In my project, I maintain support for both npm and yarn.
At present, whenever I update file package.json, I conduct the following process:
Delete file package-lock.json
Delete file yarn.lock
Delete folder node_modules
Run npm install
Delete folder node_modules
Run yarn install
This process seems to guarantee deterministic results for both file package-lock.json and file yarn.lock.
But on the other hand, it is a little "tedious" to conduct it every time I want to update my project dependencies.
Is there a simple process that I can take instead?
I have read through this answer; it covers this topic pretty well, but not the simplification that I am looking for.
Thank you for your help.
Related
If I edit my pagacke.json file on my production system after testing a specific package update, how would I install this specific update from my package.json file?
I could run npm update with this specific packages version. But how would I do this with the package.json file? For example if I edit the version of multiple packages manually?
Just running npm update would update all packages if updates are available, as far as I know.
So what I want is:
test updates locally -> update package.json file on production -> update those packages using edited package.json file
It sounds like you have a project where:
nothing has changed but one or more dependency entries in package.json
you want the changes in package.json to be reflected in node_modules
this is all happening on a production system
I'm not sure I would recommend such a process, but if you do find yourself in that situation, the answer is to run npm install --production. Anything in node_modules that meets the dependency requirements in package.json will be left alone. Only things that don't meet the requirements will be updated. The --production flag ignores devDependencies, which is presumably what you want in a production environment.
That answers your question. As for the process described, an incrementally better process might be to use the shrinkwrap feature in npm to generate an npm-shrinkwrap.json file. That will at least insure that you get the exact same node_modules in your installations. (package-lock.json does a similar thing for development installations, and you can probably rely on that as well. But if you ever plan on publishing your project to a repository like npm's, the package-lock.json file is ignored. So you'll want npm-shrinkwrap.json in that case.)
As per title, I have been developing my react app in a very bad manner.
Since I worked in an offline environment, whenever I needed to install a new package top be used in my application, I would manually copy it into my node_modules folder. The problem is that I normally do not update my package.json file with the newly installed dependency.
Because of this, after a long time, my node_modules folder grew quite large (300 ish).
When I send the application to my colleauge to develop and he ran npm install "some package", npm deletes more than half of my manually installed packages (ouch). (Also this explains npm's behavior on this https://github.com/npm/npm/issues/17929#issuecomment-322881421 )
Is there a way for me to update my package.json file with all of my dependencies manually installed in my node_modules folder? Besides having to manually type all 300 plus modules (+ modules that are downloaded as it is a dependancy of another node_module)?
Im pretty desperate so any advice will really be appreciated.
You could try deleting your package-lock.json, run npm shrinkwrap, and then paste the dependencies in the generated npm-shrinkwrap.json into your package.json. This will be way more verbose than your package.json would normally be, because I think it will explicitly list the dependencies of all your dependencies (like package-lock.json), but it should give you a file that your application can be installed from by a colleague.
I have understood the details from the below link but still when to use which file is a question ?
https://docs.npmjs.com/files/package-lock.json
package.json
Contains relevant metadata for your project including dependancies, helper scripts and other general metadata.
Running npm install --save <package> or yarn add <package> adds dependancies to this file.
Between the three files listed, this is the only one you should ever need to interact with.
package-lock.json and yarn.lock
Is an auto generated file that describes the exact state of your application dependancies the last time packages where added or modified.
More specifically it guarantees the order of package installations between users - hence why it is recommended to be git committed.
yarn.lock is generated when running yarn specific commands.
package-lock.json is generated when running npm specific commands.
I am learning Angular and each time it takes like 5 minutes to create a new project because of 100MB folder "node_modules" which CLI creates. And the files in this folder are always the same (unless you add some dependencies which I never do). Is there a way to use one node_modules folder for every project?
Have a look in to https://yarnpkg.com/blog/2017/08/02/introducing-workspaces/
Yarn Workspaces is a feature that allows users to install dependencies
from multiple package.json files in subfolders of a single root
package.json file, all in one go.
Making Workspaces native to Yarn enables faster, lighter installation
by preventing package duplication across Workspaces. Yarn can also
create symlinks between Workspaces that depend on each other, and will
ensure the consistency and correctness of all directories.
npm install -g yarn
You can install all dependencies globally or create a symlink from one place to every project.
BUT it is bad practice, correct way is to use separate node_modules for each project, even if you are using same packages. Once you will need use different versions of same package in different projects and common node_modules will cause a lot headache.
Try to use npm cache and npm install --prefer-offline if you just want to install package faster and don't care about version very match. I didn't use it but believe it should work.
Only packages installed by node (npm install) can be in the node_modules folder. This is because, if someone wants to install your project, instead of downloading the whole project with the node_modules included. They type npm install.
Based on the packag.json the node_modules will now be downloaded to the node_modules folder.
So you can put angular in the node_modules folder if it is an npm package. No you cannot put your own files in this folder.
So you can just copy your package.json to every project and run npm install. Then all the node_modules will be the same.
I installed a package with yarn add --dev, run its setup process and during it, the package installed several other packages and added those to package.json (in devDependencies), I assume with npm. Great, but now my yarn.lock is out of sync.
What is the correct, non-manual way of syncing yarn.lock to the current state of package.json?
Edit: yarn check shows the missing packages as:
error Lockfile does not contain pattern: <package>#<version>
But it doesn't add them.
Run yarn install, or just yarn.
The lock file is updated in its entirety on any change to dependencies, i.e. when you run a yarn command.
From the Yarn docs:
Your yarn.lock file is auto-generated and should be handled entirely by Yarn. As you add/upgrade/remove dependencies with the Yarn CLI, it will automatically update your yarn.lock file. Do not edit this file directly as it is easy to break something.
(Emphasis my own)
If you ever face a checksum issue this will solve it,
YARN_CHECKSUM_BEHAVIOR=update yarn