npm is the package management tool of the JavaScript world, and is the default package management tool for the Node.js platform. Through npm, you can install, share, distribute code, and manage project dependencies.
The principle of npm
npm is said to be the world's largest package manager? Is it really just user-friendliness?
1. npm init
Used to initialize a simple package.json file. The package.json file is used to define a package description file.
1. The default behavior of npm init execution
Execute npm init --yes, all using the default values.
2. Customize npm init behavior
The principle of the npm init command is: call the script and output an initialized package.json file.
Get user input using the prompt() method.
2. Dependency package installation
The core function of npm: dependency management. Execute npm i to install dependencies from dependencies and devDependencies in package.json to the node_modules folder of the current directory.
1. package definition
npm i can install a package. Usually package is the package name we need to install. Under the default configuration, npm will search the corresponding package address of the package name from the default source (Registry), and download and install it. Can also be a http url/git url/folder path pointing to a valid package name.
The precise definition of a package meets one of the following conditions a) to g), and it is a package:
The precise definition of package
2. Install local package/remote git warehouse package
Shared dependency packages do not have to be published on the npm source to be used.
(1) Scenario 1: Local module reference
Calling between modules cannot be avoided during development. During development, we put frequently called configuration modules in the root directory, and if there are many hierarchical directories, later reference
copy
const config = require(''../../../../..config)
- 1.
Such path references are not conducive to code refactoring. At this time, we need to consider separating this module for other modules to share. For example, config.js can be packaged into a package and placed in the node_modules directory.
No need to manually copy or create a soft link to the node_modules directory, npm has its own solution:
plan:
1. Add a new config folder, move config.js into the folder, change the name to index.js, create package.json to define the config package
{
"name": "config",
"main": "index.js",
"version": "0.1.0"
}
2. Add dependencies in the project's package.json, and then execute npm i.
{
"dependencies": {
"config":"file: ./config"
}
}
Looking at the node_modules directory, we will find that there is an extra soft link named config pointing to the upper-level config/ folder. This is because npm recognizes the url of the file: protocol, knows that this package needs to be obtained directly from the file system, and will automatically create a soft link to node_modules to complete the "installation" process.
3. How npm install works
After npm i is executed, all dependent packages can be seen in node_modules. Developers don't pay attention to the structural details of the node_modules folder, but focus on referencing dependent packages in business code.
Understanding the node_modules structure helps us better understand how npm works. npm2 to npm5 changes and improvements.
3.1 npm2
npm2 is installing dependent packages, using a simple recursive installation method. Each package has its own dependent packages, and the dependencies of each package are installed in its own node_modules, and the dependencies are progressive layer by layer to form the entire dependency tree, which corresponds to the file structure tree in the file system one by one.
The most convenient way to depend on the tree is to execute npm ls in the root directory.
advantage:
The hierarchical structure is obvious, which is convenient for fool-like management.
shortcoming:
For complex projects, the directory structure may be too deep, and the file path in the deep layer is too long to trigger the file path in the window file system to be no longer than 260 characters.
Some packages that are dependent on multiple packages are installed repeatedly in many places, resulting in a lot of redundancy.
3.2 npm3
The node_modules directory of npm3 has been changed to a flatter hierarchical structure. When npm3 is installed, it traverses the entire dependency tree and calculates the most reasonable folder installation method. All packages that are repeatedly depended on can be reinstalled.
For npm, packages with the same name and different versions are two independent packages.
The dependency tree structure of npm3 no longer corresponds to the folder hierarchy one by one.
3.3 npm5
Follow the flat dependency package installation method of npm3. The biggest change is the addition of the package-lock.json file.
The role of package-lock.json: lock the dependent installation structure, and find that the hierarchical structure of the node_modules directory file is in one-to-one correspondence with the structure of json.
By default, npm5 will generate a package-lock.json file after executing npm i and submit it to the git/svn code base.
To upgrade, do not use version 5.0.
Note: In npm 5.0, if there is already a package-lock file, if you manually add a dependency to the package.json file, and then execute npm install, the new dependency will not be installed into node_modules, package-lock. json will not be updated accordingly.
npm sctipts
5.1 Basic use
npm scripts are an important feature of npm. Define a script in the scripts field in package.json.
for example:
{
"scripts": {
"echo": "echo HELLO WORLD"
}
}
We can execute this script through the npm run echo command, just like executing echo HELLO WOLRD in the shell, and the terminal can see the output.
Summarized as follows:
- When the npm run command is executed, the ./node_modules/.bin directory will be added to the PATH variable of the execution environment. Packages that are not installed globally are installed in node_modules, and this command can be invoked through npm run.
- To pass in parameters when executing npm scripts, you need to add -- after the command to indicate, for example, npm run test -- --grep="pattern" can pass the --grep="pattern" parameter to the test command.
- npm also provides two hook mechanisms, pre and post, which can define execution scripts before and after a certain script.
- Runtime variables: In the script execution environment of npm run, more information about running can be obtained through environment variables. It can be accessed through the process.env object:
- npm_lifecycle_event: the name of the running script
- npm_package_: Get the matching value of a field in the current package.json: such as package name npm_package_name
- npm_package__: Nested fields in package.
5.2 node_modules/.bin directory
Saves the callable command-line packages installed in the dependency directory. The essence is a mapping from an executable file to a specified file source.
For example webpack is a command-line package. If we add the --global parameter when installing webpack, we can directly enter webpack in the terminal to call.
As mentioned in the previous section, the npm run command will add ./node_modules/.bin to PATH when it is executed, so that we can directly call all dependent packages that provide command-line calling interfaces. So here comes a best practice:
•Install the command-line tools that the project depends on into the project dependency folder, and then call them through npm scripts; instead of installing globally
So npm comes with a new tool npx starting from 5.2.
5.3 npx
The use of npx is very simple, just execute npx, and the default here is the name of the executable script installed in the ./node_modules directory. For example, the above locally installed webpack package can be executed directly using npx webpack.
Summarize
- npm init initializes a new project
- Unified project configuration: the team needs to share the npm config configuration items and solidify them into the .npmrc file
- Unified operating environment: unified package.json, unified package-lock.json files.
- Reasonable use of diverse sources to install dependent packages
- Use npm version: >= version 5.2
- Use npm scripts and npx to manage corresponding scripts
- Security vulnerability check: npm audit fix fixes the dependency packages of security vulnerabilities (essence: automatically update to a compatible security version)
An article that takes you to understand the principle of npm-npm use