy , all you need to do is navigate to your node js project and type in the following command in the terminal
npm -v
How do I install NPM on my windows machine ?
That parts also easy , if not already installed , you can navigate to a terminal and install the latest version of NPM as follows
npm install --global --production npm-windows-upgrade npm-windows-upgrade --npm-version latest
Basic commands
Checking all the packages we have installed globally
You can go ahead and fire up your favourite terminal and run the following command:
npm list
Checking for outdated packages
This is really useful as sometimes we forget to update our dependencies and this can open us up to security risks. The command to run is:
npm outdated
Searching for packages
I'm going to do a simple search across the package registry for a package I use all the time , the command to run is:
npm search prettier
Viewing a package
You can also view information about a package quiet easily from the command line , I want to check the typescript package on my angular app , the command I run is
npm view typescript
Checking the directories path
This command will resolve to the closest parent directory to contain a package.json file or node_modules directory. Usually the root of your project.
npm prefix
Clean installing node_modules
Other than the typical npm i , there's another command we can run which does a bunch of useful things , unlike npm install , npm ci will remove our existing modules and re-install the exact versions from our package.json. This command won't update our package. json
npm ci
Managing the cache
When npm installs a package, it keeps a copy, so the next time you want to install that package, it doesn’t need to hit the network. There are various commands you can use to manage your cache
Adding a package to the cache
In order to add a package to the cache you can execute this command , I want to add prettier to my cache
npm cache add prettier
Verifying the contents of cache
In order to verify the contents of the cache folder, garbage collecting any unneeded data, and verifies the integrity of the cache index and all cached data. You can run the following command.
npm cache verify
Auditing your packages
There are quite a few useful commands in npm that allows developers to scan the dependencies for known security vulnerabilities.
Performing an audit
In order to list packages that might have potential vulnerabilities or dependencies which are not managed properly we can run the following command:
npm audit
Fixing audit vulnerabilities
NPM allows us to quickly fix certain vulnerabilities by running the following command:
NOTE: this can introduce breaking changes so exercise some caution when running this command , especially if you opt for the --force flag
npm audit fix
Advanced package management
Listing package dependencies at level 1
In order to list parent dependencies , you can use the following command
npm list --depth 0 or npm list -g --depth 0 ( for globally installed packages)
Removing unused packages
Sometimes our modules can get cluttered , luckily there's an easy command to remove unused packages that may arise when we constantly add and remove modules.
npm prune
Resolving duplicate dependencies in the dependency tree
This sounds pretty complicated but what it does is go through the dependency tree and identify packages that depend on common dependencies and then simplifies the entire structure where they can be more effectively shared by multiple dependent packages.
Taken from the CLI documentation
The command to run to do this is:
npm dedupe
The deduplication algorithm walks the tree, moving each dependency as far up in the tree as possible, even if duplicates are not found. This will result in both a flat and deduplicated tree.
If a suitable version exists at the target location in the tree already, then it will be left untouched, but the other duplicates will be deleted. Arguments are ignored. Dedupe always acts on the entire tree.
Note that this operation transforms the dependency tree, but will never result in new modules being installed.
Comments
Post a Comment