NPM - Deprecate check in Package.json - npm

Is there a way to directly check a package.jsob for deprecated dependencies instead of finding it out during npm install? I.e. Just check and dont install.
Thanks

There is a way to make some pre-npm-install checking with npm-check utility. Install it globally and it will give you some information like
$ npm-check
webpack 😟 MISSING! Not installed.
😎 MAJOR UP Major update available. https://github.com/webpack/webpack
npm install --save-dev webpack#3.5.6 to go from 2.7.0 to 3.5.6
Also you may try npm-check-updates utility. I guess it's more useful (and it works faster). It gives an information not only for major versions:
$ ncu -l verbose --packageFile package.json
webpack ^2.6.1 → ^3.5.6
express ^4.14.0 → ^4.15.4
I was able to use the second utility only with --packageFile option.
As you can see, it does not deal with npm deprecation explicitly, but may help in case you don't want to make npm install.

Related

How can resolve the NPM issue? Stuck with npm start error

The issue I have is that npm start cannot start. I tried to fix with audit, deleted node_dependency directory and re-installed with npm, nothing works.
One concrete issue I see is:
The react-scripts package provided by Create React App requires a dependency:
"webpack": "4.44.2"
Yet, I also see npm -v webpack -> 6.14.14. How do I need to debug this?
Your npm -v webpack command is not correct. it will return npm version and not the webpack version.
Try npm ls webpack . you can also check your package.json file for the packages you have. or run npm ls for the full list.
make sure to install the required dependency as it states.
Eventually I could not solve the package problem with an informed debugging.
What I did was to (npm install --global yarn) and start the application through it (yarn start). It worked a lot to download the packages and eventually started the application.
So, I guess I need to switch to yarn after this point, which is ok, as long as it works :)

Save peer dependencies in npm with a command

Is there a way to achieve that using npm ? Currently I do this manually, would be nice to use similar approach as with npm install --save
I found some old discussion and commits but it seems it didn't make it:
https://github.com/npm/npm/pull/3994
As far as I can tell, you can't. Just install it as a regular dependency (production or otherwise, just like the package requiring the peer dependency is installed as).
Even if you manually add the entry to peerDependencies an npm audit is going to fail to recognize the package and tell you to install it.
This kind of stinks, I'm a big fan of the separation of concerns, and keeping a list of modules that only exist so they can be absorbed by other modules is crummy.
But, it is what it is and so long as you leverage the npm commands afforded to you, I guess it's manageable.
Since 'I don't know what npm version' you can use npm i --save-peer package_name command. Works on npm 8.1.0

VS Code terminal fails to use npm version from nvm

I'm using nvm on my Terminal and successfully installed node 10.2.1, which also installed npm 6.1.0. However, when I go to my VS Code editor, it gives me warnings in the integrated terminal for:
npm WARN npm npm does not support Node.js v10.2.1
npm WARN npm You should probably upgrade to a newer version of node as we
npm WARN npm can't make any promises that npm will work with this version.
npm WARN npm Supported releases of Node.js are the latest release of 4,6, 7, 8, 9.
Turns out, it is actually using npm 5.5.1 (npm -v).
I check to see what's up with that and tried to dig further and eventually used: which npm on both integrated terminal and Mac's CLI.
Mac's Terminal shows:
/Users/Aiz/.nvm/versions/node/v10.2.1/bin/npm
VS Code's Terminal shows:
/usr/local/bin/npm. Which is interesting, because if you do which node in this terminal, it results in the appropriate /Users/Aiz/.nvm/versions/node/v10.2.1/bin/node.
I'm not sure how to get my VS Code terminal to point to the appropriate npm install through nvm. Not sure if it helps, but I checked npm get prefix and npm -g bin to find /Users/Aiz/.nvm/versions/node/v10.2.1. The only difference I'm finding is where each terminal is using npm from.
I ended up looking through VS Code issues on GitHub and came across something relevant to NVM and node issues. It fixed my issue since the underlying cause was the same.
Essentially what happened is that I had a global install of node before that I removed prior to using NVM but hadn't removed my global install of npm. This was causing conflicts in VS Code's terminal (not Mac's terminal). In order to fix this, you essentially have to find the symlink for which npm and remove the node_modules and npm associated recursively.
Here's the link you'll need: https://github.com/Microsoft/vscode-docs/blob/master/docs/editor/integrated-terminal.md#why-is-nvm-complaining-about-a-prefix-option-when-the-integrated-terminal-is-launched.
Don't forget to restart your editor after.
Another solution is to implement this. https://medium.com/#kinduff/automatic-version-switch-for-nvm-ff9e00ae67f3
Basically, nvm will check for a .nvmrc and switch or default each time you go to a new directory in shell.
It does have a dependency on zsh.
The fix for me on Ubuntu:
A.) sudo apt-get remove nodejs npm
B.) Removed lines in my .bashrc that added the npm package directory to the path.
C.) Restart VS Code.
I doubt step A is necessary. But B and C certainly are.

How Does npm --save Decide Which Version and SemVer Options?

If I type the following into my computer
$ echo '{}' > package.json
$ npm install pug --save
and then look at my package.json, I'll see that npm added a dependency for me.
#File: package.json
{
"dependencies": {
"pug": "^2.0.0-rc.1"
}
}
Sweet! However -- how does npm decide to grab version 2.0.0-rc.1? And how does npm decide to use the ^ SemVer version modifier?
As a user of npm can I configure or tell it to use a different SemVer modifier and/or download a different version? (both a specific version and/or something like "latest stable")
As an npm package maintainer, can I specify that npm's default behavior should be something other than "grab the latest version and slap a ^ on there"?
npm takes the latest tag publicly available and ^ is the default, you can use save-prefix to change it locally.
To a get specific version use #version after package name i.e. npm install pug#0.1.0.
Something like composer's minimum-stability doesn't exist in npm world.
As a maintainer, you can't do anything, except keeping SemVer and writeing good code :)
But at all package.json is just a JSON, you can simply modify them, without using any CLI commands and define whatever you need.

How do I force npm to reinstall a single package, even if the version number is the same?

In my Node.js project, I have a dependency on another local project. Oftentimes, I need to make a small change to the dependency and see how it affects my main project. In order to do this, I have to reinstall my dependency using npm.
I can use npm update to try to update my dependency, but this seems like it will only work if the version number has changed on the dependency. I don't want to have to change the version number on my dependency every time I change a line of code or two to make an experimental change in development.
I can rm -rf node_modules/; npm install to ensure that I get the latest versions of all of my dependencies. Downloading all of my non-local dependencies takes several minutes, breaking up my train of thought.
Is there a way to force npm to reinstall a single dependency, even if that dependency's version number hasn't changed?
When you run npm install, it will install any missing dependencies, so you can combine it with an uninstall like this:
npm uninstall some_module; npm install
With npm 5, uninstalled modules are removed from the package.json, so you should use:
npm uninstall some_module; npm install some_module
On npm v 6.14:
npm install module_name --force --no-save
You get a message stating:
npm WARN using --force I sure hope you know what you are doing.
And then it proceeds to uninstall and reinstall the package.
Note: if you don't specify the --no-save option, npm updates the package version on package.json to the highest version that is compatible with the existing SemVer rule.
If you do not want npm to update the package's version on package.json, keep the --no-save option.
Not the best answer, but just for information, you can run
npm ci
It is the same as npm install, but it will remove the existing node_modules folder, if any, and do a fresh install for all packages. This is useful if the files in node_modules have been changed for some reason and you want to revert them to their original state.