npm v0.10–v7.2.0
This draft deletes the entire topic.
Examples
-
Introduction
Packages are a term used by npm to denote tools that developers can use for their projects. These include everything from libraries and frameworks such as jQuery and AngularJS to task runners such as Gulp.js. The packages will come in a folder typically called
node_modules, which will also contain apackage.jsonfile. This file will give information regarding the package including any dependencies, which are additional modules needed to use the package.Npm uses the command line to both install and manage packages, so users attempting to use npm should be familiar with basic commands on their operating system i.e.: traversing directories as well as being able to see the contents of directories.
How to install packages
To install one or more packages use the following. Note that this will install the package in the directory that the command line is currently in, thus it is important to check whether the appropriate directory has been chosen:
npm install <package-name> # or npm i <package-name>... # e.g. to install lodash and express npm install lodash expressIf you already have a
package.jsonfile in your current working directory and dependencies are defined in it, thennpm installwill automatically resolve and install all dependencies listed in the file. You can also use the shorthand version of thenpm installcommand which is:npm iIf you want to install a specific version of a package use:
npm install <name>@<version> # e.g. to install version 4.11.1 of the package lodash npm install [email protected]If you want to install a version which matches a specific version range use:
npm install <name>@<version range> # e.g. to install a version which matches "version >= 4.10.1" and "version < 4.11.1" # of the package lodash npm install lodash@">=4.10.1 <4.11.1"If you want to install the latest version use:
npm install <name>@latestThe above commands will search for packages in the central
npmrepository at npmjs.com. If you are not looking to install from thenpmregistry, other options are supported, such as:# packages distributed as a tarball npm install <tarball file> npm install <tarball url> # packages available locally npm install <local path> # packages available as a git repository npm install <git remote url> # packages available on GitHub npm install <username>/<repository> # packages from a specific repository npm install --registry=http://myreg.mycompany.com <package name> # packages from a related group of packages # See npm scope npm install @<scope>/<name>(@<version>) # Scoping is useful for separating private packages hosted on private registry from # public ones by setting registry for specific scope npm config set @mycompany:registry http://myreg.mycompany.com npm install @mycompany/<package name>Usually, modules will be installed locally in a folder named
node_modules, which can be found in your current working directory. This is the directoryrequire()will use to load modules in order to make them available to you.If you already created a
package.jsonfile, you can use the--save(shorthand-S) option or one of its variants to automatically add the installed package to yourpackage.jsonas a dependency. If someone else installs your package,npmwill automatically read dependencies from thepackage.jsonfile and install the listed versions. Note that you can still add and manage your dependencies by editing the file later, so it's usually a good idea to keep track of dependencies, for example using:npm install --save <name> # Install dependencies # or npm install -S <name> # shortcut version --save # or npm i -S <name>
Installing dependencies
Some modules do not only provide a library for you to use, but they also provide one or more binaries which are intended to be used via the command line. Although you can still install those packages locally, it is often preferred to install them globally so the command-line tools can be enabled. In that case,
npmwill automatically link the binaries to appropriate paths (e.g./usr/local/bin/<name>) so they can be used from the command line. To install a package globally, use:npm install --global <name> # or npm install -g <name> # or npm i -g <name> # e.g. to install the grunt command line tool npm install -g grunt-cliIf you want to see a list of all the installed packages and their associated versions in the current workspace, use:
npm list npm list <name>Adding an optional name argument can check the version of a specific package.
Note: If you run into permission issues while trying to install an npm module globally, resist the temptation to issue a
sudo npm install -g ...to overcome the issue. Granting third-party scripts to run on your system with elevated privileges is dangerous. The permission issue might mean that you have an issue with the waynpmitself was installed. If you're interested in installing Node in sandboxed user environments, you might want to try using nvm.If you have build tools, or other development-only dependencies (e.g. Grunt), you might not want to have them bundled with the application you deploy. If that's the case, you'll want to have it as a development dependency, which is listed in the
package.jsonunderdevDependencies. To install a package as a development-only dependency, use--save-dev(or-D).npm install --save-dev <name> // Install development dependencies which is not include in producation # or npm install -D <name>You will see that the package is then added to the
devDependenciesof yourpackage.json.To install dependencies of a downloaded/cloned node.js project, you can simply use
npm install # or npm inpm will automatically read the dependencies from
package.jsonand install them. -
To uninstall one or more locally installed packages, use:
npm uninstall <package name>The uninstall command for npm has five aliases that can also be used:
npm remove <package name> npm rm <package name> npm r <package name> npm unlink <package name> npm un <package name>If you would like to remove the package from the
package.jsonfile as part of the uninstallation, use the--saveflag (shorthand:-S):npm uninstall --save <package name> npm uninstall -S <package name>For a development dependency, use the
--save-devflag (shorthand:-D):npm uninstall --save-dev <package name> npm uninstall -D <package name>For an optional dependency, use the
--save-optionalflag (shorthand:-O):npm uninstall --save-optional <package name> npm uninstall -O <package name>For packages that are installed globally use the
--globalflag (shorthand:-g):npm uninstall -g <package name> -
-
Node.js package configurations are contained in a file called
package.jsonthat you can find at the root of each project. You can setup a brand new configuration file by calling:npm initThat will try to read the current working directory for Git repository information (if it exists) and environment variables to try and autocomplete some of the placeholder values for you. Otherwise, it will provide an input dialog for the basic options.
If you'd like to create a
package.jsonwith default values use:npm init --yes # or npm init -yIf you're creating a
package.jsonfor a project that you are not going to be publishing as an npm package (i.e. solely for the purpose of rounding up your dependencies), you can convey this intent in yourpackage.jsonfile:- Optionally set the
privateproperty to true to prevent accidental publishing. - Optionally set the
licenseproperty to "UNLICENSED" to deny others the right to use your package.
To install a package and automatically save it to your
package.json, use:npm install --save <package>The package and associated metadata (such as the package version) will appear in your dependencies. If you save if as a development dependency (using
--save-dev), the package will instead appear in yourdevDependencies.With this bare-bones
package.json, you will encounter warning messages when installing or upgrading packages, telling you that you are missing a description and the repository field. While it is safe to ignore these messages, you can get rid of them by opening the package.json in any text editor and adding the following lines to the JSON object:[...] "description": "No description", "repository": { "private": true }, [...] - Optionally set the
-
You may define scripts in your
package.json, for example:{ "name": "your-package", "version": "1.0.0", "description": "", "main": "index.js", "author": "", "license": "ISC", "dependencies": {}, "devDependencies": {}, "scripts": { "echo": "echo hello!" } }To run the
echoscript, runnpm run echofrom the command line. Arbitrary scripts, such asechoabove, have to be be run withnpm run <script name>. npm also has a number of official scripts that it runs at certain stages of the package's life (likepreinstall). See here for the entire overview of how npm handles script fields.npm scripts are used most often for things like starting a server, building the project, and running tests. Here's a more realistic example:
"scripts": { "test": "mocha tests", "start": "pm2 start index.js" }In the
scriptsentries, command-line programs likemochawill work when installed either globally or locally. If the command-line entry does not exist in the system PATH, npm will also check your locally installed packages.If your scripts become very long, they can be split into parts, like this:
"scripts": { "very-complex-command": "npm run chain-1 && npm run chain-2", "chain-1": "webpack", "chain-2": "node app.js" } -
Before publishing a package you have to version it. npm supports semantic versioning, this means there are patch, minor and major releases.
For example, if your package starts at version 1.0.0 to change version you have to:
- patch release:
npm version patch=> 1.0.1 - minor release:
npm version minor=> 1.1.0 - major release:
npm version major=> 2.0.0
You can also specify a version directly with:
npm version 3.1.4=> 3.1.4When you set a package version using one of the npm commands above, npm will modify the version field of the package.json file, commit it, and also create a new Git tag with the version prefixed with a "v", as if you've issued the command:
git tag v3.1.4Unlike other package managers like Bower, the npm registry doesn't rely on Git tags being created for every version. But, if you like using tags, you should remember to push the newly created tag after bumping the package version:
git push origin master(to push the change to package.json)git push origin v3.1.4(to push the new tag)Or you can do this in one swoop with:
git push origin master --tags - patch release:
-
First, make sure that you have configured your package (as said in Setting up a package configuration​). Then, you have to be logged in to npmjs.
If you already have a npm user
npm loginIf you don't have a user
npm adduserTo check that your user is registered in the current client
npm config lsAfter that, when your package is ready to be published use
npm publishAnd you are done.
If you need to publish a new version, ensure that you update your package version, as stated in Basic semantic versioning. Otherwise,
npmwill not let you publish the package.{ name: "package-name", version: "1.0.4" } -
To generate a list (tree view) of currently installed packages, use
npm listls, la and ll are aliases of list command. la and ll commands shows extended information like description and repository.
Options
The response format can be changed by passing options.
npm list --json- json - Shows information in json format
- long - Shows extended information
- parseable - Shows parseable list instead of tree
- global - Shows globally installed packages
- depth - Maximum display depth of dependency tree
- dev/development - Shows devDependencies
- prod/production - Shows dependencies
If you want, you can also go to the package's home page.
npm home <package name> -
To remove extraneous packages (packages that are installed but not in dependency list) run the following command:
npm pruneTo remove all
devpackages add--productionflag:npm prune --production -
# Set the repository for the scope "myscope" npm config set @myscope:registry http://registry.corporation.com # Login at a repository and associate it with the scope "myscope" npm adduser --registry=http://registry.corporation.com --scope=@myscope # Install a package "mylib" from the scope "myscope" npm install @myscope/mylibIf the name of your own package starts with
@myscopeand the scope "myscope" is associated with a different repository,npm publishwill upload your package to that repository instead.You can also persist these settings in a
.npmrcfile:@myscope:registry=http://registry.corporation.com //registry.corporation.com/:_authToken=xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxThis is useful when automating the build on a CI server f.e.
-
Building project dependencies can sometimes be a tedious task. Instead of publishing a package version to NPM and installing the dependency to test the changes, use
npm link.npm linkcreates a symlink so the latest code can be tested in a local environment. This makes testing global tools and project dependencies easier by allowing the latest code run before making a published version.Help text
NAME npm-link - Symlink a package folder SYNOPSIS npm link (in package dir) npm link [<@scope>/]<pkg>[@<version>] alias: npm lnSteps for linking project dependencies
When creating the dependency link, note that the package name is what is going to be referenced in the parent project.
- CD into a dependency directory (ex:
cd ../my-dep) npm link- CD into the project that is going to use the dependency
npm link my-depor if namespacednpm link @namespace/my-dep
Steps for linking a global tool
- CD into the project directory (ex:
cd eslint-watch) npm link- Use the tool
esw --quiet
Problems that may arise
Linking projects can sometimes cause issues if the dependency or global tool is already installed.
npm uninstall (-g) <pkg>and then runningnpm linknormally resolves any issues that may arise. - CD into a dependency directory (ex:
-
By default, npm installs the latest available version of modules according to each dependencies' semantic version. This can be problematic if a module author doesn't adhere to semver and introduces breaking changes in a module update, for example.
To lock down each dependencies' version (and the versions of their dependencies, etc) to the specific version installed locally in the
node_modulesfolder, usenpm shrinkwrapThis will then create a
npm-shrinkwrap.jsonalongside yourpackage.jsonwhich lists the specific versions of dependancies. -
You can use
npm install -gto install a package "globally." This is typically done to install an executable that you can add to your path to run. For example:npm install -g gulp-cliIf you update your path, you can call
gulpdirectly.On many OSes,
npm install -gwill attempt to write to a directory that your user may not be able to write to such as/usr/bin. You should not usesudo npm installin this case since there is a possible security risk of running arbitrary scripts withsudoand the root user may create directories in your home that you cannot write to which makes future installations more difficult.You can tell
npmwhere to install global modules to via your configuration file,~/.npmrc. This is called theprefixwhich you can view withnpm prefix.prefix=~/.npm-global-modulesThis will use the prefix whenever you run
npm install -g. You can also usenpm install --prefix ~/.npm-global-modulesto set the prefix when you install. If the prefix is the same as your configuration, you don't need to use-g.In order to use the globally installed module, it needs to be on your path:
export PATH=$PATH:~/.npm-global-modules/binNow when you run
npm install -g gulp-cliyou will be able to usegulp.Note: When you
npm install(without-g) the prefix will be the directory withpackage.jsonor the current directory if none is found in the hierarchy. This also creates a directorynode_modules/.binthat has the executables. If you want to use an executable that is specific to a project, it's not necessary to usenpm install -g. You can use the one innode_modules/.bin. -
Since npm itself is a Node.js module, it can be updated using itself.
npm install -g npm@latestIf you want to check for updated versions you can do:
npm outdatedIn order to update a specific package:
npm update <package name>This will update the package to the latest version according to the restrictions in package.json
In case you also want to lock the updated version in package.json:
npm update <package name> --save
Syntax
- npm <command> where <command> is one of:
- add-user
- adduser
- apihelp
- author
- bin
- bugs
- c
- cache
- completion
- config
- ddp
- dedupe
- deprecate
- docs
- edit
- explore
- faq
- find
- find-dupes
- get
- help
- help-search
- home
- i
- install
- info
- init
- isntall
- issues
- la
- link
- list
- ll
- ln
- login
- ls
- outdated
- owner
- pack
- prefix
- prune
- publish
- r
- rb
- rebuild
- remove
- repo
- restart
- rm
- root
- run-script
- s
- se
- search
- set
- show
- shrinkwrap
- star
- stars
- start
- stop
- submodule
- tag
- test
- tst
- un
- uninstall
- unlink
- unpublish
- unstar
- up
- update
- v
- version
- view
- whoami
Sign up or log in
Save edit as a guest
Join Stack Overflow
We recognize you from another Stack Exchange Network site!
Join and Save Draft