Table of contents
1. Search and select the package to download
1.1. Start searching for packages
2. Download and install the software package locally
2.1 Installing unscoped packages
2.2 Install scoped public packages
1. Search and select the package to download
You can use the npm search bar to find packages to use in your project. npm search uses npms and npms-analyzer ;
npms - which stands for npm search - aims to empower the JavaScript community by providing better open source search for node packages.
1.1 Why use
npmjs.com allows developers to search for node packages, but after using it for a period of time, I found that the search results were not very satisfactory. The official search is powered by Elasticsearch
, but without advanced analyzers configured. More specifically, no stemming
or splitting is enabled
. What does this mean to you? Try searching for "couchdb promise
" and "couchdb promise
" to see how different the search results are. Imagine how many packages you lost in previous searches because of this.
When the results list is displayed on the screen, the order of the results is based solely on their relevance to the search term. The npmjs.com search does not consider package value to rank good packages higher. Therefore, the user has to manually analyze the search results one by one, taking into account multiple attributes such as the version( > 1.0.0
?) of the package, number of downloads, latest release date, number of GitHub issues, stars, forks, etc. The process is cumbersome and slow.
1.2 Working principle
The npms analyzer continuously analyzes the npm ecosystem, gathering as much information as possible from a variety of sources, including GitHub, David,
and nsp
. Using the information gathered, a final score for each package is calculated based on four different aspects:
1. Quality
Mass properties are easy to calculate because they are independent. These are the first attributes people look at when they check out a package.
- Is it a README file? Do you have a license? Is there a .gitignore and friends.
- Is the version stable (>1.0.0), is it deprecated
- Are there tests and what is the coverage? Does the build pass
- Are there outdated dependencies, are there vulnerabilities?
- Is there a custom website, is there a logo?
- Is there a link already configured?
2. Maintenance
Maintained properties allow us to know if the package is active and healthy, or if it is abandoned. These are often the second attributes people look at when inspecting a package.
- Ratio of unresolved issues to total issues
- The time it takes to close an issue
- recently committed
- submission frequency
- release frequency
3. Popularity
The popularity attribute allows us to understand the adoption rate and community size of the package. These are the attributes people look at when they are undecided about their package choice.
- number of stars
- number of forks
- number of subscribers
- number of contributors
- Dependency
- download times
- download acceleration
4. Fame
If two packages are similar, the package whose author is well known in the community is preferred.
Relationships between people are also important. When a user follows another user, there is a link between them. We can infer that people prefer packages from users they follow.
1.1. Start searching for packages
In the search bar, type your search term and press Enter. As you type, possible options will appear.
2. List the corresponding package name, package version, and basic description information according to the package search ranking rules.
3. Click the corresponding package name in the search list to enter the detailed description page of the package.
The npm registry search page defaults to the following ( npm )
The first part is a showcase of some of the most popular packages.
The second part is some packages discovered by type.
The third part is the total number of packages, the downloads in the last week, and the downloads in the last month.
The fourth part is some packages that have been updated recently.
2. Download and install the software package locally
If you want to depend on a package in your own module, you can install
a package locally using something likerequire进行引用,然后就可以使用包中的功能了。
2.1 Installing unscoped packages
Unscoped packages are always public, meaning that anyone can search, download and install them. To install the public package, run on the command line
npm install <package_name>
This will create the directory in the current directory node_modules
(if it doesn't already exist), and download the package to it.
NOTE: If there is no file in the local directory
package.json
, the latest version of the package is installed.If the file exists
package.json
, npm installspackage.json
the latest version that satisfies the declaration in .
2.2 Install scoped public packages
Anyone can download and install scoped public packages
, as long as the scope name is referenced during installation:
npm install @scope/package-name
2.3 Install private packages
Private packages
can only be downloaded and installed by users who have been granted read access to the package. Since private packages are always scoped, the scope name must be quoted during installation:
npm install @scope/private-package-name
2.4 Test package installation
To confirm npm install
this is working, check in your module directory node_modules
that the directory exists and that it contains the directory of the package you installed:
ls node_modules
2.5 Installed package version
If package.json
there are files in the running directory npm install
, npm installs the latest version of the package that satisfies package.json
the semantic versioning rules stated in .
If there is no package.json
file, the latest version of the package is installed.
2.6 Install packages with dist-tags
As with npm publish
, tags npm install <package_name>
are used by default latest
.
To override this behavior, use npm install <package_name>@<tag>
. For example, to example-package
install on a version marked as beta
, you can run the following command:
npm install example-package@beta