Ben Halpern

Posted on Jun 8, 2018

What interesting things I can do with npm?

#npm #javascript #webdev #discuss

This thread made me think that I want to get a better grasp of what I can do through npm:

Who uses private NPM publishing?

Joshua Johnson ・ Jun 8 '18

#discuss

I knew about this feature and more or less know all the npm features, but I still feel a bit out of the loop about the ways people are using this tech/service. Care to fill me in on how you make use of the npm service and ecosystem?

Latest comments (36)

Mihail Malo • Jan 26 '19

My favorite feature of NPM (the repository) is that I can use pnpm instead of the default client.

Jochem Stoel • Dec 21 '18

It might be interesting to some that NPM is open. You can take it a step further than private packages and host your own NPM server that works out of the box with the npm command line tool we all know and love by simply setting a variable to a different host than npm.org somewhere.

Conlin Durbin • Dec 20 '18

Just saw this and thought it was brilliant!

Tierney Cyren

@bitandbang

Updated my business card 😎

19:28 PM - 19 Dec 2018

60658

Jochem Stoel • Oct 7 '18

Hey, lots of handy stuff in the comments but I noticed nobody has mentioned this yet. You can host your own NPM server and configure NPM to use your-registry.com in stead.

There are various packages on NPM itself (such as verdaccio) that offer a NPM server. Some are minimal, other are fully featured. You can use a custom NPM server not only to make your packages private (to your team) but also to serve as proxy, or have it fallback to NPM when your registry has no package by the name of what is being queried.

Darryl Norris • Sep 20 '18

npm install -g yarn

Aravind Balla • Jun 12 '18

Use npm pack <packagename> to download tgz file of what gets installed on your machine.
Use npm view <packagename> to view the package.json of the package.

Joshua Nelson ✨ • Jun 10 '18

Quick one: I recently made fastjs.link as a short linking service that links directly to the homepage of an npm package. Pretty useful for blogging on dev.to, actually!

K • Jun 9 '18

Best thing is that dev-dependencies are accessible like globals in npm scripts.

So you can run "npm i" and then simply run every script and use global packages without installing them globally.

Guo-Guang • Jun 9 '18

Checking if packages are up-to-date, I sometimes npm outdated to list packages' current version used, wanted version and latest version.

Jonathan Apodaca • Jun 8 '18

NPM scripts - they automatically add "./node_modules/.bin" to your PATH when they are executed, so if you have mocha installed, for example, your NPM script can just be ..."test": "mocha ..."...
NPX - use npx to run scripts in "./node_modules/.bin": npx mocha ... for one-off commands; if NPX cannot find the binary there, it will temporarily download it!
- npx create-react-app is awesome
npm ci - look it up it's pretty cool
Use "devDependencies", and use it correctly!
Use the "prepack" hook to run tests & build before your module is built!
"npm pack" will build the *.tgz that NPM stores on their public registry. In many ways this is akin to Java WAR files, without all of the dependencies. You can then put this *.tgz on your server and do an "npm install my-package-0.0.1.tgz"
"bundleDependencies" - worth knowing about (also a tool to use with it is: bundle-deps; run with "npx bundle-deps")

One of my pet-peeves is when a package is globally installed when it should be a devDependencies within a project. For example, if you use the TypeScript compiler in a project, "typescript" is a "devDependency"; do not make installing it globally a requirement. This lets different projects depend on different versions of the typescript compiler. It also makes it so that somebody can download your project and run a build without having to install additional dependencies. This goes for gulp, etc.

Jonathan Apodaca • Jun 8 '18 • Edited

I also forgot a few:

npm link - useful if you depend on a development version of a package that only exists on your local machine
npm install /path/to/file - alternative way to accomplish the above point: recent versions of NPM just create a symlink! so you can edit the linked project live and have updates just like you would expect
npm audit - available in >=v6.x - runs a security audit on your dependencies
npm info - want to see what version of a package is the latest? Run npm info express dist-tags
npm install github.com/user/project#semver:^1.0.0
npm install some-package@next - install not the "latest" version, but the version tagged by "next"

NPM greater than version 5 is pretty amazing. Earlier versions, not so much. I would recommend yarn if you are stuck with earlier versions of NPM.

Jonathan Apodaca • Jun 8 '18 • Edited

Oh, and don't forget that an .npmrc file local to your project overrides a global .npmrc file: useful for CI servers (store a .npmrc file with your project)!

mbtts • Jun 10 '18

Good point on the project specific .npmrc.

Another tip is that a separate repository (and credentials) can be configured per scope as well (credit Guillaume Martigny for mentioning scoped modules first below).

@<scope>:registry=http://host/repository/npm/private/
//host/repository/npm/private/:_password=<password>
//host/repository/npm/private/:username=<username>
//host/repository/npm/private/:email=<email
//host/repository/npm/private/:always-auth=true

This can be useful if you have some private modules in a private repository but do not wish to proxy all requests for public modules through it as well.

I also agree npm link is very useful if working on multiple modules and testing fixes.

View full discussion (36 comments)