error "x packages are looking for funding." [duplicate] - npm

I usually get "x packages are looking for funding." when running npm install on a react project. Any idea what that means?

When you run npm update in the command prompt, when it is done it will recommend you type a new command called npm fund.
When you run npm fund it will list all the modules and packages you have installed that were created by companies or organizations that need money for their IT projects. You will see a list of webpages where you can send them money. So "funds" means "Angular packages you installed that could use some money from you as an option to help support their businesses".
It's basically a list of the modules you have that need contributions or donations of money to their projects and which list websites where you can enter a credit card to help pay for them.

npm decided to add a new command:
npm fund that will provide more visibility to npm users on what dependencies are actively looking for ways to fund their work.
npm install will also show a single message at the end in order to let user aware that dependencies are looking for funding, it looks like this:
$ npm install
packages are looking for funding.
run `npm fund` for details.
Running npm fund <package> will open the url listed for that given package right in your browser.
For more details look here

First of all, try to support open source developers when you can, they invest quite a lot of their (free) time into these packages. But if you want to get rid of funding messages, you can configure NPM to turn these off. The command to do this is:
npm config set fund false --location=global
... or if you just want to turn it off for a particular project, run this in the project directory:
npm config set fund false
For details why this was implemented, see #Stokely's and #ArunPratap's answers.

You can skip fund using:
npm install --no-fund YOUR PACKAGE NAME
For example:
npm install --no-fund core-js
If you need to install multiple packages:
npm install --no-fund package1 package2 package3

first, it's not an error or warning. it's basically a message to you to donate some money if you wish to the company/people or individual who built a package you have installed/used in your project, to see which package, simply type in your terminal
npm fund
and a list of the packages names and their website URLs underneath to donate.
I hope this is helpful..

These are Open Source projects (or developers) which can use donations to fund to help support their business.
In npm the command npm fund will list the urls where you can fund
In composer the command composer fund will do the same.
While there are options mentioned above using which one can use to get rid of the funding message, but try to support the cause if you can.

npm config set false --global
npm config set fund false

npm fund [<pkg>]
This command retrieves information on how to fund the dependencies of a given project. If no package name is provided, it will list all dependencies that are looking for funding in a tree-structure in which are listed the type of funding and the url to visit.
The message can be disabled using: npm install --no-fund

npm install --silent
Seems to suppress the funding issue.

I would recommend against suppressing the funding message. It is informational only.
At the very least they would give you some idea of one the potential risks that the 3rd party npm package is facing.

Related

How can i prevent NPM to delete locally installed modules from nodes_modules

I have some local modules which are inhouse developed and I copy to my node_modules folder manually.
When I do this they work fine but after I install some other stuff via ng add or npm install the folder is removed. My question is how can I prevent this from happening so I don't have to copy the files again ?
You need to specify your dependencies in package.json or else you cannot rely on them being in node_modules. Various npm commands might remove it, notably npm ci but also others.
If your package is not publicly published, some options are:
Use a non-public registry and publish it there.
Publish it as a scoped package with limited visibility. You will need a paid or organization account on npm for this. Individual accounts are US$7 a month.
Use npm link to "install" it from your local file system.
Use a postinstall or other life cycle script to have npm copy in your packages for you each time after npm ci or npm install is run.
There are likely other options, but those are the ones that come to mind immediately.

Does npm or yarn clone from VCS and run build script when install a package?

I am studying about npm and I have some questions.
Where the npm get the package from? i.e. when run npm install <package-name> or yarn add <package-name>.
When get the package, do npm get the package as raw or get then build it(like run the build script written in package.json)?
When publish the package, the repository field of package.json is required?
Can be different between the repository for publishing and the repository in pacakge.json?
To answer your questions:
npm gets them from the NPM package registry, and so does yarn, but Yarn probably has a proxy registry in front of it. In general, you can say, both tools fetch their packages from https://npmjs.com by default.
It gets the package as it was published (so, in short, the answer is "raw"). Building is up to the publisher and depends on the type of package. Often, some prepublish task builds something into dist/ (or any other location in the package), and these files are also shipped with the package others then download. Building rarely happens after installing a package (exception here are library-wrapping packages built with node-gyp).
The repository field is not required, to my knowledge, but it is good practise to include it (it will be displayed on the NPM website, for example).
Technically, yes. You can just specify any repository in repository, but it wouldn't make much sense to specify one that isn't the source of the package.
If you in general want to read up more on how npm works, check out it's documentation over at https://docs.npmjs.com/

Save peer dependencies in npm with a command

Is there a way to achieve that using npm ? Currently I do this manually, would be nice to use similar approach as with npm install --save
I found some old discussion and commits but it seems it didn't make it:
https://github.com/npm/npm/pull/3994
As far as I can tell, you can't. Just install it as a regular dependency (production or otherwise, just like the package requiring the peer dependency is installed as).
Even if you manually add the entry to peerDependencies an npm audit is going to fail to recognize the package and tell you to install it.
This kind of stinks, I'm a big fan of the separation of concerns, and keeping a list of modules that only exist so they can be absorbed by other modules is crummy.
But, it is what it is and so long as you leverage the npm commands afforded to you, I guess it's manageable.
Since 'I don't know what npm version' you can use npm i --save-peer package_name command. Works on npm 8.1.0

How to add contributors (collaborators) to a npm package?

I created a npm package few months ago, and a friend was nice enough to help me make the original project into a package and upload it to npm.
Now I'm an owner of the package but only he is shown under collaborators. As it is my package and I did most of the work I would love to be mentioned as a collaborator.
We tried npm owner add but it didn't help.
Here is the package:
https://www.npmjs.com/package/react-singular-component
BTW: I am an owner.
Please run the following cli command on your terminal:
npm owner add <user> [<#scope>/]<pkg>
Where the parameter is the NPM username of the collaborator to include. It goes without saying: the collaborator must have an NPM account to be included.
If you have any difficulties with this, please reach out to the NPM team for assistance.
To be more specific, I think you're looking for some sort of way to display all contributors in your package.
There's an npm package called All-Contributors which you can use to generate a nice looking grid of contributors with their github profile photos.
You can install it by running:
yarn add -D all-contributors
Initialize your project with:
yarn all-contributors init
you can add a contributor by running
yarn all-contributor add <github-username> doc
Checkout the docs for more information on how to use the package.

Diagnosing npm’s “invalid” error in package list

When I do npm list --global, one package, phonegap, shows as invalid.
npm ERR! invalid: phonegap#5.0.0-0.28.1 /usr/local/lib/node_modules/phonegap
No other packages have any errors or problems. I’ve tried to look into this, and learned that the message means a dependency is unfulfilled, but I can’t figure out which one. If I run npm update --global phonegap it exits cleanly, with no errors.
I originally installed npm & node via Homebrew, if that’s relevant. Here’s my full list of globally installed packages.
How do I diagnose this?
Have you tried changing the permissions for that package? I recently had a similar problem with global packages and it turned out to be a permissions issue
https://docs.npmjs.com/getting-started/fixing-npm-permissions