I am following a Microservices course that creates a free NMP account and pushes a package he writes through the course into it and imports this package in other related files of the application like a common NPM module/package.
He also mentions there are other options like using Github or some local Git/version controller, etc.
As I am trying to make a commercial project for my own startup, I am curious to know what is a good/affordable option for a startup company in this situation? Is is still a good idea to use NPM free public account to push some packages and use it through our application?
I think that if you are creating a module that can be useful to the community or part of it, NPM is an interesting option to keep your packages.
If you're uploading not usable packages, but your whole application to npm, then that's messed up, NPM is a package registry. Github, Gitlab, and tools alike should be a more suitable option since those are general-purpose code repositories, not package registries.
Also, be aware that the packages you upload on a free npm account are available to any NPM user. see: NPM Private Packages
From my previous experience, both GitLab and Github offer good free small professional accounts that may be suitable for your case.
Related
I am using vuepress in order to make my static site so is their any risk that anyone else can see my site source as my site is not open-source and I am using NPM so I want to ask a question that will my vuepress package will be published openly? as it's really important to me and I don't want to reveal the source of my site.
About Is their any risk that anyone else can see my site source
There is no way to protect javascript intended to run in a browser from a determined viewer.
If the browser can run it, then any determined viewer can view/run it also.
About NPM:
npm is a package manager for the JavaScript programming language maintained by npm, Inc. npm is the default package manager for the JavaScript runtime environment Node.js.
The npm registry contains packages, many of which are also Node modules, or contain Node modules.
npm has two types of packages,
one is public which everyone can see while the other is,
private package which others can't see.
So if you fear that people will see the source code in your package, just make it private or just don't put your code on npm at all.
In the react-native world I came across using many lib packages, some of them are outdated or not maintained. By going through the issue ticket or google for some solution to some bug, sometime I found a solution but how should I apply it?
I normally just change the code inside node_module directly, but I know this is really bad way cause it not even my git and gonna be lost at some point
what is the proper way to do this?
You can install node modules that aren't in the registry.
See: https://docs.npmjs.com/cli/install
Specifically these two methods are worth a look.
npm install <git-host>:<git-user>/<repo-name>
npm install <git repo url>
If the module in question are hosted on github, clone the repository, apply the patch to it there, and then use the module directly from github.
You could also see if anyone else is maintaining a fork of it.
I want to split up the code base of several of my project into isolated package like projects. Those should be easily usable by npm but they do not seem significant enough to be published to the global npm registry.
So, my question is if there is a middle way to handling them like local provided packages and installing them with their path and publishing them in the global repository.
Concerns:
cluttering the npm registry with packages which don't seem to be significant enough to take up the name
the need to document and to create tests for each package seems to be too much and I would not sleep well publishing packages which are not well documented and tested
I take up a name which might be more appropriate to be used by a more sophisticated package and maintainers
I still want other to be able to easily try / use this package, to see if it fits their needs
Alternatives:
A) creating a private npm repository (with CouchDB?)
+ is pretty much identical to the npm repository and would be easy to use
+ the versioning is identical just pure semver lookup
- every user needs to set up this repository if they want to use this package or need it as a child dependency in their (public npm) package (even though this is unlikely)
- Need to invest time into setting it up and maintaining it
B) Using my username npm namespace
+ would solve pretty much every problem
- namespaces seem to be meant for projects and its sub packages which wouldn't be the case for my packages since their only connection is the creator
- it seems arrogant to prefix your packages with your name, like you are tagging it with a big sign THIS WAS DONE BY ME
C) Using GitHub with a special detached branch which contains the (tagged) releases
+ you could use it like the global npm repository since the npm resolving strategy allows the repository url with a semver range in place of the version
- special case which is bound to break
- GitHub is not meant to provide npm packages, about no developer expects a git url instead of the versionrange, tools and firewalls might have problem with this
- workflow is really not meant this way neither for git nor for npm
D) using a local package and install package by its path
+ easy to setup and use
- no version management
- build steps must be done manually beforehand
- can not publish packages depending on those packages
- all dependencies have to be installed locally
E) making those packages more useful, implementing edge cases, writing documentation and testing the whole package
+ would resolve about all problems
- ALOT of extra work, primarily thinking about edge cases and giving the developer a good api
- sometimes you can't really get the name for you package (it collides with other) which results in weird
- it is your responsibility, you have to maintain it, be responsible (test it well, edge cases)
- cluttering of the npm repository
So those are all the alternatives which came to mind when I tried to find a solution. Please leave a comment / answer if you have another idea or maybe you can remove / reduce the importance of those contra points.
Maybe you could include your own experience, so I get a better view for the whole problem.
Currently I would just try to make the package more helpful to the greater majority but this does not work in all cases.
Thank you all for your time!
Installing from git is pretty standard feature in package managers. npm doesn't have Github-support, it's generic support for any git repo. Unless you can find some discussion about deprecating it from npm, I'd not worry about it. It's used internally in many companies for private packages.
Of course, there is still some trade offs: build artifacts and maybe a bit more clumsy workflow. Things like npm outdated doesn't understand git semver. For build artifacts, I have seen many projects to commit them to master branch to support direct git-install. If you look around older open source projects for example, that's the case quite often.
We went for a private repository with verdaccio running in a docker container, which is very similar to version A. It took some setup, but for our developers all it took was a single npm command to add the private repo "in front of" npm for all packages of the namespace we created. Granted, our packages are project specific, but in a private repository that does not really matter either way, does it?
We considered the local package option at first, but the drawbacks were just too big for us, even if it's very easy to setup.
I'm not sure this helps, but this is at least the setup we decided upon when we had the same issue a few months ago.
In my company we have a private npm repository where we host some of our projects, so that we can install them on our applications. Today, I was trying to create a new package but somehow, by accident, it seems that I have deleted all the packages within our organization. Is there any way to undo my action and restore those packages?
So far I've tried to look on the npm website for a history of actions or a way to undo my actions, but I couldn't find anything. I also sent an e-mail to the npm support team, to see if someone can help with this issue.
Ideally, I would expect that npm has some kind of back-up system that I could use to restore my deleted packages. If that's not possible, then I guess my only option would be to re-publish these packages, but this means I lose the version history of all of them...
Update: a few hours after contacting npm support team they replied my e-mail saying everything was restored. Thanks npm team!
I read about npm and bower, differences, usage, how it works, purpose as well. All explanation says that to work in NodeJs. But when I searched for AngularJS2, the tutorial says use npm. I have some basic questions based upon the understanding that npm basically for dependency management or packages to be installed.
How my Java/Eclipse workspace knows that npm installed the particular JS library/file, what path should be given in the html/web page for including those files/libraries?
If I move the web application to production, how will the server gets those dependent libraries? Even if server gets it, it might be installed in different folder. Basically how it can be managed with a web applications in different environments for just AngularJS app?
Can anyone please help me to have better understanding?
Finally found the answer. NPM is node package manager which helps basically to download the dependencies (almost like maven, gradle in java).
npm software needs to be installed in developer's machine.
Add the required dependencies in the package.json in the root folder of AngularJS application.
Open the DOS command line and navigate to project root folder(workspace/project in eclipse), then type npm install which will download all the dependencies mentioned in the package.json to a folder called npm_modules inside project folder.
The other and important advantage is npm can be used to install browser agent as well. So npm start command will open the browser and will load the application automatically in browser. Developer does not need to be aware about NodeJs. One more benefit of using this approach is the browser will get refreshed automatically when any update in the JS file gets saved.