Replicating `npm pack` behavior - npm

I am trying to replicate the behavior of npm pack because it has a limitation where it does not write to stdout, it can only write to a local file (see this issue: https://github.com/npm/npm/issues/12039)
Now, I can tar the current directory and write to stdout like so:
tar --exclude='./node_modules/' -cv . | gzip > archive.tar.gz
however, when you extract npm pack tarballs, all the contents of a your package should be in a directory called 'package'.
So my question is - how can I tarball the current directory, but put the current directory inside a directory called 'package' before it gets archived?
Is there some tar -flag that lets you do that?

I did some legwork and as far as my testing goes, npm will accept a tarball with everything in the root, or everything in a subdirectory called 'package'.
To test the above theory, you can tar a NPM project directory with:
tar --exclude='node_modules' -c . > archive.tar
then install it somewhere else with
npm install /path/to/archive.tar
you can't install in the same project though, NPM will complain about circular deps, so install it in another project.

Related

Where can I find a list of all npm flags / tags / options?

I am looking for the meaning of the flag --u as in "npm run test --u" but I don't know where all the flags are documented.
Here are the bottom are some shorthands, but besides "gangster" and other cool ones, I couldn't find --u
https://github.com/npm/npmconf/blob/master/config-defs.js#L405
"npm run test --u" ("--u") belongs to jest flag --updateSnapshot. If you run npm run test help or npm test help you will get all the flags of jest.
Inorder to get npm flags list or npm commands you can run this command npm -l
Here are the list of other npm flags that you might need:
-u or --update: Updates the packages installed in you current working directory
-g or --global: Installs the package globally rather than in your local working directory.
-v or --version: Displays the version of npm.
-h or --help: Displays help information for the npm command.
-l or --long: Shows extended information for the installed packages.
-j or --json: Outputs the npm registry data in json format.
-S or --save: Saves the package as a dependency in your package.json file. As of npm version 5, you might not need this anymore as packages will be saved by default into the package.json file
-D or --save-dev: Saves the package as a dev-dependency in the package.json file.
-O or --save-optional: Saves the package as an optional dependency in the package.json file.
-E or --save-exact: Saves the package at the exact version specified in the package.json file.
-P or --save-prod: Saves the package as a production dependency in the package.json file.
-B or --save-bundle: Saves the package as a bundled dependency in the package.json file.

Can I re-create node_modules from package-lock.json?

I cloned a repository from github which has a package-lock.json (but no package.json). Then in a git bash terminal I go to the directory and run npm install but I just get a message saying there is no package.json and then everything in package-lock.json gets deleted so it's basically empty except for the project name and version.
I thought running npm install with a package-lock.json in the directory was enough to re-create node_modules, but am I seriously misunderstanding how this works? By the way I have node 8.12.0 and npm 6.4.1 and am running on Windows 10. Also, I think the package-lock.json was created on a unix system so could there be problems when using package-lock.json on a different OS?
I already tried running npm init just to get a package.json file and then running npm install but that still didn't get me a node_modules folder.
Starting from Mar 5, 2018, you can run npm ci to install packages from package-lock.json.
npm ci bypasses a package’s package.json to install modules from a
package’s lockfile.
https://blog.npmjs.org/post/171556855892/introducing-npm-ci-for-faster-more-reliable
package-lock.json records the exact version and url of packages need to install, thus you can use npm to install them accordingly:
npm can install from urls that point to tarballs
--no-package-lock option to tell npm to not touch package-lock.json file
For example, to install all packages in package-lock.json:
cat package-lock.json | jq '.dependencies[].resolved' | xargs npm i --no-package-lock
jq is a command line tool to pares jq, you can write a simple JavaScript script to parse it instead (if you do not want to install jq or learn jq's query syntax).
AFAIK, the package-lock.json file relies on the presence of a package.json file, so you'll not be able to recreate your node_modules folder from the package-lock.json file alone (happy to be proved wrong here).
Therefore, your best bet is to (mis)use a module like auto-install that is capable of generating the package.json file based on a project's dependencies, as they appear in the files.
Install it globally (npm install -g auto-install), then you'll need to generate an empty package.json file for it to run (use npm init -y in your project root). Kick things off with the command auto-install and it should add the dependencies to the package.json file.
HTH

Forking and changing an NPM package

I have been using an NPM for angular-4 which support drag and drop objects (ng2-drag-drop). I found a missing functionality and decide to add it to the package.
What I did is forking the original project and adding my changes. after commit/push to my git I then used the following command to install my NPM :
npm install https://github.com/..... --save
the NPM installed successfully however when looking in my node_modules I see that the source files are missing and I have only the root directory including the package.json and some other files . any source files are missing.
I then tried to instal the NPM directly from the author git so instead of running :
npm install ng2-drag-drop --save
I used
npm install https://github.com/ObaidUrRehman/ng2-drag-drop.git --save
and I had the same issue with my fork.
Why the installation is different between the author git and the named package ? isn't it taking the files from the same location ? if no, what should I do to make it work ?
The reason you are not able to see the src folder is
If you see the git repo you will find two files
gitignore & npmignore.
In that npm ignore file you will find the src has been ignored to be prevent it from being added to the package when running npm commands .
Keeping files out of your package
Use a .npmignore file to keep stuff out of your package. If there's no
.npmignore file, but there is a .gitignore file, then npm will ignore
the stuff matched by the .gitignore file. If you want to include
something that is excluded by your .gitignore file, you can create an
empty .npmignore file to override it. Like git, npm looks for
.npmignore and .gitignore files in all subdirectories of your package,
not only the root directory.
You need to overwrite these settings to be able to get src contents in node modules when you do npm install

bower install command issuing EHTTP error

I am struggling with installing bower on my system - although there are a few bower install issue scenarios on here, none are a very good match.
In my scenario, I have an externally acquired folder full of source code for a complex software package - the .bowerrc file is located here, as well as a bower.json. As is the default, my .npmrc file is located C:\Users\USER.
I have appended code strict-ssl=false and registry=http://registry.npmjs.org/ into .npmjs, and left the npm cache and config specs in the user directory. I've also left my PATH user variable as C:\Users\USER\AppData\Roaming\npm.
I have so far run three commands successfully:
npm install -g ember-cli
npm install -g bower
npm install
The created files from these commands seem to get dumped into C:\Users\USER\AppData\Roaming\npm\node_modules, and then the final command below is only giving me an EHTTP error.
bower install
I can only think that this issue is only occurring because of the location of the various dependencies. I've been playing around a bit - the last thing I tried was changing the Path user variable so that it instead points to the folder directory with .bowerrc, but the npm installation then has trouble referencing .npmrc. I'd appreciate any ideas, because I might only be chasing my own tail here.
UPDATE
I think I was wasting my time messing about with directory locations. The problem seems to be that there is a legacy proxy inside the .bowerrc file.. now I just need to work out how to get rid of the proxy setting!

Download a package from npm as a tar (not installing it to a module)

Is there some URL from which I can download a given package from npm (as a tarball or something)? I need the exact files that were originally uploaded to npm.
Using npm install gets a different, generated package.json for example. I want the exact original set of files that was published.
You can use npm view to get the URL to the registry's tarball (in this example for the module level):
$ npm view level dist.tarball
And to download tarball, you can use npm pack:
$ npm pack level
Just run the command
npm view [package name] dist.tarball
It will return a tar url.
Running npm pack PACKAGE_NAME will download a tarball of any package on npm.
To extract it, just run tar -xzf DOWNLOADED_FILE.tgz
Example:
npm pack react
then extract:
tar -xzf react-16.6.3.tgz
If you need to get the tarball without having npm installed, you can fetch the package information using curl and use jq to get the right information from the JSON:
curl https://registry.npmjs.org/PACKAGE-NAME/ \
| jq '.versions[."dist-tags".latest].dist.tarball'
This is for instance useful if you're building a Docker container that requires one npm package, and don't want to install npm just for that.
Yes, you can npm install <git remote URL> to download the full repository into node_modules. This will be directly from the repository's host, rather than via npm, though. See the npm install docs for more information.