Install npm dependencies for specific node version using package-lock.json - node.js

On my local environment, I'm using the latest node version but during the deployment of my AWS Lambda function I have to use v8.10.0.
I have created .nvmrc file with v8.10.0 set and to install node_modules I simply run:
nvm exec npm i
The problem that it is not using package-lock.json at all - which is even altered by npm i command.
node v8.10.0 delivers npm v5.6.0 which doesn't provide npm ci command.
Is there any other way to install dependencies for v8.10.0 using lock file?

Unfortunately, in versions of npm after 5.0 (specifically, 5.4 and onward), "npm install" can update the package lock file, and there is no option to avoid this behavior.
In npm >=6.0, you can use npm ci, which installs only from the package lock file, which is what you want. (See https://github.com/npm/npm/issues/17979 and https://github.com/npm/npm/issues/18286 for a lot of backstory/history.)
If you can use node v8.14 instead of v8.10, you'll get npm#6 out of the box. If not, you might be up the creek.

Have you tried npm shrinkwrap ? IIRC package-lock.json has been changed to npm-shrinkwrap.json, but I can't remember in which version
That is, run npm install && npm shrinkwrap and make sure the resulting json gets committed into your repo / transferred to AWS

Related

NPM stuck on an old version?

I was following some tutorial that was recorded a while ago, and it said for us to downgrade our npm version to 5.5.1 to avoid any differences (since that was the newest version at the time of the recording). So I did, using classic
npm install -g npm#5.5.1
However, now I'm stuck, I can't update to the actual present day latest version. I tried npm install -g npm#latest, I tried manually typing the latest version, I even tried uninstalling both Node and NPM, and installing the latest ones, fresh from the site, but for whatever reason my npm just gets stuck on 5.5.1 again. How do I fix this?
I'm using Windows btw. Also, I'm just learning about Node and NPM, so I guess there is a chance I'm missing some obvious solution?
Edit: whenever I try to install something, I get the following
npm WARN npm npm does not support Node.js v12.18.3
npm WARN npm You should probably upgrade to a newer version of node as we
npm WARN npm can't make any promises that npm will work with this version.
npm WARN npm Supported releases of Node.js are the latest release of 4, 6,
npm WARN npm You can find the latest version at https://nodejs.org/
WARNING: You are likely using a version of node-tar or npm that is incompa
with this version of Node.js.
Please use either the version of npm that is bundled with Node.js, or a ve
of npm (> 5.5.1 or < 5.4.0) or node-tar (> 4.0.1) that is compatible with
s 9 and above.
and after that a long list of errors, including, but not limited to
1: 000000013F8A5EBF napi_wrap+114095
2: 000000013F850B46 v8::base::CPU::has_sse+66998
3: 000000013F850EC1 v8::base::CPU::has_sse+67889
4: 000000013F78F187 RSA_meth_get_flags+85639
5: 000000014001AAE0 v8::internal::Builtins::builtin_handle+323456
try this
Run PowerShell as Administrator
Set-ExecutionPolicy Unrestricted -Scope CurrentUser -Force
npm install -g npm-windows-upgrade
npm-windows-upgrade
refer to this https://www.npmjs.com/package/npm-windows-upgrade or their GitHub repo for more help
if it doesn't help, try this
uninstall node (Settings -> Add or remove programs), then navigate to C:\Users\{User}\AppData\Roaming and delete the npm and npm-cache folder and finally install node again (using the installer).
You are missing the -g. You said:
I tried npm install npm#latest
but that that doesn't include the -g. The -g is key because it causes npm to be installed globally (best rhyme). See Downloading and installing packages globally. Your first command includes it, but not the follow up.
Because of this, you probably install npm as a local dependency (which you probably didn't mean to do). Check your package.json and see if there is any listing of npm. If you aren't directly using runtime pieces of npm, remove that dependency and just install the specific version you want globally with -g.
In your project root directory, run the update command:
npm update

What NPM command should users run if the package.json file has been updated?

If I update the package.json file in an NPM workflow app, what command do existing users run to update their local node_modules dependencies?
To start using it, they run:
$ npm install
So what do they run if there is a change to the package.json file? Or do they just delete the folder and re-run the npm install command?
To re-validate the package.json and install adjusted versions or new packages:
$ npm install
The one thing this won't do is remove packages that aren't in package.json. To do that, run:
$ npm prune
If you've only changed package versions and not added new packages:
$ npm update
If you you've updated a specific package version:
$ npm update {packagename}
You should either do
npm install && npm prune
or
npm upgrade && npm prune
npm install will be faster than npm upgrade because it only updates packages in node_modules if package.json demands a newer version. npm uprade, on the other hand, will download updates to dependencies if they are available, which may include bug fixes. For ≥npm-5, you should use npm install because npm upgrade will have the side-effect of modifying any package-lock.json file which should not be modified unless if you are the package’s maintainer.
npm prune is necessary because the updates to package.json may have removed dependencies. If you do not run npm prune, packages installed by a prior version of package.json will remain in the node_modules directory that would not be there if you freshly downloaded/cloned the project and ran npm install. Due to how some packages conditionally call require() or even scan the node_modules directory, leaving packages which were removed from package.json can result in unexpected behavior.

npm install behavior after clear cache vs folder delete

I am trying to understand how npm work on cache clean and installation. Whenever I have to get latest latest version I try to do:
$ npm cache clean
$ npm install
But it fails to pickup latest dependencies so I always have to do delete old dependent project folder from node_module folder and do npm install
So I want to understand why?
npm cache clean only purges the global cache npm uses to avoid re-downloading the same packages. npm install does nothing if the installed package versions match the versions in package.json.
Maybe the command you're looking for is npm update?

How to shrinkwrap devDependencies, but not install them unless necessary?

I have a bunch of devDependencies needed in order to run test suite and have production dependencies locked down with npm shrinkwrap. The problem is that when I run npm install, only production dependencies are installed, in order to install devDependencies, I have to remove npm-shrinkwrap.json and run it again.
Now if shrinkwrap contains devDependencies as well, they get installed in production, where they are not required. Surely there should be some command line arguments to force only normal dependencies to be installed?
September, 2016:
As others have mentioned as well, there were some huge efforts to enhance the shrinkwrap feature starting with npm v3.10.8.
Thanks to this, it'll be possible to keep your devDependencies locked while installing only the production dependencies:
npm shrinkwrap --dev
npm install --only=prod
2013 answer:
As stated in the NPM docs:
Since npm shrinkwrap is intended to lock down your dependencies for
production use, devDependencies will not be included unless you
explicitly set the --dev flag when you run npm shrinkwrap. If
installed devDependencies are excluded, then npm will print a warning.
If you want them to be installed with your module by default, please
consider adding them to dependencies instead.
Basically, or you lock down all deps, or only the production deps.
Not even running npm install --dev or npm install --force can transcend the shrinkwrap functionality.
It looks like this feature was recently added in v3.3 of the npm client per the changelog
You'll now be able to run npm install --only=prod to achieve the effect you wish.
EDIT 2016/09/13
I've tested out npm v3.10.8, and this functionality now works as expected. We've shrinkwrapped our devDependencies and can install only prod dependencies when we deploy.
I think it's worth mentioning that this feature should start working as expected very soon. According to this github issue, tons of people were running into the same problem, and according to this pull request, it will be in the next release (scheduled for 2016-09-08).
With the pull request merged in, all you would have to do is:
npm i --only=prod
As to npm 5 (I've tried on 5.5.1 and 5.6.0), --production (--only=prod) flag is problematic.
When package-lock.json exists in the folder,
npm shrinkwrap --production
simply changes the file name to npm-shrinkwrap.json.
How I managed to solve this issue is to run:
npm prune --production
and then run:
npm shrinkwrap --production
This is fixed in npm 3.10.8; npm install --production shouldn't install dev deps in a shrinkwrap created by npm shrinkwrap --dev: https://github.com/npm/npm/releases/tag/v3.10.8

How to use a specific version of NPM?

How can I switch which version of npm I'm using?
Currently:
$ npm -v
1.1.65
But I need: 1.0.x
I tried but got an error:
$npm version 1.0
npm ERR! version No package.json found
Anyone know how to use a different version of NPM? Thanks
Your NPM version is tied to your NodeJS version. As far as I can tell you can only have one NPM version per Node version. Using something like nodenv or, my favorite, asdf, you can define your node version per folder.
Per Node version (e.g. per folder) you globally install the version of NPM that you want to use.
$ npm install -g npm#x.x
Edit: You can also now specify NPM version in your package.json "engines" key, though it takes a little more work to enforce that declaration.
You can update npm without installing another version of node.js and npm is not tied to versions of node.js specifically.
Of course, as node.js advances and adds features so too does npm so there is some limit for npm depending on node.js but you SHOULD update npm as much as you can because there are important security patches and bug fixes.
This is a best practice for all software. Stability is not worth ignoring a security risk.
The command is npm install npm#latest -g to install it globally. This will install the latest version that will run with the node.js you have installed.
Additionally you can install a specific version of npm to your package.json in a project like this npm install npm#6.14 and you can use it locally. What is even more interesting is you can install a local version of node.js in a project and use it too!
Example:
I am running node 16.8.0 and I have npm 7.21.0 but I want to use an earlier version of npm but just for a project:
In the project directory
npm i --save-dev npm#6.14
This will put the earlier version of npm into the node_modules/.bin which will let you run it in relation to this project. If you type npm -v at this point you will get your global version.
If you type node_modules/.bin/npm -v you will get 6.14.15
Since you have made this version of npm the one for this project, when you use npm in your scripts it will use 6.14.15 and not the global version.
The same is true of node.js.
You can install an older version of node.js like this: node_modules/.bin/npm install --save-dev node#lts which will then add this version of node.js to the project.
You can test this by entering node_modules/.bin/node -v and in my example you will see the locally installed version number, in my example v14.17.3 although my global is v16.8.0
If you do this, your project scripts in package.json scripts will run the locally installed versions rather than the global versions.
You can test this out by creating a script in your package.json.scripts like this: "what:version": "npm -v && node -v",
Then if you run npm run what:version you will get
> what:version
> npm -v && node -v
6.14.15
v14.17.3
What value is this?
It is a way for you to package node and npm with your project. This can be especially valuable for large projects where you have many people working on the same project, so you have consistency across the board or if you have a build server that has a specific version of node + npm. Additionally if you have corporate requirements, etc.
Additionally there is npx which allows you to do so much more. Using npx you can even try something out without installing it.
Here is the documentation for npm: https://docs.npmjs.com/about-npm-versions
If you find you are needing to switch between different versions of node.js and npm you might want to use nvm https://docs.npmjs.com/downloading-and-installing-node-js-and-npm
When you install npm you only get the latest package, so you need to install specific versions individually, e.g:
npm install -g npm#5.6.0
Once you've done that, run a version check and you should see the version you've just installed:
npm -v
5.6.0
You can install specific version by bellow command.
npm install -g npm#6.14.11
For a specific version, use
npm install -g npm#x.y.z
And for the latest version, use
npm install -g npm#latest

Resources