Ok so I have an npm project at my work that a bunch of us are working on. It has dependencies on 'lodash' and 'jquery'.
I do an >npm install, and it pulls down my deps. Then I bundle it.
That creates a 'package-lock.json' on my system.
Now another developer adds a new dependency on 'moment'.
He does a >npm install -S moment.
That adds it to his package.json, and he checks that in. We don't check in the package-lock.json.
Now I do a 'git pull' and get the new package.json.
Now I do >npm install, BUT because I have my own package-lock.json, it doesnt install 'moment' for me. So now I have to:
>rm package-lock.json
>npm install
And now I have 'moment'. Seems like this package-lock.json isn't really helping my workflow. Could I get an explanation of how this should work for developers on a day-to-day basis, if we are all developing on a common npm module?
First, according to npm documentation:
This file is intended to be committed into source repositories
so you should commit your initial package-lock.json after you've done npm install.
Another developer pulls your changes, including the lockfile.
Then he does npm -S moment, which makes updates to both package.json and package-lock.json. The developer pushes a commit with these changes.
Now you pull his changes and do npm install. It should install moment for you . Furthermore, you both should now have exactly the same version of moment and it's dependencies installed - even if between his and your installs minor version of some dependency was incremented.
Merge conflicts
It all gets messy when both of you have installed new dependencies in parallel and then have a conflict on package-lock.json. This may be a huge file and quite a pain to merge manually. I haven't seen documented any official way of dealing with it. There is even an open issue in npm repo to provide solution to resolving conflicts.
One user shares his workaround workflow in the issue thread there, which basically means: override your local changes with package.json and package-lock.json pulled from master, then apply all your npm install -S and npm remove -S commands again. This seems to be a reasonable solution until the issue is resolved by npm.
Related
So i'm looking at requirejs. I can either install this package with npm install requirejs, or download it manually from the website. What's the difference? Are there tradeoffs to either one? Is npm install just a fancier way of manually installing? Thanks.
imagine you have 10 libraries in package.json, and you want to install all of them at once, you can just do "npm i" and it will take care of all, in just ~10sec. compare this with installing those 10 lib manually, it is indeed a good friend, to help you ease the process of downloading lib for you in no time.
Yes, npm install is just a fancier way to add package that help saving your precious time.
Base on the description here: npm install.
If the package has a package-lock, or an npm shrinkwrap file, or a yarn lock file, the installation of dependencies will be driven by that
Install the dependencies in the local node_modules folder.
In global mode (ie, with -g or --global appended to the command), it installs the current package context (ie, the current working directory) as a global package.
By default, npm install will install all modules listed as dependencies in package.json.
With the --production flag (or when the NODE_ENV environment variable is set to production), npm will not install modules listed in devDependencies. To install all modules listed in both dependencies and devDependencies when NODE_ENV environment variable is set to production, you can use --production=false.
Without a package manager like npm or yarn, it could take you a lot of time just for installing stuff. And while you are developing with node js, you'd have ton of things to install.
Every modern programming language has it's own package manager, so why you ever need to manually install them?
In my project i'm using git and node_modules folder is obviously ignored. i was working branch1 and added some dependencies(e.g redux) and installed them via npm install. then i switched to branch2 which was created same time with branch1 and now it has some different dependencies than branch1. i used npm install again inorder to install those packages.
so here is what happened: when i came back to branch1 none of my already installed packages during working in branch1 were found. i expected that 'cause node_modules is ignored both of branches packages exist. i had to run npm install again although i installed them before.
so my question is what caused this? is it git doing sth? or npm does sth?
Here’s a hypothetical scenario that may help explain:
On branch 1 you install “A”. It gets saved to node_modules and you commit changes to the package.json and package-lock.json.
You checkout branch 2, causing your package.json and package-lock.json to no longer have “A” - although your node_modules are left untouched (gitignored), meaning “A” is still there.
You run npm install on branch 2, which uses your package.json and package-lock.json to update your node_modules per their specifications. Because they don’t have “A”, it gets removed from your node_modules.
You checkout branch 1, and again your node_modules are unaffected by this git checkout - this means you’ll need to run “npm install” again to get “A” back in node_modules.
Prior to publishing to NPM I need to bump the minor version. What I usually do is:
- Change package.json
- Run npm i which syncs package-lock.json with the change. Now both can be published.
Is there a way to do this with a single NPM command?
Use npm version.
For example, the following command
npm version 1.0.2
will bump both package.json and package-lock.json to 1.0.2
The following command
npm i -S <module>#<version>
installs the specific version of the given module.
-S or --save tells npm to save the reference of the module + version into both package.json and package-lock.json
It depends on the granularity of control you want to have. For example, if you just want to check for an update on an individual module you can run: npm update <pkg>. As this command will update your package.json file to save the newest version of this <pkg> as the now required version to build your project. Alternatively, you could run npm update to update all your project's top-level packages. Ok so those are the more general use cases but if you want a specific version of a package and you know the version of which you desire you can do the following: npm i --save <pkg>#<version> as this command will grab the package specified by your version number as well as update the package.json file to include this version of package as now being required to build your project. This will eliminate the need to first update the package.json file and then installing the newer version of said package, rather this will be condensed down to one step. Lastly, just for thoroughness the package-lock.json file is dynamically generated when you make important changes to your project, such as requiring new dependencies or updating existing dependencies. This file kind of serves as source of truth so others can build your project and have the same setup as you, for more information on this file take a look at the npm docs
Hopefully that helps!
Let's consider npm 5.3.0+.
Imagine I've just created package.json in empty directory and run npm i. Then I've edited package versions in package.json. At this point, package.json is inconsistent with package-lock.json.
Question: what happens if I run npm i again? Which file would be the source of truth? In npm docs I've found only a vague statement "Whenever you run npm install, npm generates or updates your package lock".
Same question for yarn.
I've got the similar problem while using yarn. Here are some ideas maybe helpful to you,
If yarn.lock is present and is enough to satisfy all the dependencies listed in package.json, the exact versions recorded in yarn.lock are installed, and yarn.lock will be unchanged. Yarn will not check for newer versions.
If yarn.lock is absent, or is not enough to satisfy all the dependencies listed in package.json (for example, if you manually add a dependency to package.json), Yarn looks for the newest versions available that satisfy the constraints in package.json. The results are written to yarn.lock.
https://classic.yarnpkg.com/en/docs/cli/install/
Which file would be the source of truth?
It depends on whether version of 3rd party package in yarn.lock satisfies package
version's limitation in package.json. If it is, the yarn.lock file is "the source of truth"; otherwise, it should be package.json.
I can not run the Angular 2 project.
What I tried:
- running the project by using npm install and npm start | does not work
- I cloned quickstart from the github and replaced with my src folder and I still get the "can not find module in #angular/core"
Here is the full console output: https://www.dropbox.com/s/5plmqrjd6ge0lta/error.txt?dl=0
Many people will come here. I have had the same problem. Do not panic. You are probaly following the tutorial of tutorialspoint.
Just install the core again using NPM
npm install #angular/core
There was/is a bug in certain versions of npm that causes installed modules to disappear when using npm install someModule ... or npm install someModule --save-dev
This was apparently an issue if the module being installed was from a GitHub repo and lacked a specific commit hash to reference for the installation. Although the issue was marked "closed" and the repo archived several months ago at v5.6.0, I ran into the problem today w/the latest npm 6.4.0
In my case, doing npm install rxjs completely removed the #angular/core module, along with my #ionic-native plugins, and anything else I'd installed individually (and then it failed to actually/properly install rxjs anyway!!)
Tip: copy your existing npm modules folder as a backup before starting updates or removing it entirely & trying to npm install.
You can manually install to your project via npm install #angular/core, but depending on the npm version (or the angle of the moon at that precise moment, who knows) be aware that you might wind up with other missing dependencies.
Also try npm install #angular/core && npm install ... Apparently the additional npm install helps replace the randomly deleted/missing modules in some cases.