install npm package dependency via nexus - npm

So here is the problem
I installed systemjs from the online npm repo to a new empty project which was fine. I then republished this to an internal nexus repository which appeared to work.
However when I tried to install the systemjs repository from our nexus directory, the 'when.js' package was installed within the same node_module level as the systemjs package i.e. myproject->node_modules->when ? Not within myproject->node_modules->systemjs->node_modules->when ?
Can you tell me what I need to do to ensure that the systemjs dependancies are installed within myproject->node_modules->systemjs->node_modules->XXX and NOT myproject->node_modules->XXX ?

Since npm v3 the dependency tree is kept as flat as possible to avoid duplication and overly deep directory structures. That results in placing the dependencies at the same level as the module that required them, unless there already exists another version of the dependency in which case it is installed nested. See the npm documentation for details.
In most cases you shouldn't have to worry about the structure of your node_modules directory. If you absolutely need to have all the dependencies nested, the only way currently seems to be downgrading npm to v2.

Related

How does the NPM cache and node_modules folder work hand in hand?

I am trying to demystify this NPM behavior. I have a custom library which I create for an Angular Project. The library is copied directly to the Node modules directory in my Angular Folder to test any new functionalities that I add on whatever project is using it. However, I notice the older version of the library is being used by the project.
I wonder whether this is due to the NPM Cache.
So my question is, how does the NPM cache and Node_Modules folder work hand in hand?
I can't directly answer as to how the cache relates to node_modules, but I can say that your package-lock.json file is likely the culprit behind your outdated packages. Try running npm update. If that doesn't work, try deleting your package-lock.json file and running npm install.
If that also doesn't work, make sure you have the correct version specified for your library in your project's package.json file. latest will grab the latest release available, ^1.0.0 will grab the latest minor and patch releases, ~1.0.0 will grab only the latest patch releases, and 1.0.0 will only grab that exact version.

Fork and install Create React App without publishing on NPM

I would like to fork Facebook's Create React Repo and use it as a dependency instead of their own react-scripts. All tutorials on the subject publish the forked repo to NPM to install via the normal way.
However, my client would prefer to not do that as both the forked Create React App and my React App repositories are hosted in the same Azure workspace.
I know CRA is a monorepo and uses Lerna. Does that make it possible?
You could upload the package to a online git repository like GitHub. It can even be private if you want. The command to install it would then be: npm install --save-dev github:username/repo-name
If you're gonna make the repo private then you need to have SSH keys setup on GitHub and on all machines on which you will be installing the dependency on.
You could also install the dependency as a path if it's on the same file system but I have bad experiences with that so I don't recommend it.
I've personally done that at a previous organisation. We copied any package that we forked, when heavy changes were necessary, inside our monorepo. Lerna (or yarn, or what ever) takes care of the rest.
If you have a lerna monorepo, you'd take the content of https://github.com/facebook/create-react-app/tree/master/packages/react-scripts into your monorepo, in say: packages/custom-react-scripts and change the name of the copied package in the package.json
If you'd like to rename react-scripts binary into custom-react-scripts you could do that as well via the "bin" configuration inside the copied package.json
All the renaming steps are of course optional, but it helps to know that you're not using the official tool.

Install npm packages in Titanium

According to the docs, Titanium now has support to install npm packages: http://docs.appcelerator.com/platform/latest/#!/guide/Node.js_Support
However, upon reading it, I am very confused as to where to actually put my node_modules directory. There is some mention in the docs about a Resources directory, however, for Alloy this is supposed to be left empty, as it is frequently overwritten by the compiler.
So my question is, where do I put my node_modules and how do I reference it.
In Alloy project you are supposed to run npm install inside the app folder. But according to this bug JIRA Ticket modules that use core-modules won't work correctly. So you have to try if you module works.
Another explanation: https://stackoverflow.com/a/45041737/5193915
From experimentation, it seems like you can do npm install in the app/lib/ so your package are in app/lib/node_modules. This does NOT work on the app/ directory.
Note that if you use tishadow, you will also need to install the npm packages there as well in the Resources/ directory (as they still do not use the Alloy framework).

npm package.json dependencies - for a library component

Lets say I am working on a library that will be consumed by other developers. MyPackage has a dependency on moment. The developer that consumes my package also has a dependency on moment. So moment will exist as a "dependency" in both library package.json and application package.json (and thus get packaged twice). Is there a way to package it just once? If the consumer has it, use theirs, else use mine?
It's already happening by default on fresh installs if dependency ranges match.
npm v>=3 does gang the dependencies, depending on the installation order and depth, see here.
Also, if you kept working on the same folder for a while, there might be some cruft, which could be wiped using npm dedupe, see here.
In theory, moment should not be duplicated if both your library and developer's library are consuming the same version ranges of it. At least if npm dedupe is called or node_modules are wiped and npm i-nstalled.

NPM: Updating modules within modules

In my NodeJS projects I use of course some external modules, those modules relies on other packages. Some of the developer maintaining those modules are very slow at updating the modules they use in their own project. Even when the issue is regarding security.
Is it possible to bump up a NPM modules within a modules?
You can change the package.json file within those npm packages you wish to update the dependencies for, but really this isn't an ideal solution. Any time an npm install is performed you'll lose those changes. Best to, if possible, fork the Git repos for those packages and make the changes yourself.