NPM install bunch of packages not from package.json file - node.js

Using Visual Studio code as IDE but lately when I run the command - npm install from the app folder of the solution it installs around 374 items under "node_modules" instead of just installing the packages from the package.json file.
Can someone please provide some pointers for this behavior?
My versions:
node -v
v6.9.1
npm -v
3.10.8

Go to your node_modules folder and find one of the folders matching the libraries from your package.json file. Inside you will find another package.json which describes this library. It is most likely it will also have at least a couple of entries in dependencies section.
When you run npm install npm builds so-called 'dependency tree'. It starts with your top-level package.json and checks what dependencies needs to be installed, then (using its registry) it checks what are the dependencies of these dependencies and then their dependencies and so on...
It is prudent (but often neglected) to check what are the dependencies of the libraries you decide to use. Some of them might have licenses incompatible with yours. Some of them might need a ton of code to perform a simple thing. Many will use deprecated versions, which will spam your npm install log with warnings and might actually cause some conflicts with your other dependencies.

Related

Bundling NPM module for OFFLINE distribution (with all dependencies)

How can I create a tarball package for distribution (with all its dependencies)?
The package needs to contain the actual module + all its dependencies since it will be installed locally/offline due to internet restrictions on the organization.
I tried adding the dependencies to bundledDependencies in package.json then running npm pack. But the generated tarball does not include any dependencies I have listed.
I also tried using a module called npm-pack-all but it does not work as I intended.
Any way I can do this? Preferably without the need for additional npm modules.
Help is really appreciated. Thanks!
npm pack with bundledDependencies worked well for me:
I am using node v10.15.0 and npm v6.4.1
It even bundled the dependencies that my dependencies need/have.

npm install has dozens of versions of same package in node_modules/.staging

I'm developing a Webpack, TypeScript and Angular 1.5.x web application that uses NPM for dependency management. The application has about 3 dozen dependencies and a similar number of devDependencies listed in package.json. Many of the dependencies are internally-developed NPM packages hosted on Artifactory.
Our npm install is very slow on Jenkins (on the order of 1 hour sometimes). I've noticed the following:
During npm install a .staging directory is created under node_modules. Here, there are about a dozen different versions of the same dependency listed. I am assuming each of our dependencies is specifying slightly different versions of those dependencies and NPM downloads all of them to resolve them. For example
$ ls -al node_modules/.staging/webpack-*
webpack-02c2cd2d/ webpack-core-0e45f015/ webpack-dev-middleware-1b9e08da/
# ...many more versions of webpack, wepack-core, webpack-dev-middleware
The .staging directory itself contains thousands of directories:
$ ls -al node_modules/.staging/ | wc -l
19406
My questions are the following:
What is the .staging directory for? What is npm doing with it? This question was asked as an issue on Github but never properly answered.
Why is npm install so slow? Why does it download so many different versions of each dependency?
What can I do about the slowness and apparent duplicate downloads? (apart from the solution suggested on the Github issue i.e. increase swap)
Here is what was happening:
Our internal packages were shrinkwrapped. The npm-shrinkwrap.json file for each package had been generated with the --dev flag. This means development dependencies are also shrinkwrapped.
There are two possible solutions for this:
Don't generate shrinkwrap JSON with the --dev flag
Run npm install --only=prod. This is supposed to skip installing devDependencies, per this answer

How do I check node_modules directory for unnecessary packages?

My node_modules has packages that are not listed in my package.json's dependencies, so I'm guessing that those packages are dependencies of my dependencies. How would I be able to check this? I want to make sure that there aren't any unnecessary packages in my node_modules directory.
If your dependency list won't take too long to reinstall, a simple option is a table-flip: remove the node_modules directory entirely and run npm install to re-create it.
If you don't want to do that, you can try tools that inspect your dependencies, like depcheck as #sagar-gopale suggests in their answer.
Related: Run npm -v to find out if you are running npm v2 or v3. Like #cartant says in their answer, with v3, your node_modules directory will be maximally flat, which means things that used to appear as subdirectories of other modules (when installed with npm v2) will now appear at the top level of node_modules itself. That may be the reason you see more modules than you expect.
If you are using NPM 3, you will likely see a large number of modules that you were not expecting to see in the node_modules directory, as NPM 3 flattens the dependency hierarchy.
Whichever version you are using, if you run the npm list command, NPM should highlight any extraneous modules that are not required.
Please checkout this package.
https://www.npmjs.com/package/depcheck
Since packages can require other packages, just because there are packages in the node_modules folder that don't exist in your packages.json file doesn't mean they aren't needed by one of your specified packages.
If you run an npm prune command on the root directory of your solution it will read the dependency tree and remove the packages that are truly no longer needed.

npm install generate more folders than needed

I've been using ember for a while and when I wanted to install the node dependencies of a project, I just needed to use npm install to create the folder node_modules with all the dependencies (as it's described in http://ember-cli.com/user-guide/).
Since I was using an old version of node I unisntalled node and npm and installed nvm with the versions node v5.0.0 and npm v3.3.6but now, when I try to use npm install to install the dependencies of a project as I used to do before, instead of the dependencies of the package.json file, I get many, many more from things I'm not sure where they come (I think they are dependencies that npm handles by itself in a globally way but now it's adding them to my project locally, but I'm not sure).
Why am I getting all those unknown (for me) dependencies?
Notice that, when I run ember new it generates the correct dependencies in node_modules but if I delete this folder and run npm install happens the same.
That's one of the changes introduced by npm v3.0:
Your dependencies will now be installed flat - by default. If
possible, all of your dependencies, and their dependencies, and their
dependencies will be installed in your project's node_modules folder
without nesting. Nesting will only occur when two or more modules have
conflicting dependencies.
Read more at http://www.felixrieseberg.com/npm-v3-is-out-and-its-a-really-big-deal-for-windows/

How to prevent npm install <package> --save-dev from reordering devDependencies

Background
We're having issues with a Windows build system hitting the file path too long error when the node modules folder has items within it that have paths which are over 260 characters.
We've discovered adding a deeply nested dependency to the top of the devDependencies section fixes this issue. The assumption is that when npm sees a nested dependency C.1 require package A, which is already declared and available in devDependencies, npm will not add dependency A to dependency C.1's node_modules directory.
Issue
The problem I'm seeing on my local machine is that running npm install <package> --save-dev reorders the packages in devDependencies alphabetically, but the order npm process packages and their dependencies matters. If I check this in, then the build system will hit the same file path too long error.
ie If package A comes after package C and dependency C.1 requires package A, then npm will add package A to the node_modules folder of dependency C.1.
I'm not sure if this reordering is only on my machine since I haven't seen npm reorder dependencies on my home machine before.
Has anyone seen this before or know how to stop this behavior?
Versions
Node: v0.10.32
NPM: v1.4.28
Side note: I've read that npm 2.0 or future versions will analyze the dependency hierarchy, find duplicated packages, and only reference them once on the file system, but the upgrade to npm 2.0 is not in the picture at this time.
The only way I see this working is to have some sort of preinstall script which [hopefully] will run after the dependencies file has been updated but before the package is installed. From the npm site:
In the current version of node, the standard way to do this is using a
.gyp file. If you have a file with a .gyp extension in the root of
your package, then npm will run the appropriate node-gyp commands
automatically at install time
If that doesn't work, you will need to use MakeFile and rewrite the package.json file. This is not too out of the ordinary as some projects require some sort of pre-compilation - you would just instruct your team to run a separate command for installing npm packages.

Resources