what is difference between npm install vs npm install --save? - npm

when I installed node_module on my project.
with npm install
I changed
"dependencies": { "own_module": "github:own_module#v1.0"}
to
"dependencies": { "own_module": "github:own_module#v2.0"}
on package.json.
and execute npm install then, package-lock.json file changed.
but, it's hash value not changed..
"own_module": {
"version": "1.0",
"resolved": "git+ssh://git#github.com/own_module.git#diakvjj"}
to
"own_module": {
"version": "2.0",
"resolved": "git+ssh://git#github.com/own_module.git#diakvjj"}
with npm install --save github:own_module#v2.0"
this changed package.json automatically
"dependencies": { "own_module": "github:own_module#v1.0"}
to
"dependencies": { "own_module": "github:own_module#v2.0"}
and then, package-lock.json file correctly.
"own_module": {
"version": "1.0",
"resolved": "git+ssh://git#github.com/own_module.git#diakvjj"}
to
"own_module": {
"version": "2.0",
"resolved": "git+ssh://git#github.com/own_module.git#awerfd"}
why npm install could not change package-lock.json file automatically?
Now, I use npm#8.3.1 (meaning, version 8)

–save or -S: When the following command is used with npm install this will save all your installed core packages into the dependency section in the package.json file. Core dependencies are those packages without which your application will not give desired results. But as mentioned earlier, it is an unnecessary feature in the npm 5.0.0 version onwards.
read more on this link

Related

Updating npm lockfile version resolves sub-dependencies in node_modules - why?

When updating the npm lockfile version, the new package-lock file identifies sub-dependencies in node_modules instead of at the root. Why this behavior? Couldn't this result in duplication of modules with the same modules as grandchild modules are resolved as node_modules//node_modules/?
For example, let's look at the resolution of 'jest-each' going from v1 to v2:
Original package-lock.json:
"jest-circus":{... requires:{..."jest-each": "^28.1.0",...
"jest-each": { "version": "28.1.0",...
Updated package-lock.json:
"node_modules/jest-circus":{... "dependencies": {... "jest-each": "^28.1.0"...
"node_modules/jest-each": { "version": "28.1.0", ...
"node_modules/jest-each/node_modules/ansi-styles": { "version": "4.3.0", ...
.... <other sub-dependencies>

How to package a local npm module?

I am trying to pack an npm package and install it on my webapp.
My application has the following structure:
app
app.ts
app.css
build
app.js
app.css
package.json
tsconfig.json
.npmignore
I started with the pack command documentation.
I added the .npmignore to include only the build folder.
As expected when running npm pack, I know have a new app-1.0.0.tgz
When I try to install it in the web app with npm install ..\typescriptapp\typescriptapp-1.0.0
I get the following error:
npm ERR! code ENOLOCAL
npm ERR! Could not install from
"..\typescriptapp-1.0.0" as it does not contain a
package.json file.
npm ERR! A complete log of this run can be found in: npm ERR!
C:\Users\corbin\AppData\Roaming\npm-cache_logs\2018-03-26T17_49_30_440Z-debug.log
However when I unzip the typescriptapp.tgz, I have the following structure
typecriptapp-1.0.0
typecriptapp-1.0.0
package
build
app.js
app.css
package.json
tsconfig.json
Here is my package.json file:
{
"name": "typescriptapp",
"version": "1.0.0",
"scripts": {
"build": "tsc",
"debug": "tsc -w"
},
"devDependencies": {
"#types/signalr": "2.2.35",
"uglify-js": "3.3.16",
"uglifycss": "0.0.28"
},
"dependencies": {
"#aspnet/signalr": "^1.0.0-preview1-update1",
"lib": "file:../references/lib"
}
}
What am I doing wrong?
You are trying to run install in the parent folder
npm install ..\typescriptapp\typescriptapp-1.0.0
Whereas you have to install it in
npm install ..\typescriptapp\typescriptapp-1.0.0\typescriptapp-1.0.0\package

Yarn installing multiple versions of the same package

I have angular in my dependencies at 1.5.11:
{
"dependencies": {
"angular": "1.5.11",
"angular-foundation": "0.7.0"
}
}
angular-foundation happens to depend on angular#>=1.3.0.
Why does Yarn install angular#1.6.9 as a nested dependency of angular-foundation instead of using the project's version? This causes angular to exist twice in the app and doesn't work properly:
node_modules
angular (1.5.11)
angular-foundation (0.7.0)
node_modules
angular (1.6.9)
This doesn't happen with npm#5.6.0 - npm uses 1.5.11 for both the app and the package.
You need to use Yarn resolutions for this
https://yarnpkg.com/lang/en/docs/selective-version-resolutions/
So your package.json will become like this
{
"name": "depdencies",
"version": "1.0.0",
"main": "index.js",
"license": "MIT",
"dependencies": {
"angular": "1.5.11",
"angular-foundation": "0.7.0"
},
"resolutions": {
"**/angular": "1.5.11"
}
}
Which tells yarn that any child angular dependency will be set to 1.5.11. After updating this run below
$ rm yarn.lock
$ yarn
https://classic.yarnpkg.com/en/docs/cli/add/#toc-yarn-add-alias
yarn add <alias-package>#npm:<package>
yarn add react17#npm:react#17

package.json: Just download dependency but do not install it

I'm about to write a yeoman generator where the whole template is hosted on a git repository. So the package.json of my yeoman generator looks like
{
"name": "generator-foo",
"version": "0.1.0",
"description": "",
"files": [
"generators"
],
"keywords": [
"yeoman-generator"
],
"dependencies": {
"foo-template": "git://somewhere-in-the-world/foo-template.git#0.1.0",
"chalk": "^1.1.3",
"yeoman-generator": "^1.1.1",
"yosay": "^2.0.0"
}
}
Is there any way to prevent npm install from installing the foo-template package, i.e. running any postinstall script just for this package? Instead, it should be just downloaded to node_modules.
As describe here, postinstall scripts can be disabled globally for npm using --ignore-scripts flag.
As a complete solution, I would move your explicit dependency to foo-template to your local postinstall section with ignore scripts enabled:
{
"name": "generator-foo",
...
"postinstall": "npm install --ignore-scripts git://somewhere-in-the-world/foo-template.git#0.1.0",
"peerDependencies": {
"foo-template": "git://somewhere-in-the-world/foo-template.git#0.1.0"
}
}
Note that to make sure the dependency is explicitly described, we should mark it as a peerDependency (e.g. prevents package removal on prune).

npm install fails with multi-layered local dependencies

npm install doesn't seem to work if I depend on a local package that itself depends on another local package. I'm using npm version 2.5.1.
Here's what I have:
package.json for /src/modules/moduleA:
{
"name": "moduleA",
"version": "0.0.1",
...
"dependencies": {
"bluebird": "^2.9.1",
"nodemailer": "^1.3.0"
}
}
package.json for /src/modules/moduleB:
{
"name": "moduleB",
"version": "1.0.0",
...
"dependencies": {
"nconf": "~0.6.7",
"moduleA": "../moduleA"
}
}
package.json for /src/apps/coolApp:
{
"name": "coolApp",
"version": "1.0.0",
...
"dependencies": {
"mysql": "~2.4.2",
"request": "~2.40.0",
"cheerio": "~0.17.0",
"async": "~0.9.0",
"expand-url": "0.1.3",
"moduleB": "../../modules/moduleB"
}
}
Now if I try to npm install :
cd /src/modules/moduleA
npm install
[success, yay!]
cd /src/modules/moduleB
npm install
[success, yay!]
cd /src/apps/coolApp
npm install
npm ERR! addLocal Could not install /src/node/apps/moduleA
npm ERR! enoent ENOENT, open '/src/node/apps/moduleA'
npm ERR! enoent This is most likely not a problem with npm itself
npm ERR! enoent and is related to npm not being able to find a file.
[oh no!]
For some reason, npm is trying to install moduleA for coolApp, even though it doesn't need to directly, and also, it is using the relative path string as it is literally specified in the package.json file for moduleB, even though that isn't valid for coolApp since it is in a relatively different location.
I found that if you specify the local modules with "file:" before the path, everything works fine. Yay
Like this:
"moduleB": "file:../../modules/moduleB"