The package is listed in project dependencies:
"name": "project",
"devDependencies": {
"package": "*"
}
Some of the files in installed package are ignored by blacklisting (.npmignore) or by whitelisting:
"name": "package",
"files": [
"lib/",
"index.js",
"LICENSE",
"README.md"
],
Forking it and changing ignore settings is not an option for me. I would prefer to have it in node_modules and require it like normal package, and doing things like git clone in npm install script looks like a terrible idea because it is dev dependency and shouldn't be installed for users who add project as a dependency.
Can package repo be installed entirely on npm i, including ignored files? What are the options?
Related
I have a monorepo project, with one of the packages being a cli. And to prevent npm supply chain attack I am thinking of using npm-shrinkwrap.
The documentation here says:
The recommended use-case for npm-shrinkwrap.json is applications deployed through the publishing process on the registry: for example, daemons and command-line tools intended as global installs or devDependencies
This is exactly what i want as I am deploying a command-line tools. The only problem is, it seems npm-shrinkwrap does not support workspaces.
Let's say the cli part of my monorepo can be found in the path: /code/packages/cli, when I switch to it and run npm shrinkwrap I get the error:
npm ERR! code ENOWORKSPACES
npm ERR! This command does not support workspaces.
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/me/.npm/_logs/2022-05-16T20_53_41_147Z-debug-0.log
If I switch to the root of the project, that is /code/ and I run npm shrinkwrap, it does generates a npm-shrinkwrap.json with the following structure:
{
"name": "root",
"version": "1.0.0",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "root",
"version": "1.0.0",
"license": "ISC",
"workspaces": [
"packages/*"
],
"devDependencies": {
"lerna": "^4.0.0"
}
},
"packages/cli": {
"name": "#proj/cli",
"version": "1.0.0",
"extraneous": true,
"license": "ISC"
}
}
}
But the only problem is, this is not the exact structure that should be created for the cli. Also when I publish the package (using lerna), the npm-shrinkwrap.json is never included in the cli package.
Any tips on how to make npm-shrinkwrap work with workspaces?
Basically how to have the npm-shrinkwrap.json generated for a package in a monorepo and have that inlcuded when that package is released?
The tool npm-lockfile uses npm's internals and works inside of monorepos.
Unfortunately, they're using an old version of #npm/arborist, so it doesn't quite work properly, and you can use my patch for now
npm ls -g shows a ton a packages and i havent installed any of them except 1 or two.
enter image description here
the package.json in my home directory:
{
"name": "yash",
"version": "1.0.0",
"description": "",
"main": "index.js",
"dependencies": {},
"devDependencies": {},
"scripts": {
"test": "mocha"
},
"keywords": [],
"author": "",
"license": "ISC"
}
the node_modules folder in my home directory is empty.
so what are all these files?
The -g flag will show global packages. These are packages which are not included in your package.json but are instead either packaged with your installation or were installed with npm install -g.
If the global packages you install have their own dependencies, then you'll also see those child dependencies listed. For example, you can see you installed nodemon, so you'll also see chokidar in the list, since nodemon requires that package to work.
If you want to ignore the child dependencies and see only the packages you directly installed, you can use npm list -g --depth 0.
You can read more about global packages vs. local packages
It seems this started when I updated node/npm but I didn't realized until now when I had to delete and re create my node_modules folder.
I have a React Native project which has the core module and one Examples project to showcase the module. The examples project references the module like this in my package.json:
"dependencies": {
"module-core": "file:../core"
},
When I run npm install in the Examples project I was getting this nodule_module structure:
node_modules
core
core_dependency_1
core_dependency_2
Now, I get this:
node_modules
core
node_modules
core_dependency_1
core_dependency_2
At first I thought it had to do with peerDepencies and how npm handled flat/nested dependencies but I have checked and it seems now the core folder is now a shortcut (I am using Windows).
This is breaking my gradle scripts because some are referenced like this:
apply from: "../../node_modules/react-native-vector-icons/fonts.gradle"
I could fix this by renaming the links but that would make the build platform/environment dependent.
Also it breaks some other scripts like this one:
apply from: project(':react-native-config').projectDir.getPath() + "/dotenv.gradle"
That is because the project() resolves to my root folder and now I cannot use that either.
I am using npm 5.4.2 and node 8.8.1. Previously I had node 7.4.0.
Is there any flag or way to make npm install the localDependency and not treat it as a shortcut?
I finally found the answer. Npm Version 5 indeed changed the way the local dependencies are handled and it just makes npm link, which creates symbolic links or shortcuts in windows.
You can accomplish the same behavior as before with this:
npm install $(npm pack <folder> | tail -1)
Working for me in Windows 10 with git-bash
My final solution was having this package.json in the Example project that used the core:
{
"name": "core-examples",
"version": "0.0.0",
"private": true,
"scripts": {
"start": "node node_modules/react-native/local-cli/cli.js start",
"preinstall": "npm pack ../Core | tail -1",
},
"dependencies": {
"core": "file:core-0.0.0.tgz"
},
"jest": {
"preset": "react-native"
}
}
The preinstall script will generate the tgz file and then you can install as usual. This will avoid having to commit the tgz file to the repository.
When I run this I am downloading all the dependencies in the node_modules directory
{
"name": "bootstrap-test-app",
"engine": "node 5.5.0",
"engineStrict": false,
"version": "1.0.0",
"description": "",
"main": "master.js",
"scripts": {},
"author": "soum",
"license": "BSD-2-Clause",
"devDependencies": {},
"dependencies": {
"bootstrap-sass": "latest",
"jquery": "3.1.1",
"requirejs": "2.1.22"
}
}
My question is it possible to set a path for the dependencies instead of node_modules
for example lets say in a dorectory called "dependencies"? Can I set a destination
property relative to the root of project so that my file structure looks like this
my-app
package.json
dependencies
-bootstrap-sass
-jquery
-requirejs
node_modules
No, it is not possible now and it is very unlikely to be possible in the future.
See this issue on GitHub from 2013 and the comments there:
Issue #3597: npm install into arbitrary folder instead of node_modules
The future of that can be summarize by two quotes from that discussion:
"Is there any way to change the location where the node_modules folder gets installed for local installed dependencies...??"
"no, there is not, and there are no plans to implement such a feature."
See also an older issue from 2011:
Issue #775: node_modules directory location
What you can do is to create a directory that you want and a symlink called node_modules with something like that:
$ mkdir dependencies
$ ln -sv dependencies node_modules
‘node_modules’ -> ‘dependencies’
$ npm i tryjson -S
customdeps#1.0.0 /home/rsp/node/test/customdeps
└── tryjson#1.1.4
$ ls dependencies
tryjson
I just came up with that idea. I wasn't sure if npm can install in a symlinked directory but I just tested it and it turns out that it can.
Of course to actually use those dependencies in Node, you'd have to set the NODE_PATH environment variable accordingly. See:
https://nodejs.org/api/modules.html
I am trying to install packages in the package.json file. Unfortunately, when I run npm install, nothing happens (nothing is installed). I have used npm install on other repos and it works successfully.
Here is my path:
$PATH = /Users/me/.rbenv/shims:/Users/me/.rbenv/bin:/usr/local/share/npm/bin:/usr/local/bin:/Applications/Postgres.app/Contents/MacOS/bin:/usr/bin:/bin:/usr/sbin:/sbin
As you can see, npm/bin is in my bath and I believe this is correct.
Here are the instructions for this repo and where to run npm install (which I am doing)
go into "module"
run "npm install"
pair your laptop/pc with intelligent brick troubleshoot: http://www.ev-3.net/en/archives/97
run example.js: "node example.js"
see "example.js" for more details
When I run npm install in the module directory (that has the package.json) nothing installs.
Here is the package.json:
{
"name": "ev3-nodejs-bt",
"description": "Bt Api for lego ev3 robot",
"version": "0.0.4",
"private": false,
"dependencies": {
"serialport": "1.*"
},
"main": "Ev3.js",
"devDependencies": {"serialport": "1.*"},
"scripts": {
"test": "node Ev3.js"
},
"repository": {
"type": "git",
"url": "https://github.com/wenchaojiang/Ev3NodeJsBtAPI"
},
"keywords": [
"node.js",
"ev3",
"lego",
"robot",
"bluetooth"
],
"author": "Wenchao Jiang <psxwj#nottingham.ac.uk> (http://wenchaojames.wordpress.com/)",
"license": "MIT",
"bugs": {
"url": "https://github.com/wenchaojiang/Ev3NodeJsBtAPI/issues"
}
}
Do I have something set up wrong on my system? (I don't think I do based on my $PATH and successful installing packets in other node-js repos) Is this package.json file not valid?
npm install doesn't install (or echo) anything when all of the dependencies are satisfied. Ensure there's a serialport folder under node_modules.
If you want to reinstall everything, you just need to remove the node_modules folder:
rm -r node_modules
npm install
If you have an npm-shrinkwrap.json file, check it. The npm install command will only install the packages specified in that file.
According to the npm install docs:
If the package has a shrinkwrap file, the installation of dependencies will be driven by that.
I had the same problem with my project. And when I looked at my npm-shrinkwrap.json file, I saw dependencies: {}. So that's why it didn't install anything for me.