npm and package

1. Package

   Third-party modules in Node.js are also called packages (just by a different name). Packages are encapsulated based on built-in modules, providing a more advanced and convenient API, which greatly improves development efficiency.

   
   

   Source of packages: Packages are developed by third-party individuals or teams and are free for everyone to use. Packages in Node.js are free and open source. The download site for packages is npm, which is the largest package sharing platform in the world. The server address of npm is http://registry.npmjs.org/ , which cannot be opened directly but can be downloaded using tools.

   
   

   The name of this package management tool is Node Package Manager, or npm package management tool for short. This package management tool is installed on the user’s computer along with the Node.js installation package. You can run the npm -v command in the terminal to check the version number.

   
   

2. Install the package in the project

   npm install the full name of the package: Install the package (latest version) in the project. When executed, the package name and version number will be recorded in package.json.

   npm i package full name : Installed package, shorthand.

   For the usage of the package, you can go to npmjs to search for the package name and find Documentation, which is the documentation.

   
   

   If you want to find a package, generally do not search directly on npm, but Google search package name + npm. After finding it, click in to see if the README is detailed, which represents the user’s experience. Then go to the code repository on GitHub to see how many stars (<1000 means not popular), and issues. Looking at issues can see whether developers reply and provide solutions, which is very important for niche packages. Also look at Pull requests to see when was the last merge. An active package may have a merge every one or two months. If it has not been updated for a long time (and there is no special statement in the README), it means it is not active. Try not to select this package. In addition, it is best to create a new project and try the package before installing the package to verify the results.

   
   

   @ symbol: install the specified version of the package. For example npm i moment@2.22.2 . If you have already installed other versions of the package and want to reinstall it, you do not need to uninstall the original version package, but directly execute the new command.

   Semantic version specification for packages: the first digit is the major version, the second digit is the feature version, and the third digit is the bugfix version. The rule of version number promotion is that as long as the previous version number increases, the latter version number will be zeroed.

   
   

3. After initial packaging: node_modules and package-lock.json

   After the first package, there is an additional folder called node_modules and a configuration file of package-lock.json under the project folder.

   
   

   node_modules folder is used to store all packages that have been installed into the project. When require() imports a third-party package, it looks for and loads the package from this directory.

   
   

   package-lock.json configuration file is used to record the download information of each package in the node_modules directory, such as package Name, version number, download address. This file can record the version number of each package when you install the package (such as installing express), and lock it. Reinstalling the package in the future, and the package-lock.json file exists, will be installed according to the version in package-lock.json.

   
   

   Note: Do not manually modify any code in node_modules and package-lock.json, the npm package management tool will automatically maintain it. If you want to manually change the version, just use @ to follow the corresponding version package.

   If the package-lock.json file is deleted, the original file cannot be restored. You can only use npm install to regenerate the package-lock.json of the current package version.

   
   

4. Package management configuration file: package.json

   npm stipulates that in the project root directory, a package management configuration file called package.json must be provided to record configuration information related to the project:

   • Project’s name, version number, description, etc.

   • Which packages are used in the project

   • which packages will only be used during development

   • Which packages are needed for development and deployment

   
   

   The problem of multi-person collaboration

   The third-party package is too large. For example, the entire project volume is 30.4M, the third-party package is 28.8M, and the project source code volume is 1.6M. This makes it difficult to share project source code among team members.

   Solution: We only upload the source code (1.6M) when we share, and remove node-modules (the removal method is to write node_modules/ in the .gitIgnore file), others from the Internet Download third-party packages. But how do we let others know which third-party packages we use?

   Record the packages in the project: The package.json configuration file is used to record which packages are installed by the project. After removing node-modules in this way, the project source code can be shared among team members.

   Note: During project development, be sure to add the node_modules folder to the .gitignore ignore file.

   
   

   Quickly create package.json

   npm init -y Create a new package.json file in the directory where the command is executed. After creating a new project folder, the first thing to do is to execute this command first, and it only needs to be executed once during project development.

   Note that the above command can only be successfully run in the English directory, so Chinese and spaces should not appear in the project folder. npm install full name of package The package name and version number will be recorded in package.json when the installation command is executed.

   Without npm init, there is no package.json file, but there are still node-modules and package-lock.json files. This results in failure to log installed packages.

   
   

   package.json and package-lock.json

   If there is no package-lock.json, npm will install according to the package version in package.json; if there is package-lock.json, it will be installed according to the version of package-lock.json.

   
   

   Package-lock.json file change problem

   After manual modification of package-lock.json, if a new package is installed without saving, it will cause an error to be reported because it cannot be saved. The solution is to simply close the file window (without saving it) and reopen it. The new package installed after opening will exist, and manual changes will be rolled back, just rewrite. Another solution is to force-save (with the current version) and reinstall the new package.

   
   

5. dependencies node

   The dependencies node is created in the package.json file after running the npm install package_full_name command. It is used to record which packages are installed using the npm install package_full_name command.

   
   

6. Install all packages at once

   When we get a project with node_modules removed, we need to download all the packages to the project before we can run the project, otherwise the following error will be reported:

   Error: Cannot find module 'moment'

   You can run npm install (shortened to npm i) to install all dependencies at once.

   
   

7. Uninstall package, update package

   npm uninstall package full name This command can uninstall the specified package. There is no shorthand for this command. After successful uninstallation with this command, the uninstalled package will be removed from dependencies in package.json.

   npm outdated can count the version of the package you use and the latest version of the package. Not commonly used, you can look at it before updating.

   npm update updates the package based on the Wanted version. uncommonly used.

   
   

8. devDependencies node

   If some packages are only used during the development phase of the project and will not be used after the project is launched, it is recommended to record these packages in the devDependencies node. Correspondingly, if some packages need to be used after development and project launch, it is recommended to record these packages in the dependencies node.

   The npm install packagename --save-dev command can log packages to the devDependencies node. is abbreviated as npm i package name -D .

   
   

9. npx

   Packages that previously needed to be installed globally, such as nodemon and creat-react-app, need to be installed globally: npm -i -g package_name . But many times we don’t want the package to be installed globally, you can use npx instead. npx will follow the package, then cache it, and delete it after a period of time. This way the package will not be resident in the computer. (nor in package.json)

   Benefit: No need to occupy memory space, and no need to manually update, always the latest version.

   
   

10. Global installation and computer replacement problems

    Global installation is generally used when you want to use the package from the command line. Global installation will not be recorded in the dependency, so it cannot be installed automatically when changing computers. Global installs are best replaced with npx.

    
    

11. Script usage in npm

    scripts is an object in package.json. Equivalent to a shortcut, that is, to create a new name for the command line command.

    "script": {
         "start": "nodemon index.js" //"short name": "long command"
    },

    To run a custom command line command, the standard format is npm run custom command.