npm-update with npm-shrinkwrap.json - node.js

What does running:
npm update
do if a npm-shrinkwrap.json file exists? Does it
Update the dependencies to match the shrinkwrap.json file
Update the dependencies to obey package.json (thereby disregarding the shrinkwrap.json file)
Not do anything
Thanks in advance

When you run
npm update
It will update the dependencies to obey package.json and will not care what is stored in npm-shrinkwrap.json even when node_modules folder is empty which means update command will install using package.json while install command will use npm-shrinkwrap.json.
It does not make any sense to obey the shrinkwrap file[ in most cases.]
Reason
It is supposed to be a snapshot of package at some stable point and this thing makes it perfect for production code.
There are no ^,~,latest etc. in shrinkwrap file.
And we also know that shrinkwrap file is not supposed to be tampered manually using editor
So all we can do is go back to some previous state of dependencies using this command and this thing can be achieved using npm install
However when you run
npm install
It follows shrinkwrap file.
But when you run
npm install newPkg --save
It will change both package.json and npm-shrinkwrap.json file as well
But when you run
npm update pkg --save
It will change only npm-shrinkwrap.json file and as I wrote before it will use package.json file to update according to semver

Related

Create package.json from package-lock.json

I downloaded a theme and it has a package-lock.json file but no package.json file.
Is there a way I can generate the package.json from the package-lock.json file.
How do I install the node modules with just the package-lock.json file.
Is there a way to do that?
Warning: Do not attempt before reading comments below & backup package-lock.json.
Install the latest npm with npm install -g npm
Run npm init and respond to the questions.
The above command will generate a package.json and include the existing packages listed in package-lock.json
I think I figured it out.
I don't think npm init can draw from package-lock.json. However it does seem to pull from what is already in your /node_modules. I believe this is why #Harry B's solution works for some and not at all for others.
For example, if you have just cloned your project which contains package-lock.json, no package.json, and empty/non-existence node_modules, npm init won't create any dependencies. However, if you run npm install pkg1 pkg2 pkg3 ... then run npm init it will create the dependencies in package.json.
https://pravnyadv.github.io/unpackage/ seems to work. Copy your package lock file text in, hit the button, copy out the text into a new package.json file.
package-lock.json file relies on the presence of a package.json file, So it's not possible to retrieve package.json (happy to be proved wrong).
So a possible solution left is to use a module like auto-install which is capable of generating package.json from the project file dependencies.
First, you need to install the module globally npm install -g auto-install. Then run npm init and answer the basic requirements.
Then, run auto-install in your project root directory. All the dependencies should reflect in package.json file.
**
Or Install node modules directly from package-lock.json
**
Run npm ci which bypasses a package’s package.json to install modules from a package’s lockfile.
More Information

npm link, without linking devDependencies

It appears that when I run npm link, it will install the project globally, and it seems to install devDependencies with it.
Is there a way to run npm link without devDependencies, perhaps with the --only=production flag?
In npm#4.x or lower
When you run npm link in other_module then you will get both dependencies and devDependencies symlinked.
The --production flag doesn't change anything, still creates a symlink to the whole directory
In npm#5.1.0
They fixed it!
If you remove node_modules and then do npm link --only=production, it runs an install before symlinking, and therefore devDependencies folder are indeed excluded.
This is currently not possible with npm link. The problem is, if you install only prod dependencies in that dependency, you're able to link it, but you're not able to develop on that dependency anymore (since missing devDependencies). And vice-versa: If you install devDependencies, you can't link anymore.
The solution: A package called npm-local-development at https://github.com/marcj/npm-local-development
It basically does the same thing as npm link, but works around the devDependency limitation by setting up a file watcher and syncs file changes automatically in the background, excluding all devDependencies/peerDependencies.
You install npm-local-development: npm i -g npm-local-development
You create file called .links.json in your root package.
You write every package name with its local relative folder path into it like so
{
"#shared/core": "../../my-library-repo/packages/core"
}
Open a console and run npm-local-development in that root package. Let it run in the background.
Disclaimer: I'm the author of this free open-source project.
A workaround I use is npm pack then point to the packed file in the example

How do I install all the requirements with npm?

I would like to clone https://github.com/tstringer/create-react-app-with-redux and start a new project. I ran npm start and then ran npm install for each module not present, but there are many of them. Is there a way to install all the requirements? Something like pip install -r requirements.txt in Python.
Thanks,
Uri.
Just run npm install without arguments. It will resolve the required dependencies from the package.json file.
It's simple.
If you want to install all the node_modules from the package.json file you simply put: npm install in terminal (on the same directory where the package.json exists) and it would install all the node modules in the folder called node_modules.
Generally, the node_modules folder is not uploaded in a git (by putting restriction at .gitignore) because it is essentially the same folders or packages that one would have to install, *hence installing it from package.json is simpler and it saves the internet bandwidth and time.
Even you want to save something in the package.json while you are installing any npm package you can simply put npm install --save your-package-name and it would automatically save your package in the .package.json file and you can install the same file, even after you delete the node_modules folder using the same command.
Better yet, if you want to save yourself a lot of time use yarn install instead of npm install (https://yarnpkg.com/en/). It is much faster because it caches everything and operates in parallel (see https://www.sitepoint.com/yarn-vs-npm/ for a good comparison).
npm install githubname/reponame -- Repository Name you can try

Automatically remove dependencies from package.json when using npm uninstall

After npm init I can add dependencies in my package.json using this:
npm install package --save
And say, I want to uninstall the package and I do so by doing:
npm uninstall package
but I want my package.json to be updated accordingly too without me having to manually go to the file and delete that line.
From the npm docs it says:
It is strictly additive, so it does not delete options from your package.json without a really good reason to do so.
So, I just wanted to know if this is even possible.
Use the same --save flag. If you installed a dependency with:
$> npm install grunt-cli --save
you can uninstall it, with package.json getting updated, using:
$> npm uninstall grunt-cli --save
The 'save' flag tells npm to update package.json based on the operation you just made it do.
In my case --save did not clear the entry from package.json, the command as suggested by ionic-check I think if the uninstall happens to exit with any errors package.json will not be updated in which case you only have an option to manually change package.json, this is tedious but the only way I guess
UPDATE
when you uninstall a package which has a dependency on other package which is active then which case uninstall may fail with errors/warnings, the safe method is through following dependency graph not sure if there any tool available, a handy tool under such operations, warning messages are quite misleading though "you must install peer dependencies.." doesn't make any sense when we are uninstalling a package

How generate nodejs express dependencies package.json

As I started to develop my first nodejs express application, I added many packages with npm.
I would like to know if there is a way to generate a package.json file containing all the current dependencies or the list of the current packages under the nodes_modules directory.
Just run npm init in the same directory as your project.
You'll be asked a list of questions (name, version, description, etc.) and once complete, it will generate a package.json file with all of the dependencies as currently installed in the node_modules directory.
Run npm list to see what you have installed. Run npm shrinkwrap to build a npm-shrinkwrap.json file, which you can use as a starting reference to build a proper package.json. My workflow is always to update package.json and then run npm install. I never run npm install foo to get some package because it creates risk of forgetting to add it to package.json and then having your application fail to start on deployment.
Updated to add: These days I do run npm install --save foo or npm install --save-dev foo since I have now decided the ~0.4.3 version numbers it adds to package.json are better than my former preference for 0.4.x since the ~ gives you a more precise minimum version number.

Resources