NPM common commands (8)

1、npm install

1.1 Command usage

npm install [<package-spec> ...]

别名: add, i, in, ins, inst, insta, instal, isnt, isnta, isntal, isntall

This command installs a package and any packages it depends on. If the package has a package-lock file, or an npm-shrinkwrap file, or a yarn.lock file, the dependency installation will be driven by it, following the following order of precedence:

• npm-shrinkwrap.json
• package-lock.json
• yarn.lock

包(package) yes:

• (a) A folder containing a program described by a package.json file
• (b) A gzipped tarball containing (a)
• (c) resolves to the url of (b)
• (d) Published on the registry  <name>@<version>with (c)
• (e) points to (d) <name>@<tag>
• (f) With the "latest" tag that satisfies (e) <name>
• (g) solves to (a) <git remote url>

Even if you never publish your package, you can still get many of the benefits of using npm if you just want to write a node program (a), and maybe you also want to be able to easily install it into a tarball after packaging (b).

• npm install：

  Install dependencies to a local  node_modules folder.

  In global mode (i.e., with  -g or  --global appended to the command), it installs the current package context (i.e., the current working directory) as a global package.

  By default, npm install all modules listed as dependencies in package.json will be installed.

  With  --production the flag (or when  NODE_ENV the environment variable is set production to  ), npm will not install devDependencies modules listed in .  To install all modules listed in   and  when   the NODE_ENV environment variable is set to  , you can use .productiondependenciesdevDependencies--production=false

  --production Note: The flags have no special meaning when adding dependencies to your project .

npm install <folder>：

If  <folder> located in the root of the project, its dependencies will be installed and may be hoisted to the top level like other types of dependencies  node_modules. npm will not   install package dependencies in the directory if  <folder> located outside the root of the project  , but it will create symbolic   links to them.<folder><folder>

Note: If you want to install the contents of a directory (such as a package) from the registry rather than creating a link, you need to use  --install-links the option.

Example:

Dependencies are installed on top of it. If installed in the currently specified directory, add the corresponding parameters as follows:

The corresponding package is installed directly, not a link is created.

npm install <tarball file>：

Install packages located on the file system. Note: If you just want to link a dev directory to your npm root directory, you can use  npm link npm link npm link  to do this more easily.

Compression package requirements:

• The file name must use  .tar, .tar.gz or  .tgz as an extension.

• The package contents should be located in a subfolder within the tarball (usually called a tarball  package/). npm strips off a directory layer when installing a package (  tar x --strip-components=1 the equivalent of running).

• The package must contain files with  name and  version attributes  package.json .

  Example:

npm install qs-6.11.2.tgz

npm install <tarball url>：

Get the tarball url and install it. To distinguish this option from other options, the parameter must start with "http://" or "https://"

Example:

npm install [<@scope>/]<name>：

Install  <name>@<tag> , where  <tag> is the "tag" configuration. (The configured default is  latest.)

In most cases this will install  latest the version of the module marked on the npm registry.

Example:

npm install qs

By default, npm install any specified package is saved to  dependencies . Additionally, you can use some additional flags to control where and how they are saved:

• -P, --save-prod: The package will appear in your  dependencies . This is the default unless  -D or  is present -O.

• -D, --save-dev: The package will appear in your  devDependencies .

• -O, --save-optional: The package will appear in your  optionalDependencies .

• --no-save: Prevent saving to  dependencies.

  When saving dependencies to package.json using any of the above options, there are two additional optional flags:

• -E, --save-exact: Saved dependencies will be configured with the exact version instead of using npm's default semver range operator.

• -B, --save-bundle: The saved dependencies will also be added to your  bundleDependencies list.

  Also, if you have  npm-shrinkwrap.json or  package-lock.json, then it will also be updated.

  <scope> is optional. The package will be downloaded from the registry associated with the specified scope. If no registry is associated with the given scope, the default registry is assumed.

  Note: If you don't include the @ symbol in the scope name, npm will interpret it as a GitHub repository, see below. The range name must also be followed by a slash.

  example:

• npm install sax
  npm install githubname/reponame
  npm install @myorg/privatepackage
  npm install node-tap --save-dev
  npm install dtrace-provider --save-optional
  npm install readable-stream --save-exact
  npm install ansi-regex --save-bundle

  npm install <alias>@npm:<name>：

  Install the package under a custom alias. Allows side-by-side multiple versions of packages with the same name, easier importing of other packages with long names, and the use of git forks or forked npm packages as replacements. Aliases only apply to your project and will not rename packages in transitive dependencies. 

• example:

  npm install my-react@npm:react
  npm install jquery2@npm:jquery@2
  npm install jquery3@npm:jquery@3
  npm install npa@npm:npm-package-arg

  npm install [<@scope>/]<name>@<tag>：

  Installs the version of the package referenced by the specified label. If the tag does not exist in the package's registry data, this operation will fail.

  Example:

  npm install sax@latest
  npm install @myorg/mypackage@latest

  npm install [<@scope>/]<name>@<version>：

  Install the specified version of the package. This will fail if the version has not yet been published to the registry.

  Example:

  npm install [email protected]
  npm install @myorg/[email protected]

  npm install [<@scope>/]<name>@<version range>：

  Installs a package version that matches the specified version range. This will follow the same rules for resolving dependencies described in package.json.

  Note that most version ranges must be placed in quotes in order for your shell to treat them as a single argument.

  Example:

  npm install sax@">=0.1.0 <0.2.0"
  npm install @myorg/privatepackage@"16 - 17"

  npm install <git remote url>：

  Install the package from a hosted git provider and  git clone it using . For a full git remote URL, only that URL will be tried.

  <protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>[#<commit-ish> | #semver:<semver>]

  <protocol> Is  one of git, git+ssh, git+http, git+https or  git+file .

  If provided  #<commit-ish>, it will be used to clone exactly that commit. If commit-ish is of the form  #semver:<semver>, <semver> which can be any valid semver scope or exact version, npm will look in the remote repository for any tags or references matching that scope, just like it does for registry dependencies. If neither is specified  #<commit-ish> ,  #semver:<semver>the default branch of the repository is used.

  If the repository uses submodules, these will also be cloned.

  If the package being installed contains  prepare a script, its  dependencies sum  is installed and devDependenciesthe preparation script is run before the package is packaged and installed.

  The following git environment variables are recognized by npm and added to the environment when running git:

• GIT_ASKPASS

• GIT_EXEC_PATH

• GIT_PROXY_COMMAND

• GIT_SSH

• GIT_SSH_COMMAND

• GIT_SSL_CAINFO

• GIT_SSL_NO_VERIFY

example:

npm install git+ssh://[email protected]:npm/cli.git#v1.0.27
npm install git+ssh://[email protected]:npm/cli#pull/273
npm install git+ssh://[email protected]:npm/cli#semver:^5.0
npm install git+https://[email protected]/npm/cli.git
npm install git://github.com/npm/cli.git#v1.0.27
GIT_SSH_COMMAND='ssh -i ~/.ssh/custom_ident' npm install git+ssh://[email protected]:npm/cli.git

• npm install <githubname>/<githubrepo>[#<commit-ish>]：

• npm install github:<githubname>/<githubrepo>[#<commit-ish>]：

  By trying to  git clone it using ,  https://github.com/githubname/githubrepo install the package.

  If provided  #<commit-ish>, it will be used to clone exactly that commit. If commit-ish is of the form  #semver:<semver>, <semver> which can be any valid semver scope or exact version, npm will look in the remote repository for any tags or references matching that scope, just like it does for registry dependencies. If neither is specified  #<commit-ish> ,  #semver:<semver>the default branch is used.

  prepare As with regular git dependencies, if the package has scripts  before the installation is complete  , the dependencies and  devDependencies.

  example:

  npm install mygithubuser/myproject
  npm install github:mygithubuser/myproject

  npm install gist:[<githubname>/]<gistID>[#<commit-ish>|#semver:<semver>]：

  By trying to  git clone it using ,  https://gist.github.com/gistID install the package. The GitHub username associated with the gist is optional and will not be saved  package.json .

  prepare As with regular git dependencies, if the package has scripts  before the installation is complete  , the dependencies and  devDependencies.

  Example:

  npm install gist:101a11beef

• npm install bitbucket:<bitbucketname>/<bitbucketrepo>[#<commit-ish>]：

  By trying to  git clone it using ,  https://bitbucket.org/bitbucketname/bitbucketrepo install the package.

  If provided  #<commit-ish>, it will be used to clone exactly that commit. If commit-ish is of the form  #semver:<semver>, <semver> which can be any valid semver scope or exact version, npm will look in the remote repository for any tags or references matching that scope, just like it does for registry dependencies. If neither specified  #<commit-ish> nor specified  #semver:<semver>, it is used  master.

  prepare As with regular git dependencies, if the package has scripts  before the installation is complete  , the dependencies and  devDependencies.

  Example:

  npm install bitbucket:mybitbucketuser/myproject

• npm install gitlab:<gitlabname>/<gitlabrepo>[#<commit-ish>]：

  By trying to  git clone it using ,  https://gitlab.com/gitlabname/gitlabrepo install the package.

  If provided  #<commit-ish>, it will be used to clone exactly that commit. If commit-ish is of the form  #semver:<semver>, <semver> which can be any valid semver scope or exact version, npm will look in the remote repository for any tags or references matching that scope, just like it does for registry dependencies. If neither specified  #<commit-ish> nor specified  #semver:<semver>, it is used  master.

  prepare As with regular git dependencies, if the package has scripts  before the installation is complete  , the dependencies and  devDependencies.

  Example:

  npm install gitlab:mygitlabuser/myproject
  
  npm install gitlab:myusr/myproj#semver:^5.0

  You can combine multiple parameters, even multiple types of parameters. For example:

  npm install sax@">=0.1.0 <0.2.0" bench supervisor

  --tag The parameters will apply to all specified installation targets. If a tag with the given name exists, the tag's version takes precedence over newer versions.

  --dry-run The parameters will report in the usual way what the installation would have done without actually installing anything.

  --package-lock-only Parameters are only updated  package-lock.json, rather than checking  node_modules and downloading dependencies.

  -f or  --force parameter will force npm to fetch the remote resource even if a local copy exists on disk.

  npm install sax --force