How to add contributors (collaborators) to a npm package? - npm

I created a npm package few months ago, and a friend was nice enough to help me make the original project into a package and upload it to npm.
Now I'm an owner of the package but only he is shown under collaborators. As it is my package and I did most of the work I would love to be mentioned as a collaborator.
We tried npm owner add but it didn't help.
Here is the package:
https://www.npmjs.com/package/react-singular-component
BTW: I am an owner.

Please run the following cli command on your terminal:
npm owner add <user> [<#scope>/]<pkg>
Where the parameter is the NPM username of the collaborator to include. It goes without saying: the collaborator must have an NPM account to be included.
If you have any difficulties with this, please reach out to the NPM team for assistance.

To be more specific, I think you're looking for some sort of way to display all contributors in your package.
There's an npm package called All-Contributors which you can use to generate a nice looking grid of contributors with their github profile photos.
You can install it by running:
yarn add -D all-contributors
Initialize your project with:
yarn all-contributors init
you can add a contributor by running
yarn all-contributor add <github-username> doc
Checkout the docs for more information on how to use the package.

Related

error "x packages are looking for funding." [duplicate]

I usually get "x packages are looking for funding." when running npm install on a react project. Any idea what that means?
When you run npm update in the command prompt, when it is done it will recommend you type a new command called npm fund.
When you run npm fund it will list all the modules and packages you have installed that were created by companies or organizations that need money for their IT projects. You will see a list of webpages where you can send them money. So "funds" means "Angular packages you installed that could use some money from you as an option to help support their businesses".
It's basically a list of the modules you have that need contributions or donations of money to their projects and which list websites where you can enter a credit card to help pay for them.
npm decided to add a new command:
npm fund that will provide more visibility to npm users on what dependencies are actively looking for ways to fund their work.
npm install will also show a single message at the end in order to let user aware that dependencies are looking for funding, it looks like this:
$ npm install
packages are looking for funding.
run `npm fund` for details.
Running npm fund <package> will open the url listed for that given package right in your browser.
For more details look here
First of all, try to support open source developers when you can, they invest quite a lot of their (free) time into these packages. But if you want to get rid of funding messages, you can configure NPM to turn these off. The command to do this is:
npm config set fund false --location=global
... or if you just want to turn it off for a particular project, run this in the project directory:
npm config set fund false
For details why this was implemented, see #Stokely's and #ArunPratap's answers.
You can skip fund using:
npm install --no-fund YOUR PACKAGE NAME
For example:
npm install --no-fund core-js
If you need to install multiple packages:
npm install --no-fund package1 package2 package3
first, it's not an error or warning. it's basically a message to you to donate some money if you wish to the company/people or individual who built a package you have installed/used in your project, to see which package, simply type in your terminal
npm fund
and a list of the packages names and their website URLs underneath to donate.
I hope this is helpful..
These are Open Source projects (or developers) which can use donations to fund to help support their business.
In npm the command npm fund will list the urls where you can fund
In composer the command composer fund will do the same.
While there are options mentioned above using which one can use to get rid of the funding message, but try to support the cause if you can.
npm config set false --global
npm config set fund false
npm fund [<pkg>]
This command retrieves information on how to fund the dependencies of a given project. If no package name is provided, it will list all dependencies that are looking for funding in a tree-structure in which are listed the type of funding and the url to visit.
The message can be disabled using: npm install --no-fund
npm install --silent
Seems to suppress the funding issue.
I would recommend against suppressing the funding message. It is informational only.
At the very least they would give you some idea of one the potential risks that the 3rd party npm package is facing.

Is there a way to install an npm package locally but not affect package.json or package-lock.json?

I have a project that I'm working on for a client where I have two private packages (which I can't get access to npm install) are inside the package.json.
I do however have access to clone the repos for those said packages. If I simply run an npm install I'll get a permission denied error. Same if I run npm link to the packages.
I've been working around this by removing the packages from the package.json then running npm install ../some-package. This works but isn't a great solution because if I wanted to add a new package I'd have to deal with a bit of a mess with the package.json.
Is there a better way than this?
I have tried running npm link ../some-package but I still get access denied. The only way I've managed to complete an install is by removing the packages then installing them from a local dir.
I don't know the details of your situation, but I see at least two potential solutions to explore.
Option 1: Install the package from the repo
I do however have access to clone the repos for those said packages.
You can install from a git repo and package.json will record that git repo as the source of the package rather than the npm registry.
From the docs at https://docs.npmjs.com/cli/v8/commands/npm-install:
npm install :
Installs the package from the hosted git provider, cloning it with git. For a full git remote url, only that URL will be attempted.
Option 2: Install from the local file system with --no-save
If that approach doesn't work for you, you can try npm install --no-save ../some-package as a build step. The --no-save makes it so it doesn't modify package.json.

How to install react-native-obfuscating-transformer from github

react-native-obfuscating-transformer is no longer updated in npm repository but it is still updated in github. So I would like to know how to install it step by step from github.
You can find the installation step in there GitHub repo itself.
If you are not able to install through npm and want to install directly from GitHub as an npm dependency, follow this article.

Replace an npm package with an alternative

Following up on Substitute an npm package with own implementation, which is about six years ago,
is there any simpler alternative now, with npm (not yarn, and not "transitive dependency")?
Basically, the same as NPM replace package with other, I found that I need package XXX, however, that package XXX has been out of maintenance for a year now, and I've found an updated git repo (but with the same name of package XXX).
Is there any easy way for npm to grab from the alternative git repo instead, or any simpler workarounds? (Not to start a language war but Go now has)
That updated git repo owner must have a simple way to make use of his own package without publishing to npm, so what's the trick?
npm install has a built in support to install package from github, gitlab, bitbucket, gist, and other special formats.
but you can install it from any git repository using the following
npm install <git repo url>
for more information, see npm install documentation

Does npm or yarn clone from VCS and run build script when install a package?

I am studying about npm and I have some questions.
Where the npm get the package from? i.e. when run npm install <package-name> or yarn add <package-name>.
When get the package, do npm get the package as raw or get then build it(like run the build script written in package.json)?
When publish the package, the repository field of package.json is required?
Can be different between the repository for publishing and the repository in pacakge.json?
To answer your questions:
npm gets them from the NPM package registry, and so does yarn, but Yarn probably has a proxy registry in front of it. In general, you can say, both tools fetch their packages from https://npmjs.com by default.
It gets the package as it was published (so, in short, the answer is "raw"). Building is up to the publisher and depends on the type of package. Often, some prepublish task builds something into dist/ (or any other location in the package), and these files are also shipped with the package others then download. Building rarely happens after installing a package (exception here are library-wrapping packages built with node-gyp).
The repository field is not required, to my knowledge, but it is good practise to include it (it will be displayed on the NPM website, for example).
Technically, yes. You can just specify any repository in repository, but it wouldn't make much sense to specify one that isn't the source of the package.
If you in general want to read up more on how npm works, check out it's documentation over at https://docs.npmjs.com/