When developing NodeJS applications or using NodeJS for Web Development, we often have to install and reinstall dependencies via NPM. Depending on the number of dependencies, this can get slow and tedious to wait on. When we install a single dependency, we typically will run something like:
npm install some-package
When we run this command, NPM will add it to the package.json if not already there and install the package to the node_modules directory. When using NPM locally, we will also get a package.lock file that will track all dependencies and transitive dependencies used.
Typically it is best practice to not source control our node_modules but only the package.json and package-lock.json files. When another developer clones the repository, they will run npm install to install the same listed dependencies.
In theory, this workflow is ideal, but often this is not the case. Many times we need to delete and reinstall packages that may be corrupt or our of date. We often see a command like the following used:
rm -rf node_modules && npm install
This command works but is a bit of a brute force way to update and reinstall dependencies. Instead, we can use npm ci. When we have an existing project using NPM and Node. To install or reinstall dependencies, we can run the following:
npm ci
NPM CI is a command designed for installing dependencies in an automated CI environment. It will delete the node_modules directory automatically and reinstall all of our dependencies. NPM CI typically is faster than npm install. NPM CI requires an existing package-lock.json file. Instead of resolving the dependencies in the package.json it uses the lock file directly, which speeds up the install time. Here is an example of the install time differences:
// example repo: https://github.com/vmware/clarity/tree/master/packages/core
npm install - 42.116s
npm ci - 24.629s
If npm ci finds a difference between the listed dependencies between the package.json and the package-lock.json it will exit with an error. The standard npm install will however update the package-lock.json file if a difference is found. Using npm ci helps ensure that the packages installed are the same every time, providing consistency between installs and CI builds.
Using npm ci is useful if you need to simply install or reinstall your node_modules. If you need to add an individual dependency, you will still need to use npm install. For my day to day workflows, I have found that using npm ci works well for most of the time, I use NPM and Node.
Top comments (2)
Doesn't npm follow package-lock.json in
npm i?Say goodbay to ‘npm install’, no need ‘npm install’, throw away ‘npm install’.