Why does npm update do more, after running npm install first? - npm

I just discovered that npm install is not enough to correctly get a new project into shape based on the package.json of an existing one.
I copied the package.json and did npm install and was suprised to find that the cloned project did not work.
I diffed the node_modules directory and to my suprise there were packages in the source that were not in the clone.
Then I ran npm update and lo and behold more packages were added and the cloned project ran.
Why is that?

Related

Why is Npm modifying package-lock.json?

I’ve got the lock file under Git. After performing several Npm commands, the lock file gets modified - a bunch of new packages get added to it. The commands are:
npm config -g set ...
npm install -g ...
npm run test
That’s it. No new packages are added to the project, package.json is untouched. Why would the lock file change please?

npm doesn't uninstall packages

I've been trying to remove some packages that I installed with npm but it doesn't remove them. After running npm uninstall -g package the package is still executable in my terminal and it is still in the path where npm binaries are being installed.
Also, why is npm installing packages in ~/.local/share/npm/bin/ ? It's the first time that I've seem npm installing packages there. I had a problem a few weeks ago when installing some language servers but they weren't executable, turns out I had to add ~/.local/share/npm/bin to my $PATH because that's where npm was installing everything. And now npm doesn't remove any package installed there. I've already look into the npm config (npmrc) but I don't see any option changing the install path. The only environment variable related to npm that I have is to set the user config in ~/.config/npm instead of ~/.npmrc.
I have others machines with the exact same settings and npm it's not installing packages in ~/.local/share/npm/bin/ and I'm able to uninstall packages normally.
Does anyone knows whats wrong with npm ?
npm --version 7.8.0
my config:
cache=/home/user/.cache/npm
init-module=/home/user/.config/npm/config/npm-init.js
package-lock=false
tmp=/run/user/1000/npm
Okay I noticed that if I reinstalled the packages that I couldn't remove they went into a different folder /user/bin/ with the node_modules being in /user/lib/node_modules. Before it was in ~/.local/share/npm/lib. Now with the packages were they belong I can't remove them without issues. No idea why those packages were originally installed in a different path.

What is the meaning of package name before #git in package-lock.json

When I try to run npm install, I got an error:
Could not install from "node_modules/eth-sig-util/ethereumjs-abi#git+https:/github.com/ethereumjs/ethereumjs-abi.git" as it does not contain a package.json file.
So I went to check the diff for package-lock.json, and noticed npm somehow modified
"ethereumjs-abi": "git+https://github.com/ethereumjs/ethereumjs-abi.git",
into
"ethereumjs-abi": "ethereumjs-abi#git+https://github.com/ethereumjs/ethereumjs-abi.git",
which breaks the npm install, so I'm wondering what is the meaning of placing package name before #git and why it breaks the install process.
It works after I delete the ethereumjs-abi# prefix, but it shows up after I run npm install and breaks again...
Thanks in advance!
A #git use to install the package from the git repo.
like: you fork package git repo into your Git account and you change some part of the package now you want to that install that changed package in project you can use #git+'git repo URL of your changed repo'.
here ethereumjs-abi package install from the https://github.com/ethereumjs/ethereumjs-abi.git" git repo:
"ethereumjs-abi": "git+https://github.com/ethereumjs/ethereumjs-abi.git",

npm install doesn't apply what is in package-lock.json?

I have Node v10.22.0, npm 6.14.6, on MacOS Catalina.
I start from a git repo that contains a package-lock.json that specifies #truffle dependencies and no node_modules folder, no package.json. After I cloned the repo, I run npm install to install dependencies. The npm doc says
If the package has a package-lock ..., the installation of
dependencies will be driven by that
Surprisingly it actually installs 8 packages that have nothing to do with my project: d, es5-ext, es6-iterator, es6-symbol, ext, next-tick, type AND it overwrites package-lock.json with a new one containing dependencies on these 8 packages.
If I overwrite package-lock.json and launch npm install, it redoes the same trick.
Questions:
what is happening?
how can I make npm install populate node_modules correctly?
Use npm ci to install dependencies based on your lock file. Check this answer for more details about this command, it has the answer to your questions.

npm install only if package missing or out-of-date compared to package.json

I want to be able to compare my locally installed packages against my project package.json file without making a call against the npm online repo. If there is a package that is out of date based on the package.json file, then and only then will it go to the npm online repo and install the package.
The reason for this is that I want to be able to update the package.json file to require a newer version of a package, commit this change to the project repo and when other developers on the team get latest their npm package is updated. I do not want to slow down the process if everything is up-to-date or cause the build to fail if access to the npm repo or the internet is down.
I am wondering if this is an already solved use-case or do I need to parse the package.json file and compare it to a "npm ls" output myself?
you will need to setup a local repository (by duplicating the NPM couchdb localy)
( see https://stackoverflow.com/a/7577265/406458)
then you could use npm-check-updates.
npm-check-updates will give you a list of packages that can be updated in your package.json file see
https://www.npmjs.org/package/npm-check-updates
$ npm-check-updates
"connect" can be updated from 2.8.x to 2.11.x (Installed: 2.8.8,
Latest: 2.11.0) "commander" can be updated from 1.3.x to 2.0.x
(Installed: 1.3.2, Latest: 2.0.0)
Run 'npm-check-updates -u' to upgrade your package.json automatically
Check global npm packages for updates:
$ npm-check-updates -u