This is a n00b npm question, as I'm just getting started here. Apologies.
I'm using the node-dbus npm module, whose latest version is 0.2.0. But I see that there have been code changes (one of which I want) added since the last version number change.
Do I need to ask the author of the package to update the version number so I can easily get the new stuff? Is it permissible/possible for me to go in and update the version number myself in the github repo? Or is there some clean way to set up the dependencies line in my package.json to get the stuff that has been added since the last version number change?
I see that it's supposed to be possible to use a "git remote url," but so far I'm unable to make that work. Is that what I should be doing? Is getting the version number updated the right direction?
Thanks for your help.
Steve
According to the official NPM documentation, you can install a package by:
npm install <githubname>/<githubrepo>[#<commit-ish>]
In your case, it should be:
npm install sidorares/node-dbus#<the-commit-that-contains-your-wanted-code>
You can add --save to the command to update package.json on the fly.
Please be aware that it is not a good practice to install modules from source code directly as it might not be a stable version.
Related
I am a bit new to this whole CI/CD world but whenever I see the config.yml files there in any node js project there is always npm ci instead of npm install. I have read some things from docs but it's still unclear to me. Can someone please explain in clear and concise language?
npm install generates the package-lock.json for you. The file contains the exact version numbers of all dependencies that you installed as well as the version number of transitive dependencies, all bassed on what you defined in package.json. Note however that in your package.json you can define your version starting with ^ or ~, suggesting that you want to install the latest patch or minor version of a certain dependency. As a result, every time you run npm install your package-lock.json might end up containing slightly newer versions of your packages if available.
npm ci on the other hand doesn't not generate package-lock.json file. Quite the opposite. It requires your package-lock.json to already be there and it installs exactly the versions that are listed there. This is the command that you want to run on your CI/CD pipeline. This way you can ensure that your pipeline uses exactly the same dependencies you last used locally and can confirm that they worked for you.
Inside a Node.js project, it's not clear to me what is the correct workflow to ugpgrade a package to a major release.
Let's suppose I'm istalling stylelint: npm install --save stylelint by default puts inside my package.json the string "stylelint": "^8.4.1" which means that if I want to update it with npm update, I will get only minor and patch releases (8.4.2 is ok, 8.5.0 in ok, 9.0.0 is not).
If I check with npm outdated and it comes out that I could update to 9.0.0, npm update wouldn't work because of the restriction depicted above.
So, if I want to upgrade, what am I supposed to do?
Have I to manually modify my package.json to stylelint version ^9.0.0, delete node_modules directory and re-run npm install?
Or maybe I have just to remove the ^ character to let npm update do its job?
What is the common/best practice to adopt?
Thanks
Say you have "the-package" installed at version 3.x and want to upgrade to 5.x
You would do this:
npm install the-package#5
it will update package.json and package-lock.json as well.
You can also update multiple packages in one command like npm install package1#5 package2#16
To check which packages need updates, run npm outdated
So, if I want to upgrade, what am I supposed to do?
In order to update major releases you can use the npm-check-updates.
See this great answer.
Or maybe I have just to remove the ^ character to let npm update do its job?
What is the common/best practice to adopt?
The most common/best practice is to never allow automatic updates to versions that have potentially breaking changes. Workflows are all over the map, from; manual test and then update packages.json, to fully automated detect, test, update and submission of packages.json.
Many Java/JavaScript environments are particularly sensitive to transitive dependency changes due to the lack of side by side versioning support. If your package brings in a breaking change of one of its own dependencies, then your package has introduced a breaking change to the system. If your 1.y.z causes an update of one of its dependencies from X.Y.Z to X+1.Y.Z it introduces a breaking change and is therefore not a stable version 1.y.z. Other packages that depend on the same package name as yours could potentially be broken whenever the developers of that package released a breaking change. Never let the world get into that state!
I recommend you study the Diamond Dependency Problem and take to heart. You should always carefully test breaking changes and never try to force them on your customers.
As pointed out by #ShaharShokrani, this answer gives a good workflow for manually updating your package. And to remain in compliance with SemVer 2.0.0 #8, don't forget to bump your own major version number.
You can also remove and install the package.
npm rm package
npm i package
How to safely npm install/update when deploying/upgrading ?
Problem 1 : npm install is a statefull operation that depends on the latest versions of dependencies in the time when the command is executed. This causes surprises when deploying since package.json file indicates ranges but not specific versions.
Problem 2 : everytime I make npm update or use ncu, I spend hours/days trying to handle incoherences between modules. Why would this happens in 2018 ?
Problem 3 : How to have package.json file that describes exactly the state of installed packages instead of ranges so that I can deploy without surprises ?
NB: I use Angular
If you use yarn or a more recent version of npm, it will generate for you a yarn.lock or package-lock.json.
This will keep exactly the version of any package when it's first installed, so further calls to yarn or npm install will fetch and install exactly those versions.
Of course you should add these lock files to your repository so anyone doing a fresh clone get the same dependencies installed.
See the npm docs: https://docs.npmjs.com/files/package-lock.json
And the yarn docs: https://yarnpkg.com/lang/en/docs/yarn-lock/
package.json file indicates ranges but not specific versions : Re-read the documentation, you can specify specific versions. See point 3 for an example.
Why would this happens in 2018 <= I/we can't speculate as to problems where you did not include any specific details, it might be a valid general gripe you have but StackOverflow is not the correct place to vent it.
Again, see the documentation. You just have to include the version number with an = sign. Example below would get only the version 5.0.0 of #angular/cdk.
"#angular/cdk": "5.0.0"
be advised that any call to npm update will update your package.json with the latest minor version, so setting a strict constraint version ex (5.0.0) will only work with npm install when no package-lock.json is present. When doing npm update, your 5.0.0 constraint will be replaced by a ^5.5.0 constraint (or whatever the next minor release is). It's fine if the packages you are using implement semver correctly, but you can have a lot of issues with breaking changes on minor release.
I found this great npm package called Wicked that will auto-generate jsdocs for you and push them to github. However it's so old that in order to use it you have to be running Node version 0.10, so you have to change your node version, run it, and then change it back to the current version. This version is not going to be maintained after October of this year, so it's not really a viable solution.
Does anyone know of an npm package/combination of packages that is still being updated that will do the same thing?
Hello I am just a noob and still learning. I have already downloaded and tried the chat tutorial of get-started part from socket.io. Now, I am again learning from another source. What's confusing me is that, do I always have to npm install in the beginning of every project after writing the dependencies in the package.json? Or is there any other way? I would be very glad if you could help me understand my confusion. Thank you!
Yes, before running, all dependencies must be installed. So you must run npm install.
When developing, you can use npm install --save <package_name> to install a dependency and automatically add it to package.json.
NPM means Node Package Manager. It is used to manage your dependencies to other node modules dynamically thanks to a configuration file called package.json. This way you can easily define the exact versions you need or a mask in order to always retrieve the stable ones for instance.
The command npm install allows to interpret your configuration file and then download the good versions (and this recursively).