When running npm install, when will it produce a package-lock.json file and when will it not?
This is the version of npm that I am using:
$ npm --version
3.10.10
And this a simple package.josn that I am testing with:
$ cat package.json
{
"name": "invoices_svc",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1",
"start": "node index.js"
},
"author": "",
"license": "ISC",
"dependencies": {
"express": "^4.16.2"
},
"repository": {
"type": "git",
"url": "git#.../TotalInvoiceDemoApp.git"
},
"description": "..."
}
For some reason, I don't see a package-lock.json that is created after running npm install.
I also tried building a docker image with this, where I notice the warning:
npm notice created a lockfile as package-lock.json. You should commit this file.
...
Step 4/7 : RUN npm install
---> Running in f4c48bbcc52a
npm notice created a lockfile as package-lock.json. You should commit this file.
...
There may be some obvious configuration that I missed in my local dev environment? Why it won't produce the lock file locally?
lock-file was introduced in npm version 5.0.0, you need to update npm to generate lock files
Related
How can I trigger the login before the install script in node v18.12.1/npm 8.19.2?
I expect the npm preinstall script will run before the install script based on the documentation. When running node v14.21.1/npm 6.14.17 I was able to follow the instructions in this tutorial to trigger a CodeArtifact login with the preinstall script. All packages were installed from my CodeArtifact repository on running npm install as expected.
After updating to node v18.12.1/npm 8.19.2, npm install fails with error:
Unable to authenticate, your authentication token seems to be invalid
What I have tested (each in a fresh environment with no npm cache):
npm run preinstall successfully logs on
∴ AWS credentials are configured and the preinstall script works when executed
npm install fails authentication
npm run preinstall; npm install successfully logs on and installs from CodeArtifact
∴ the preinstall script is not running. I get no results from filtering the debug logs suggesting the co:login step is not run:
$ cat /root/.npm/_logs/2022-12-06T07_12_47_353Z-debug-0.log | grep co:login
$ echo $?
1
After reverting to node v14.21.1/npm 6.14.17, npm install behaves as expected, logging in and installing packages from CodeArtifact.
I have recreated the problem with a minimal package.json which can be tested in a docker container:
docker run --rm -it -v ~/.aws:/root/.aws:ro --name app node:18.12.1 /bin/bash
wget --quiet -O "awscliv2.zip" "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m).zip" && unzip -q awscliv2.zip
./aws/install
rm awscliv2.zip && rm -r ./aws
Copy files in from a separate terminal
docker cp package.json app:/package.json
docker cp package-lock.json app:/package-lock.json
And then install with npm install in the docker container.
package.json template would require you to substitute your own CodeArtifact repository, domain and owner
{
"name": "app",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1",
"preinstall": "npm run co:login",
"co:login": "aws codeartifact login --tool npm --repository my-repository --domain my-domain --domain-owner 123456789 --region ap-southeast-2"
},
"author": "",
"license": "ISC",
"dependencies": {
"dayjs": "^1.11.6"
}
}
package-lock.json template would require you to substitute your own CodeArtifact url
{
"name": "app",
"version": "1.0.0",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "app",
"version": "1.0.0",
"hasInstallScript": true,
"license": "ISC",
"dependencies": {
"dayjs": "^1.11.6"
}
},
"node_modules/dayjs": {
"version": "1.11.6",
"resolved": "https://mydomain-123456789.d.codeartifact.ap-southeast-2.amazonaws.com:443/npm/my-repository/dayjs/-/dayjs-1.11.6.tgz",
"integrity": "sha512-zZbY5giJAinCG+7AGaw0wIhNZ6J8AhWuSXKvuc1KAyMiRsvGQWqh4L+MomvhdAYjN+lqvVCMq1I41e3YHvXkyQ=="
}
},
"dependencies": {
"dayjs": {
"version": "1.11.6",
"resolved": "https://mydomain-123456789.d.codeartifact.ap-southeast-2.amazonaws.com:443/npm/my-repository/dayjs/-/dayjs-1.11.6.tgz",
"integrity": "sha512-zZbY5giJAinCG+7AGaw0wIhNZ6J8AhWuSXKvuc1KAyMiRsvGQWqh4L+MomvhdAYjN+lqvVCMq1I41e3YHvXkyQ=="
}
}
}
I find this liste for "Life Cycle Operation Order":
preinstall, install, postinstall, prepublish, preprepare, prepare, postprepare
So I use preinstall with a commande line. My commande line is a aws cli commande. This command modify the .npmrc file (add authentification). When my script execute install phase, my new version of my .npmrc file is not taken into account.
I'm obligated to relaunch my commande line npm install
(<123456789> and <me> is modified for stackoverflow)
{
"name": "my-app",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"preinstall": "npm run co:login",
"co:login": "aws codeartifact login --tool npm --repository my-repo --domain my-domain --domain-owner <123456789> --profile <me> --namespace #tp-npm",
"test": "echo \"Error: no test specified\" && exit 1"
},
"dependencies": {
"uuid": "^3.3.2",
"#my-npm/my-common": "1.0.0"
}
}
I am using npm precommit hook, but it is not stopping a file with issues to be committed, nor am I getting the message "Pre commit checks" when I try to commit a file.
Package Json:
{
"name": "myfolder",
"version": "1.0.0",
"description": "",
"main": "",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 0",
"precommit-msg": "echo 'Pre-commit checks...' && exit 0",
"lint": "csslint global/css"
},
"author": "SR",
"license": "ISC",
"dependencies": {
"csslint": "^1.0.4",
"jshint": "^2.9.4",
"pre-commit": "^1.2.2"
},
"pre-commit": [
"precommit-msg",
"lint"
],
"devDependencies": {
"pre-commit": "^1.2.2"
}
}
Please, make sure that your 'package.json' file is in the same folder, where '.git' folder is (where git repository was initialized). When you install 'pre-commit' package, 'pre-commit' file should appear under '.git/hooks/'.
Just FYI I had this issue because the pre-commit file was missing in the hooks folder.
Running npm i pre-commit --save-dev again created the file and solved it for me.
Have't managed to implement it with few "pre-commit" NPM modules (#fastify/pre-commit, monorepo-staged-precommit) so implemented it "manually" with adding tools/pre-commit.sh file into repo with content like:
#!/bin/sh
DIR='web'
echo "Pre-commit actions (NPM tests for $DIR)..."
cd $DIR && npm run test
and updating package.json with:
"scripts": {
"test",
"install-precommit": "cp ../tools/pre-commit.sh ../.git/hooks/pre-commit"
This solution has some limitations (like instead of automatic installation need to ask somewhere in "README" about npm run install-precommit and I'm not sure how it would work on Windows especially without Git Bash) but it worked for me.
Notes:
Other pre-commit NPM packages either didn't work as well or asked for NVM and other extra tools which I don't want devs to install for such small task.
pre-commit.sh may has any name and don't be executable - "install-precommit" task and git care about.
I'm a big fan of bower. I don't need to put a stack of packages in my repository, I just commit bower.json each time and I'm done.
So my question really is, can I make npm read from a json file in the same way that bower does?
npm has package.json. This file has dependencies and devDependencies parts. You can use this file similar to bower.json.
npm install
will install necessary dependencies to your project's node_modules directory.
See sample package.json below.
{
"name": "SampleMobileApp",
"version": "0.0.1",
"description": "Sample App",
"dependencies": {
"grunt": "~0.4.2",
},
"devDependencies": {
"grunt": "~0.4.2",
"grunt-contrib-jshint": "~0.8.0",
"grunt-open": "~0.2.3",
"grunt-contrib-copy": "~0.5.0",
"grunt-bowercopy": "~0.7.1",
"grunt-contrib-watch": "~0.5.3",
"grunt-phonegap": "~0.12.0"
},
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [
"grunt",
"javascript"
],
"author": "Atilla Ozgur",
"license": "MIT",
}
dependencies are your runtime dependencies that your users need to download while devDependencies are your developer dependencies like your test runtime, grunt helper packages etc.
I have a simple package.json:
{
"name": "camapaign",
"version": "0.0.1",
"scripts": {
"start": "node app.js"
},
"engines": {
"node": "0.10.15",
"npm": "1.3.5"
},
"repository": {
"type": "svn",
"url": ""
}
}
When I execute "npm install" i get the following warning which I would like to fix:
"npm WARN package.json camapaign#0.0.1 No readme data."
I have tried adding "README.md" & "readme.txt" to the same dir as the package but with no joy. What am I missing?
Simply adding a README.md file will not fix it, you should write something inside it; at least the project title and a brief description is good for people! But for NPM, one byte may be enough...
Doing so should stop showing the warnings.
Also, when you read that warning, ensure that the problem is not related to a 3rd party package.
Just set as private ;)
{
"name": "camapaign",
"version": "0.0.1",
"private": true,
"scripts": {
"start": "node app.js"
},
"engines": {
"node": "0.10.15",
"npm": "1.3.5"
},
"repository": {
"type": "svn",
"url": ""
}
}
Adding a README.md to your project root is the answer, but I've noticed that it takes a short while for NPM to pick up on this. Maybe a few minutes?
Add to package.json "readme": "README.md"
As of today, Apr 2017, just setting below in package.json, still works fine:
"private": true
this means its your private repository
even, with latest npm, it works fine:
npm update -g npm
> 3.10.8
my solution
npm show
npm dist-tag add
1.use npm show check the remote website deploy info.
eg.should like this:
SOME_PACKAGEs#0.3.60-beta | Proprietary | deps: 14 | versions: 289
<span style="color:red;">最新日志倒序在这里增加,注明作者+日期+功能</span>
dist
.tarball: https://registry.npmjs.org/xxx/-/xxx-0.3.60-beta.tgz
.shasum: 021e30640a62f13905b1e2b7a4facd169df46a1d
.integrity: sha512-9N4pUwwoYGNek34fCCCjURuQdx1K5VBlCWl4t1sy8wi3xul/N/TiDvjmUBF24t2Dg2fX6cFM9on+tftnVaEr7A==
.unpackedSize: 114.5 kB
dependencies:
#hanyk/rc-viewer: ^0.0.3 crypto-js: ^3.1.9-1 moment: ^2.25.3 react-dom: ^16.12.0 uuid: ^3.3.3
axios: ^0.19.0 dirty-json-ie11: ^0.0.2 query-string: ^6.9.0 react-quill: ^1.3.3 yqquill-image-drop-module: ^0.0
cookie-universal: ^2.0.16 md5: ^2.2.1 quill-delta-to-html: ^0.11.0 react-resizable: ^1.10.1
maintainers:
- jyjin <jyjin#qq.com>
- jyjin1 <jyjin1#163.com>
- jyjin2 <jyjin2#163.com>
dist-tags:
beta: 0.3.61-beta latest: 0.3.53-beta
published 26 minutes ago by jyjin1 <jyjin1#163.com>
2.npm dist-tag add [PACKAGE_NAME]#[VERSION]
and then update lasest 0.3.53-beta to 0.3.61-beta
npm dist-tag add SOME_PACKAGE#0.3.61-beta
3.npm show check agin
same to step 1
go back to your npm package site, all have refreshed!
Wish to helps, thanks~
[One Chinese Teach]希望对您有帮助,谢谢~