We Keep Coding

When running `npm version` scripts, how to prevent a new commit from being made

When I run npm version patch, a new commit will be made. I don't want it.
The doc is pretty vague. The flag I guess is relevant is commit-hooks, but I'm not sure how to use it. There's no examples.
I've tried different patterns, for example:
npm version patch --commit-hooks=false
npm version patch --commit-hooks false
But it doesn't seem to work.

The --commit-hooks argument determines if Git Hooks are run on the commit creation.
The command you want is npm version patch --git-tag-version false
Tag the commit when using the npm version command. Setting this to false results in no commit being made at all.

If run in a git repo, it will also create a version commit and tag. This behavior is controlled by git-tag-version (see below), and can be disabled on the command line by running npm --no-git-tag-version version.

Yarn lock file resource source changed from registry.yarnpkg.com to registry.npmjs.org

I recently npm installed a package into my Ruby on Rails application. The installation changed my yarn.lock file. Specifically, the "resolved" field for all my resources have changed from yarnpkg.com to npmjs.org.
From this:
d3-dsv#1:
version "..."
resolved "https://registry.yarnpkg.com/d3-dsv/-/d3-dsv-1.0.8.tgz#..."
integrity ...
To this:
"d3-dsv#1":
"integrity" "..."
"resolved" "https://registry.npmjs.org/d3-dsv/-/d3-dsv-1.1.1.tgz"
"version" "..."
Is there a problem with these changes in this yark.lock file? Should I have done some yarn alternate to npm installing?

You can fix this issue by re-running yarn again.
To accomplish this, follow the steps below.
Remove the registry.npmjs.org section in your yarn.lock file.
Run the yarn command again.
$ yarn
This should rewrite the yarn.lock to change the registry from npm to Yarn.
The steps above should rewrite the yarn.lock file, and change the registry and text from npm to Yarn.

If you are using only public packages in your application then this will not cause many problems. You can go about your business as it is.Although there might be some complications when you authenticate for any of them at any point.
If you are using any private repositories, you have to re-register your packages with yarn and add credentials to them.
The following steps will help you.
Setup a private repo on npmjs.org and add a scope and your package (Lets name it boo)
Create a new project locally and upload it to the npm registry (let's call it blimp)
So when they are updated it will be #boo/blimp
Add the package to your new applications package.json by installing yarn add #boo/blimp
Remove the node_modules (rm -rf node_modules)
Try yarn install if there is an error in the lock file try re-creating one as follows
sed -ie 's,registry.yarnpkg.com/#boo,registry.npmjs.org/#boo,' yarn.lock
7. If that omits an issue like Request failed or something in that alley, try following
yarn config set registry https://registry.npmjs.org
At this point, you have tried lots of options. If this is still an issue in your system then you might have to move to `npm` package management. Follow the [yarn][2] repository for more updates.
Similar issues
yarn.lock should not include base registry
Support protocol-relative registry
Support for registry URLs without trailing slash

I suspect this happened to me because I installed something with npm install instead of yarn. I recognized my mistake, npm uninstalled the package, then yarn added the package, but then every entry in yarn.lock was changed to use npmjs.org instead of yarnpkg.com.
I did not commit the changes to source control, and the problem disappeared after I...
Deleted package-lock.json
Reverted the change to package.json in source control (i.e. removed the new package)
Reverted all changes to yarn.lock in source control
yarn added the package again
I am unsure if using npm install followed by yarn add is really what triggered the problem. Can anyone confirm?

What is the meaning of package name before #git in package-lock.json

When I try to run npm install, I got an error:
Could not install from "node_modules/eth-sig-util/ethereumjs-abi#git+https:/github.com/ethereumjs/ethereumjs-abi.git" as it does not contain a package.json file.
So I went to check the diff for package-lock.json, and noticed npm somehow modified
"ethereumjs-abi": "git+https://github.com/ethereumjs/ethereumjs-abi.git",
into
"ethereumjs-abi": "ethereumjs-abi#git+https://github.com/ethereumjs/ethereumjs-abi.git",
which breaks the npm install, so I'm wondering what is the meaning of placing package name before #git and why it breaks the install process.
It works after I delete the ethereumjs-abi# prefix, but it shows up after I run npm install and breaks again...
Thanks in advance!

A #git use to install the package from the git repo.
like: you fork package git repo into your Git account and you change some part of the package now you want to that install that changed package in project you can use #git+'git repo URL of your changed repo'.
here ethereumjs-abi package install from the https://github.com/ethereumjs/ethereumjs-abi.git" git repo:
"ethereumjs-abi": "git+https://github.com/ethereumjs/ethereumjs-abi.git",

Why does “npm install <package_name> —save or yarn add <pakage_name> “ rewrite node-modules files?

In my project I had changed some file inside the nodemodule folder. But after I installed new packages , my previous changes are removed. All the modules are overwritten

Welcome to Stack Overflow. If you want to make changes to a npm package, you need to clone it to a different location. But first you probably want to clone the repo on github.
Let's assume that you have a github account already, and are logged in. If you choose a repo, like https://github.com/lever/planer You will see a fork button near top right. Click this and it will fork the repo under your account. Then go to your copy of the repo, and click the clone or download button. Copy the repo name to the clipboard.
At your command line, cd to a suitable location, such as ~/projects and type this
git clone https://github.com/<yourname>/planer
cd planer
sudo npm link
npm install
This will copy the repo to your local environment, and the npm link command tells npm that this repo is the one to use for planer. One more step is to cd to your project where you are using planer, and type this command:
npm link planer
At this point it is linked into your project, and you can modify the code as you like (in ~/projects/planer) and test your app. You may need to build the package each time so that your changes go through.

npm install only if package missing or out-of-date compared to package.json

I want to be able to compare my locally installed packages against my project package.json file without making a call against the npm online repo. If there is a package that is out of date based on the package.json file, then and only then will it go to the npm online repo and install the package.
The reason for this is that I want to be able to update the package.json file to require a newer version of a package, commit this change to the project repo and when other developers on the team get latest their npm package is updated. I do not want to slow down the process if everything is up-to-date or cause the build to fail if access to the npm repo or the internet is down.
I am wondering if this is an already solved use-case or do I need to parse the package.json file and compare it to a "npm ls" output myself?

you will need to setup a local repository (by duplicating the NPM couchdb localy)
( see https://stackoverflow.com/a/7577265/406458)
then you could use npm-check-updates.
npm-check-updates will give you a list of packages that can be updated in your package.json file see
https://www.npmjs.org/package/npm-check-updates
$ npm-check-updates
"connect" can be updated from 2.8.x to 2.11.x (Installed: 2.8.8,
Latest: 2.11.0) "commander" can be updated from 1.3.x to 2.0.x
(Installed: 1.3.2, Latest: 2.0.0)
Run 'npm-check-updates -u' to upgrade your package.json automatically
Check global npm packages for updates:
$ npm-check-updates -u