difference between jspm install and npm install - jspm

I'm relatively new to jspm. I wanted to know what the difference is when is run jspm install package and npm install package. I know that there is a lookup with jspm/registry. But what's the difference when it comes to setting up config.js. Are there any additional changes to be made if the package is installed using npm?

npm and jspm are both package managers.
npm is used for the node ecosystem, and traditionally served back-end dependencies.
To enforce the separation between front-end and back-end, developers used tools specifically for front-end. There came bower and the likes... as well as jspm.
I wanted to know what the difference is when is run jspm install package and npm install package.
Here are some differences between npm and jspm:
- jspm stores its dependencies in jspm_packages whereas npm stores them in node_modules
- jspm uses a flat dependency tree
- jspm allows you to configure arbitrary registries to get your dependencies from (github and npm are configured by default)
- even if jspm tracks module declaration and mapping, as well as configuration, into its own file (config.json), it actually defines the project dependencies inside the package.json (within the property jspm)
- you could use jspm packages either for a jspm project, or for a node / web project
- jspm is in fact just a package manager which wrap around the configuration system of SystemJs
So when you install a package from jspm it uses SystemJs configuration and set up the mapping between the dependencies, allowing you to export the project as any module types (AMD, CJS, esm, umd ...).
Are there any additional changes to be made if the package is installed using npm?
jspm install package makes a lookup in the jspm registry.
If no package is found, it means that you have to specify from which registry this package is coming from.
For an npm package it is: jspm install npm:package.
You can of course specify a specific version by appending #version at the end of the package name.
jspm also allows you to declare a shorthand to map this library within your code.
for more info see documentation: http://jspm.io/docs/installing-packages.html

Both are package managers and essentially do the same function however here are some differences:
Npm will track packages in the package.json file whilst jspm will use the config.json file.
Npm will store it's packages in a node_modules folder whilst jspm will use a jspm_components folder.
Jspm is more commonly used to bring in client-side\front-end libraries and npm for server-side ones.
Restoring packages will normally follow like this:
Run npm install (should install jspm amongst other libraries)
Run jspm install

Related

Need globally installed dependencies in package.json on npm init

I have globally installed packages like bower, jshint, etc. On running npm init, it does not include dependencies. Is there a way where dependencies would be pre-included in package.json using globally installed packages on running npm init.
No. If your project needs explicit dependencies, they must be added to package.json manually or with npm install --save
npm init will creats a new package.json file based on your configuration that you specify. However you can use globally installed packages without specify them in package.json. But if you want to migrate your code from one system to another, then you have to manually specify all globally installed packages with name & version in package.json and after that you can use npm install for that.
Global dependencies are not supposed to be your new project's dependencies. Global dependencies are supposed to be command line tools such as pm2, forever, mocha, Istanbul etc. Package.json and global dependencies serve totally different purpose.
If you still find the need of doing so please explain exact package you need both at global and project.

Does npm install exclude dev dependencies?

When I am in a Node.js project and run npm install, npm installs both, dependencies and dev dependencies. If I do not want to install the dev dependencies, I can run npm install --production.
Question 1: If I do not provide --production: Are the dependencies' dev dependencies installed, too, or only their actual dependencies?
Now, what if I am in a Node.js project and install a new dependency, something such as:
npm install foo
This installs foo's dependencies, of course.
Question 2: But what about its dev dependencies? Are they installed, too, or are they skipped?
Answers to your questions:
Yes dev dependencies will be installed in npm install only way it wont install dev dependencies is when NODE_ENV is set to production
No dev dependencies of your external modules won't be installed see here
When you run npm install by default both dependencies and devDependency dependencies are also installed. Because if once is going to develop a package, we would download it e.g. from git and go to root folder and run.
npm install
so you would expect to have devDependencies to.
npm install "$package"
doesn't install the devDependencies by default. But if you really want to install development packages in that case, you can set the dev config option to true:
npm install "$package" --dev
Node applications use multiple methods to maintain dependency versioning up to date but there are multiple dependency types that need to be considered. Dependencies are found in a node application's root directory within the package.json file. I will go through the different dependency types and list some defining features or characteristics:
Dependencies:
These are specified in a simple object that maps a package name to a version range. The version range is a string which has one or more space-separated descriptors. Dependencies can also be identified with a tarball or git URL.
npm install from a directory that contains package.json
npm install $package on any other directory
dependencies are required to run
Installed transitively: if A requires B, and B requires C. then C gets installed, otherwise B could not work, and neither would A.
devDependencies:
If someone is planning on downloading and using module in their program, then they probably don't want or need to download and build the external test or documentation framework that you use. In this case it's best to map these additional items in a devDependencies object, which is not installed when the user is installing the package unless specifically passing in --dev. These are typically installed when doing a traditional npm install from the root of the package.
npm install on a directory that contains package.json, unless the developer passes the --production flag.
not installed on npm install "$package" on any other directory, unless you give it the --dev option
Are not installed transitively
Other Dependency types:
These are less commonly used but may serve a purpose.
peerDependencies
optionalDependencies

npm install generate more folders than needed

I've been using ember for a while and when I wanted to install the node dependencies of a project, I just needed to use npm install to create the folder node_modules with all the dependencies (as it's described in http://ember-cli.com/user-guide/).
Since I was using an old version of node I unisntalled node and npm and installed nvm with the versions node v5.0.0 and npm v3.3.6but now, when I try to use npm install to install the dependencies of a project as I used to do before, instead of the dependencies of the package.json file, I get many, many more from things I'm not sure where they come (I think they are dependencies that npm handles by itself in a globally way but now it's adding them to my project locally, but I'm not sure).
Why am I getting all those unknown (for me) dependencies?
Notice that, when I run ember new it generates the correct dependencies in node_modules but if I delete this folder and run npm install happens the same.
That's one of the changes introduced by npm v3.0:
Your dependencies will now be installed flat - by default. If
possible, all of your dependencies, and their dependencies, and their
dependencies will be installed in your project's node_modules folder
without nesting. Nesting will only occur when two or more modules have
conflicting dependencies.
Read more at http://www.felixrieseberg.com/npm-v3-is-out-and-its-a-really-big-deal-for-windows/

What is the difference between --save and --save-dev?

What is the difference between:
npm install [package_name]
and:
npm install [package_name] --save
and:
npm install [package_name] --save-dev
What does this mean? And what is really the effect of --save and -dev keywords?
The difference between --save and --save-dev may not be immediately noticeable if you have tried them both on your own projects. So here are a few examples...
Let's say you were building an app that used the moment package to parse and display dates. Your app is a scheduler so it really needs this package to run, as in: cannot run without it. In this case you would use
npm install moment --save
This would create a new value in your package.json
"dependencies": {
...
"moment": "^2.17.1"
}
When you are developing, it really helps to use tools such as test suites and may need jasmine-core and karma. In this case you would use
npm install jasmine-core --save-dev
npm install karma --save-dev
This would also create a new value in your package.json
"devDependencies": {
...
"jasmine-core": "^2.5.2",
"karma": "^1.4.1",
}
You do not need the test suite to run the app in its normal state, so it is a --save-dev type dependency, nothing more. You can see how if you do not understand what is really happening, it is a bit hard to imagine.
Taken directly from NPM docs docs#dependencies
Dependencies
Dependencies are specified in a simple object that maps a package name
to a version range. The version range is a string that has one or
more space-separated descriptors. Dependencies can also be identified
with a tarball or git URL.
Please do not put test harnesses or transpilers in your dependencies
object. See devDependencies, below.
Even in the docs, it asks you to use --save-dev for modules such as test harnesses.
--save-dev is used to save the package for development purpose.
Example: unit tests, minification..
--save is used to save the
package required for the application to run.
By default, NPM simply installs a package under node_modules. When you're trying to install dependencies for your app/module, you would need to first install them, and then add them to the dependencies section of your package.json.
--save-dev adds the third-party package to the package's development dependencies. It won't be installed when someone runs npm install directly to install your package. It's typically only installed if someone clones your source repository first and then runs npm install in it.
--save adds the third-party package to the package's dependencies. It will be installed together with the package whenever someone runs npm install package.
Dev dependencies are those dependencies that are only needed for developing the package. That can include test runners, compilers, packagers, etc.
Both types of dependencies are stored in the package's package.json file. --save adds to dependencies, --save-dev adds to devDependencies
npm install documentation can be referred here.
--
Please note that --save is now the default option, since NPM 5. Therefore, it is not explicitly needed anymore. It is possible to run npm install without the --save to achieve the same result.
Let me give you an example,
You are a developer of a very SERIOUS npm library which uses different testing libraries to test the package.
Users download your library and want to use it in their code. Do they need to download your testing libraries as well? Maybe you use jest for testing and they use mocha. Do you want them to install jest as well? Just To run your library?
No. right? That's why they are in devDependencies.
When someone does, npm i yourPackage only the libraries required to RUN your library will be installed. Other libraries you used to bundle your code with or testing and mocking will not be installed because you put them in devDependencies. Pretty neat right?
So, Why do the developers need to expose the devDependancies?
Let's say your package is an open-source package and 100s of people are sending pull requests to your package. Then how they will test the package? They will git clone your repo and when they would do an npm i the dependencies as well as devDependencies.
Because they are not using your package. They are developing the package further, thus, in order to test your package they need to pass the existing test cases as well write new. So, they need to use your devDependencies which contain all the testing/building/mocking libraries that YOU used.
A perfect example of this is:
$ npm install typescript --save-dev
In this case, you'd want to have Typescript (a javascript-parseable coding language) available for development, but once the app is deployed, it is no longer necessary, as all of the code has been transpiled to javascript. As such, it would make no sense to include it in the published app. Indeed, it would only take up space and increase download times.
As suggested by #andreas-hultgren in this answer and according to the npm docs:
If someone is planning on downloading and using your module in their program, then they probably don't want or need to download and build the external test or documentation framework that you use.
However, for webapp development, Yeoman (a scaffolding tool that installs a peer-reviewed, pre-written package.json file amongst other things) places all packages in devDependencies and nothing in dependencies, so it appears that the use of --save-dev is a safe bet in webapp development, at least.
--save-dev saves semver spec into "devDependencies" array in your package descriptor file, --save saves it into "dependencies" instead.
--save-dev is used for modules used in development of the application,not require while running it in production environment
--save is used to add it in package.json and it is required for running of the application.
Example: express,body-parser,lodash,helmet,mysql all these are used while running the application use --save to put in dependencies while mocha,istanbul,chai,sonarqube-scanner all are used during development ,so put those in dev-dependencies .
npm link or npm install will also install the dev-dependency modules along with dependency modules in your project folder
Read Complete And Forget --save-dev Headache
Simplest answer is that --save-dev is useful when you are creating packages for other developers and want to host your package at NPM Registry like lodash, mongoose, express etc. When you are building or writing a Node Server there is no difference between --save and --save-dev because your Node Server implementation is private to you and you will never publish it on NPM.
How NPM Install Works
Whenever we install a new package using npm like npm install express then NPM installs that package to our system and put it into node_modules folder, now NPM will analyze the package.json file of newly installed package i.e express in this case, after analyzing NPM will install all those packages which were mentioned in dependencies section of package.json file of express package. After installing those packages on which express was dependent NPM again analyze the package.json file of all newly installed packages and again install the packages for them, this cycle goes on until all packages are available into node_modules folder to function properly. You can check package dependencies by running npm list in terminal where terminal should point location of your project directory.
How --save-dev Is Related To Above Explained Stuff
Suppose you want to create a new package like express, now while development of this new package you probably want to write some unit testing code and test the package with any other available testing package let's assume mocha in this case. Now you know mocha is only required to test the package not required to use the package. In this case you should install mocha using --save-dev flag, otherwise NPM will install it whenever a developer install your package using NPM. So if we want a dependency not installed when someone install our package from NPM we must install that package using --save-dev in development phase.
Last Thing
Do not mix --save-dev with collaboration development, if someone cloned your package code from a source version control system like github then NPM will surely install all devDependencies i.e package installed using --save-dev also.
Clear answers are already provided. But it's worth mentioning how devDependencies affects installing packages:
By default, npm install will install all modules listed as dependencies in package.json . With the --production flag (or when the NODE_ENV environment variable is set to production ), npm will not install modules listed in devDependencies .
See: https://docs.npmjs.com/cli/install
When you install an npm package using npm install <package-name>, you are installing it as a dependency.
The package is automatically listed in the package.json file, under the dependencies list (as of npm 5: before you had to manually specify --save).
ex. npm install lodash
After pressing enter check your package.json file.
"dependencies": {
"lodash": "4.x",
},
When you add the -D flag, or --save-dev, you are installing it as a development dependency, which adds it to the devDependencies list.
ex. npm install --save-dev lite-server
After pressing enter check your package.json file
"devDependencies": {
"lite-server": "^2.6.1"
},
Development dependencies are intended as development-only packages, that are unneeded in production. For example testing packages, webpack, or Babel.
When you go in production, if you type npm install and the folder contains a package.json file, they are installed, as npm assumes this is a development deploy.
You need to set the --production flag (npm install --production) to avoid installing those development dependencies.
All explanations here are great, but lacking a very important thing: How do you install production dependencies only? (without the development dependencies).
We separate dependencies from devDependencies by using --save or --save-dev.
To install all we use:
npm i
To install only production packages we should use:
npm i --only=production
You generally don't want to bloat production package with things that you only intend to use for Development purposes.
Use --save-dev (or -D) option to separate packages such as Unit Test frameworks (jest, jasmine, mocha, chai, etc.)
Any other packages that your app needs for Production, should be installed using --save (or -S).
npm install --save lodash //prod dependency
npm install -S moment // " "
npm install -S opentracing // " "
npm install -D jest //dev only dependency
npm install --save-dev typescript //dev only dependency
If you open the package.json file then you will see these entries listed under two different sections:
"dependencies": {
"lodash": "4.x",
"moment": "2.x",
"opentracing": "^0.14.1"
},
"devDependencies": {
"jest": "22.x",
"typescript": "^2.8.3"
},
--save-dev (only used in the development, not in production)
--save (production dependencies)
--global or -g (used globally i.e can be used anywhere in our local system)
People use npm on production to do wicked cool stuff, Node.js is an example of this, so you don't want all your dev tools being run.
If you are using gulp (or similar) to create build files to put on your server then it doesn't really matter.
Basically We Write
npm install package_name
But specially for Testing Purpose we don't need to run some package while Application is Running in Normal State so that Node introduce good way to solve this problem. Whenever we write
npm install package_name --save-dev
at that time this package is only installed for development purpose.
I want to add some of my ideas as
I think all differences will appear when someone uses your codes instead of using by yourself
For example, you write an HTTP library called node's request
In your library,
you used lodash to handle string and object, without lodash, your codes cannot run
If someone uses your HTTP library as a part of his code. Your codes will be compiled with his.
your codes need lodash, So you need to put in dependencies to compile
If you write a project like monaco-editor, which is a web editor,
you have bundled all your codes and your product env library using webpack, when build completed, only have a monaco-min.js
So someone doesn't care whether --save or --save-dependencies, only he needs is monaco-min.js
Summary:
If someone wants to compile your codes (use as a library),
put lodash which used by your codes into dependencies
If someone want to add more feature to your codes, he needs unit test and compiler, put these into dev-dependencies
as --save is default option for npm, so I use
npm i package
and for --save-dev, I use
npm i package -D
default option will install package as project dependency where as -D is for development dependencies like testing, lint etc. and install package for development process
you can find all the flags here https://docs.npmjs.com/cli/v8/commands/npm-install

What does -save-dev mean in npm install grunt --save-dev

I've just started using Grunt.js. It is pretty hard to set up and I am at the point of creating a package.json file.
Following this tutorial, it says there are 3 ways to create a package.json file.
The first is to do npm install grunt --save-dev
But what does --save-dev means? I tried looking but it ends in vain.
--save-dev: Package will appear in your devDependencies.
According to the npm install docs.
If someone is planning on downloading and using your module in their program, then they probably don't want or need to download and build the external test or documentation framework that you use.
In other words, when you run npm install, your project's devDependencies will be installed, but the devDependencies for any packages that your app depends on will not be installed; further, other apps having your app as a dependency need not install your devDependencies. Such modules should only be needed when developing the app (eg grunt, mocha etc).
According to the package.json docs
Edit: Attempt at visualising what npm install does:
yourproject
dependency installed
dependency installed
dependency installed
devDependency NOT installed
devDependency NOT installed
devDependency installed
dependency installed
devDependency NOT installed
There are (at least) two types of package dependencies you can indicate in your package.json files:
Those packages that are required in order to use your module are listed under the "dependencies" property. Using npm you can add those dependencies to your package.json file this way:
npm install --save packageName
Those packages required in order to help develop your module are listed under the "devDependencies" property. These packages are not necessary for others to use the module, but if they want to help develop the module, these packages will be needed. Using npm you can add those devDependencies to your package.json file this way:
npm install --save-dev packageName
To add on to Andreas' answer, you can install only the dependencies by using:
npm install --production
When you use the parameter "--save" your dependency will go inside the #1 below in package.json. When you use the parameter "--save-dev" your dependency will go inside the #2 below in package.json.
#1. "dependencies": these packages are required by your application in production.
#2. "devDependencies": these packages are only needed for development and testing
Documentation from npm for npm install <package-name> --save and npm install <package-name> --save-dev can be found here:
https://docs.npmjs.com/getting-started/using-a-package.json#the-save-and-save-dev-install-flags
A package.json file declares metadata about the module you are developing. Both aforementioned commands modify this package.json file. --save will declare the installed package (in this case, grunt) as a dependency for your module; --save-dev will declare it as a dependency for development of your module.
Ask yourself: will the installed package be required for use of my module, or will it only be required for developing it?
For me the first answer appears a bit confusing, so to make it short and clean:
npm install <package_name> saves any specified packages into dependencies by default. Additionally, you can control where and how they get saved with some additional flags:
npm install <package_name> --no-save Prevents saving to dependencies.
npm install <package_name> ---save-dev updates the devDependencies in your package. These are only used for local testing and development.
You can read more at in the dcu
–save
The package installed is core dependency.
–save-dev
The package installed is not a core rather development dependency.
Use only when developing
--save-dev means omit in production environments, use only in development environments (smaller, and probably faster).

Resources