I am trying to demystify this NPM behavior. I have a custom library which I create for an Angular Project. The library is copied directly to the Node modules directory in my Angular Folder to test any new functionalities that I add on whatever project is using it. However, I notice the older version of the library is being used by the project.
I wonder whether this is due to the NPM Cache.
So my question is, how does the NPM cache and Node_Modules folder work hand in hand?
I can't directly answer as to how the cache relates to node_modules, but I can say that your package-lock.json file is likely the culprit behind your outdated packages. Try running npm update. If that doesn't work, try deleting your package-lock.json file and running npm install.
If that also doesn't work, make sure you have the correct version specified for your library in your project's package.json file. latest will grab the latest release available, ^1.0.0 will grab the latest minor and patch releases, ~1.0.0 will grab only the latest patch releases, and 1.0.0 will only grab that exact version.
Related
I'm developing a browser-side package, with several runtime dependencies and developing tools. As suggested, I install them using NPM as dependencies and devDependencies respectively.
Eventually, before I publish it, I always compile every source file and external dependencies into one minimized file.
When I try to install it in another project, however, I noticed that all "dependencies" packages are also installed. I assume it's a standard NPM behavior, yet these packages should not be needed, as I've already compressed them all into my own .min.js file.
Should I just move them all to "devDependencies"?
I'm working on 2 projects, one library project is the npm depencency of the others.
The library project is automatically published to local npm registry (nexus) by CI (Gitlab), so developers that are only working on 2nd project don't need to download library project (at least this is the welcomed solution).
However, after deleting node_modules/mylibrary and calling npm install, I've found out, that I've got... old version of the package. The library was correcly built and our nexus allows redeploy, and it works perfectly in Gitlab CI (the project gets always the actual version of library package) so it looks like something was cached locally somewhere else (not in project itself).
How to force npm to download the actual version of the package, purging local cache if necessary? Increasing the library version after each commit is not a viable solution (if it was, there would be never the concept of snapshots in maven).
According to the docs, Titanium now has support to install npm packages: http://docs.appcelerator.com/platform/latest/#!/guide/Node.js_Support
However, upon reading it, I am very confused as to where to actually put my node_modules directory. There is some mention in the docs about a Resources directory, however, for Alloy this is supposed to be left empty, as it is frequently overwritten by the compiler.
So my question is, where do I put my node_modules and how do I reference it.
In Alloy project you are supposed to run npm install inside the app folder. But according to this bug JIRA Ticket modules that use core-modules won't work correctly. So you have to try if you module works.
Another explanation: https://stackoverflow.com/a/45041737/5193915
From experimentation, it seems like you can do npm install in the app/lib/ so your package are in app/lib/node_modules. This does NOT work on the app/ directory.
Note that if you use tishadow, you will also need to install the npm packages there as well in the Resources/ directory (as they still do not use the Alloy framework).
After updating my NPM to the latest version (from 3.X to 5.2.0) and running npm install on an existing project, I get an auto-created package-lock.json file.
I can tell package-lock.json gives me an exact dependency tree as opposed to package.json.
From that info alone, it seems like package.json is redundant and not needed anymore.
Are both of them necessary for NPM to work?
Is it safe or possible to use only the package-lock.json file?
The docs on package-lock.json (doc1, doc2) doesn't mention anything about that.
Edit:
After some more thinking about it, I came to the conclusion that if someone wants to use your project with an older version of NPM (before 5.x) it would still install all of the dependencies, but with less accurate versions (patch versions)
Do you need both package-lock.json and package.json? No.
Do you need the package.json? Yes.
Can you have a project with only the package-lock.json? No.
The package.json is used for more than dependencies - like defining project properties, description, author & license information, scripts, etc. The package-lock.json is solely used to lock dependencies to a specific version number.
package-lock.json: records the exact version of each installed package which allows you to re-install them. Future installs will be able to build an identical dependency tree.
package.json: records the minimum version you app needs. If you update the versions of a particular package, the change is not going to be reflected here.
If your question is if lock file should be committed to your source control - it should. It will be ignored under certain circumstance.
I found it bloating pull requests and commit history, so if you see it change, do a separate commit for it.
Lets say I am working on a library that will be consumed by other developers. MyPackage has a dependency on moment. The developer that consumes my package also has a dependency on moment. So moment will exist as a "dependency" in both library package.json and application package.json (and thus get packaged twice). Is there a way to package it just once? If the consumer has it, use theirs, else use mine?
It's already happening by default on fresh installs if dependency ranges match.
npm v>=3 does gang the dependencies, depending on the installation order and depth, see here.
Also, if you kept working on the same folder for a while, there might be some cruft, which could be wiped using npm dedupe, see here.
In theory, moment should not be duplicated if both your library and developer's library are consuming the same version ranges of it. At least if npm dedupe is called or node_modules are wiped and npm i-nstalled.