I'm kinda new to npm and I not sure if this is even the right way to do this, but I couldn't find an answer yet:
I have a package, published on npm. To have clean workflow I only want to publish changes on the main branch. Is there a way to configure npm in a way, that it aborts when accidentally running npm publish on another branch?
Related
I have some local modules which are inhouse developed and I copy to my node_modules folder manually.
When I do this they work fine but after I install some other stuff via ng add or npm install the folder is removed. My question is how can I prevent this from happening so I don't have to copy the files again ?
You need to specify your dependencies in package.json or else you cannot rely on them being in node_modules. Various npm commands might remove it, notably npm ci but also others.
If your package is not publicly published, some options are:
Use a non-public registry and publish it there.
Publish it as a scoped package with limited visibility. You will need a paid or organization account on npm for this. Individual accounts are US$7 a month.
Use npm link to "install" it from your local file system.
Use a postinstall or other life cycle script to have npm copy in your packages for you each time after npm ci or npm install is run.
There are likely other options, but those are the ones that come to mind immediately.
I have a monorepo project and I'm migrating to npm#7. Before npm workspaces, I had to publish packages to a private feed and then consume them in my app (I didn't bother with npm link shenanigans). Not ideal, but I made do.
Then npm introduced workspaces, and now I'm trying to migrate. While resolving peer dependency conflicts, I noticed that when I made changes to any package.json files, npm install would return the same errors unless I updated package versions to something that hadn't been published yet. I wasn't expecting this kind of behavior.
So how does npm determine where to search for a package first? Does npm install download packages from the registry before looking at workspaces? Is this intentional, and if so, why?
I am studying about npm and I have some questions.
Where the npm get the package from? i.e. when run npm install <package-name> or yarn add <package-name>.
When get the package, do npm get the package as raw or get then build it(like run the build script written in package.json)?
When publish the package, the repository field of package.json is required?
Can be different between the repository for publishing and the repository in pacakge.json?
To answer your questions:
npm gets them from the NPM package registry, and so does yarn, but Yarn probably has a proxy registry in front of it. In general, you can say, both tools fetch their packages from https://npmjs.com by default.
It gets the package as it was published (so, in short, the answer is "raw"). Building is up to the publisher and depends on the type of package. Often, some prepublish task builds something into dist/ (or any other location in the package), and these files are also shipped with the package others then download. Building rarely happens after installing a package (exception here are library-wrapping packages built with node-gyp).
The repository field is not required, to my knowledge, but it is good practise to include it (it will be displayed on the NPM website, for example).
Technically, yes. You can just specify any repository in repository, but it wouldn't make much sense to specify one that isn't the source of the package.
If you in general want to read up more on how npm works, check out it's documentation over at https://docs.npmjs.com/
I'm working on react projects, then i want to upload it to github pages, so i follow some tutorials, and there are steps to install gh-pages via npm. So i install it, but i terminate the process by pressing ctrl+c, and it stop the process. And i feel i have to uninstall it, so i do npm uninstall gh-pages --save-dev. The process isn't finished, and my laptop overheat and died (old laptop sorry).
And i went back, i want to check the packages. After running npm list --depth=0, its showing so much extraneous error, no such file directory and and path ended with package.json. My package.json on each modules missing, i've been checked it, only left 1 package.json on root folder.
and much more error messages
Is there a way to get it back all?
Run commands sequentially:
rm -rf node_modules package-lock.json
npm i
Then if you want to install that package again, run
npm i gh-pages
The docs explain how to control which files are not sent to the npm registry when you run npm publish.
If you use .npmignore, or you're not using git that set of files differs from the set that are pushed to your source repo.
Is there a way to list the files that npm publish will send?
I know that npm pack will create a tarball that contains those files, but creating a tarball and then listing its contents seems a little clunky.
Currently, there's no such thing in npm (see this issue).
At the moment you can use some external tools that implement the functionality you're asking for, e.g. pkgfiles or irish-pub.
As of at least npm#6, you can run npm publish --dry-run to see what files are included in your package.
https://docs.npmjs.com/cli/v6/commands/npm-publish