I'm working on shareable eslint configuration to spread automation and internal best-practices. So I'm adding some eslint plugins and tools as dependencies.
Context
Env
$ node --version;
v8.2.1
$ npm --version
5.3.0
Local package
To do so I created a local npm project, says eslint-config-company, with the following package.json:
{
"name": "eslint-config-company",
"version": "0.0.1",
"main": "index.js",
"dependencies": {
"eslint": "4.x.x",
"eslint-plugin-ember-suave": "1.x.x",
"eslint-plugin-prettier": "2.x.x",
"prettier": "1.x.x"
},
"files": [
"index.js"
],
"keywords": [
"eslint",
"eslintconfig"
],
"repository": "company/eslint-config-company",
"private": true
}
and files:
index.js package.json README.md yarn.lock
Installing
Then, I install my eslint-config-company package into a another project to test it:
npm install --save-dev --verbose ../eslint-config-company
In node_modules/ directory I got the eslint-config-company/ as a symlink:
$ ls node_modules/eslint-config-company -lah
lrwxrwxrwx 1 me me 29 Aug 17 22:02 node_modules/eslint-config-company -> ../../eslint-config-company/
but no trace of either prettier nor eslint-plugin-prettier
$ ls node_modules/{prettier,eslint-plugin-prettier}
ls: cannot access 'node_modules/prettier': No such file or directory
ls: cannot access 'node_modules/eslint-plugin-prettier': No such file or directory
N.B.: eslint and eslint-plugin-ember-suave are already dependencies of that project thus exists.
Question
Am I wrong assuming that my package's dependencies will install on npm install ?
How do I fix my package in order to install them?
related: issue on npm/npm
The eslint-config-company's dependencies are held in that module's node_modules folder - so it will be able to find the code it needs via the symlink (assuming npm install has been run on the eslint-config-company module folder).
When packaged up - the node_module folder is included as well, so it translates up to delivery time as well.
Create global module of your project eslint-config-company (in this module folder):
npm link
and links the global installation target in another project whit :
npm link eslint-config-company
source : https://docs.npmjs.com/cli/link
Related
Given an npm workspace with the following structure
workspace
package.json
packages
package-a
package.json
package-b
package.json
When I run an install command in package-a this will generate a package-lock.json file in the root of the workspace but not in the package.json file itself.
Is there a way to also generate it in the packages?
I don't know if this solves your problem, but you can specifie the folder in which you would install with --prefix
npm install --prefix ./install/here
you can use the lerna tool to manage your workspace and install dependencies in each package. you can generate package-lock.json files in each package in your workspace.
The Original Tool for JavaScript Monorepos. Monorepo means a repository with multiple packages.
lerna.js.org
I hope this answer will show you the right direction.
In most cases, running npm install within that package directory should do the job. But as you said that this is creating a global package-lock.json. This might be because the package you are installing might be specifying the global path using the prefix field.
The "prefix" field, specifies the location where the package's dependencies should be installed.
So one thing you can do is to go to the package.json in package-a and then either remove the prefix field from the package.json file OR set its value as following :
{
"name": "my-package",
"version": "1.0.0",
"prefix": "./",
"dependencies": {
...
}
}
Now when you run npm install it should install the packages locally and make a local 'package-lock.json`.
I'm ok with local dependencies that packages install. But now I have a huge concerns about if a local installed package can install other global packages as dependencies.
as example:
npm install nunjucks
npm install sqlite
or
npm install botkit
It is not possible to mark a dependency as global in package.json, so that it is installed system-wide when you run npm i.
Here's an old comment by Isaac Schlueter stating that this will never be implemented.
Hooowever, it would be really simple to write a preinstall script to install arbitary dependencies globally.
{
"name": "Project",
"version": "1.0.0",
"description": "Preinstall script to install global deps",
"main": "index.js",
"scripts": {
"preinstall": "node -e \"const {execSync} = require('child_process'); JSON.parse(fs.readFileSync('package.json')).globalDependencies.forEach(globalDep => execSync('npm i -g ' + globalDep));\""
},
"dependencies": {
"react": "16.13.1"
},
"globalDependencies": [
"lodash"
],
"license": "ISC"
}
Copy this code into a package.json file in a folder on your PC. Then, in the folder run npm i. It will install React locally (in a node_modules folder) and it will install lodash globally.
You can verify this using: npm i ls -g --depth=0.
Reference: Install dependencies globally and locally using package.json
As to your question:
Can npm -i (local) install a global package without me knowing it?
It's not entirely silent. When running npm i for the above package.json file, you would see the following output:
> Project#1.0.0 preinstall /home/jim/Desktop/Project
> node -e "const {execSync} = require('child_process'); JSON.parse(fs.readFileSync('package.json')).globalDependencies.forEach(globalDep => execSync('npm i -g ' + globalDep));"
npm WARN Project#1.0.0 No repository field.
audited 6 packages in 1.113s
found 0 vulnerabilities
But whether you would catch this when running npm i on a large project is debatable.
I have a main package.json for my project. I also have a component within my project which I'm publishing to NPM, so that requires its own package.json.
package.json
index.html
-folder
--component-folder
---package.json
Both package.json files define dependancies. At the moment I have to run npm install from both my project root and from component-folder. Is there a way of making it install dependancies for both when its only run from the project root?
Try using subpackage:
{
"name": "my-awesome-project",
"version": "2.5.1",
"subPackages": [
"packages/sub-package-1",
"packages/sub-package-2"
]
}
https://www.npmjs.com/package/subpackage
I'm setting up a project in Visual Studio based on AngularJS and Typescript and it's a bit discouraging that I have to deal with yet another package manager as soon as I need to install dependencies.
The issue I have is that package managers require files containing dependencies to be located in a particular place.
Let's take npm for example.
I place packages.json at ./SolutionDirectory/MyApp.Web/
But when I run npm install, I just get ENOENT: No such file or directory. because cwd is ./SolutionDirectory
It works fine if I'm doing cd ./SolutionDirectory/MyApp.Web and run npm install after that.
For bower I was able to handle similar issue by just passing additional arguments like:
bower install --config.cwd=./SolutionDirectory/MyApp.Web/app/lib --config.directory=vendor
This command just gets bower.json from ./SolutionDirectory/MyApp.Web/app/lib and installs packages to ./SolutionDirectory/MyApp.Web/app/lib/vendor
Is there a way to have same thing to pass packages.json location to npm before it installs?
Is there a way to pass typings.json location to typings before it installs? to pass target directory location for typings installed?
Is the same doable for Nuget?
For npm:
npm install <folder>
<folder> is the path to the folder which contains the package.json file.
For typings:
typings install [<name>=]<location>
<location> is the path to the typings.json
For NuGet:
nuget install packageId|pathToPackagesConfig [options]
pathToPackagesConfig is the path to the packages.config file.
So, to answer the question, yes it's possible to specify a path to the config file's location for all of these package managers.
Is there a way to have same thing to pass packages.json location to npm before it installs?
No, there isn't. Currently there is no way to overwrite cwd value in npm. You should move directory and run it:
`$ cd SolutionDirectory/MyApp.Web/ && npm install`
Here is the similar discussion to this: https://github.com/npm/npm/pull/10958
Is there a way to pass typings.json location to typings before it installs? to pass target directory location for typings installed?
Technically yes, but I guess you'd like to just do typings install with typings.json. How about to put typings.json to the same path with package.json and use npm lifecycle script?
$ ls
package.json typings.json
$ cat package.json
{
"name": "name",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"postinstall": "typings install"
},
"keywords": [],
"author": "",
"license": "ISC",
"devDependencies": {
"typings": "^0.7.12"
}
}
$ npm install
=> after npm install, typings install will start with typings.json
Is the same doable for Nuget?
Nuget is also package manager, so it should has similar features, like nuget mirror command can be npm config set registry and nuget locales can be npm cache I guess. Technically it's a different software, but I think understanding about both softwares is good way to know the concept and summary of each others.
I have a directory structure with a Build and a Source Folder.
Alls things Grunt, npm, bower and composer live in the Build Folder, All sources live in the Source Folder and all Things Project (i.e. README.md) live in the root of the project.
- myProject
+ Build
Gruntfile.js
bower.json
package.json
...
+ Source
+ vendor
+ src
...
README.md
composer.json
So now if i run npm install in the build Folder, npm claims my Project is missing a README, which is not true.
Also i am simply using the package.json to install npm dependencies for grunt. My project is not a npm project.
Can i somehow tell npm that it is not run in the root of the project?
Or can i tell npm that my project is not a npm project?
You have two options here:
If you have no intention to publish this package to npm then you can set private to true as described here
You can set the location of readme with the readme property as seen below:
{
"name": "app_name",
"version": "0.0.1",
"author": "your name here",
"description": "A descriptive description",
"license": "MIT",
"readme": "../README.md"
}
As far as I can tell, there's no validation on the readme property but it will squelch the warning.