Is there a way to see what packages are installed in node_modules that aren't in package.json? I know that npm-check and dependency-check can be used to check modules currently in package.json, but I wonder if there is a way to look for packages that might just be extraneously installed.
Use npm list or its shortcut npm ls to list installed packages.
Packages that not in the package.json will be marked as extraneous.
There is also npm ll or npm la which lists extended information about packages.
Related
Using Visual Studio code as IDE but lately when I run the command - npm install from the app folder of the solution it installs around 374 items under "node_modules" instead of just installing the packages from the package.json file.
Can someone please provide some pointers for this behavior?
My versions:
node -v
v6.9.1
npm -v
3.10.8
Go to your node_modules folder and find one of the folders matching the libraries from your package.json file. Inside you will find another package.json which describes this library. It is most likely it will also have at least a couple of entries in dependencies section.
When you run npm install npm builds so-called 'dependency tree'. It starts with your top-level package.json and checks what dependencies needs to be installed, then (using its registry) it checks what are the dependencies of these dependencies and then their dependencies and so on...
It is prudent (but often neglected) to check what are the dependencies of the libraries you decide to use. Some of them might have licenses incompatible with yours. Some of them might need a ton of code to perform a simple thing. Many will use deprecated versions, which will spam your npm install log with warnings and might actually cause some conflicts with your other dependencies.
My node_modules has packages that are not listed in my package.json's dependencies, so I'm guessing that those packages are dependencies of my dependencies. How would I be able to check this? I want to make sure that there aren't any unnecessary packages in my node_modules directory.
If your dependency list won't take too long to reinstall, a simple option is a table-flip: remove the node_modules directory entirely and run npm install to re-create it.
If you don't want to do that, you can try tools that inspect your dependencies, like depcheck as #sagar-gopale suggests in their answer.
Related: Run npm -v to find out if you are running npm v2 or v3. Like #cartant says in their answer, with v3, your node_modules directory will be maximally flat, which means things that used to appear as subdirectories of other modules (when installed with npm v2) will now appear at the top level of node_modules itself. That may be the reason you see more modules than you expect.
If you are using NPM 3, you will likely see a large number of modules that you were not expecting to see in the node_modules directory, as NPM 3 flattens the dependency hierarchy.
Whichever version you are using, if you run the npm list command, NPM should highlight any extraneous modules that are not required.
Please checkout this package.
https://www.npmjs.com/package/depcheck
Since packages can require other packages, just because there are packages in the node_modules folder that don't exist in your packages.json file doesn't mean they aren't needed by one of your specified packages.
If you run an npm prune command on the root directory of your solution it will read the dependency tree and remove the packages that are truly no longer needed.
When I am in a Node.js project and run npm install, npm installs both, dependencies and dev dependencies. If I do not want to install the dev dependencies, I can run npm install --production.
Question 1: If I do not provide --production: Are the dependencies' dev dependencies installed, too, or only their actual dependencies?
Now, what if I am in a Node.js project and install a new dependency, something such as:
npm install foo
This installs foo's dependencies, of course.
Question 2: But what about its dev dependencies? Are they installed, too, or are they skipped?
Answers to your questions:
Yes dev dependencies will be installed in npm install only way it wont install dev dependencies is when NODE_ENV is set to production
No dev dependencies of your external modules won't be installed see here
When you run npm install by default both dependencies and devDependency dependencies are also installed. Because if once is going to develop a package, we would download it e.g. from git and go to root folder and run.
npm install
so you would expect to have devDependencies to.
npm install "$package"
doesn't install the devDependencies by default. But if you really want to install development packages in that case, you can set the dev config option to true:
npm install "$package" --dev
Node applications use multiple methods to maintain dependency versioning up to date but there are multiple dependency types that need to be considered. Dependencies are found in a node application's root directory within the package.json file. I will go through the different dependency types and list some defining features or characteristics:
Dependencies:
These are specified in a simple object that maps a package name to a version range. The version range is a string which has one or more space-separated descriptors. Dependencies can also be identified with a tarball or git URL.
npm install from a directory that contains package.json
npm install $package on any other directory
dependencies are required to run
Installed transitively: if A requires B, and B requires C. then C gets installed, otherwise B could not work, and neither would A.
devDependencies:
If someone is planning on downloading and using module in their program, then they probably don't want or need to download and build the external test or documentation framework that you use. In this case it's best to map these additional items in a devDependencies object, which is not installed when the user is installing the package unless specifically passing in --dev. These are typically installed when doing a traditional npm install from the root of the package.
npm install on a directory that contains package.json, unless the developer passes the --production flag.
not installed on npm install "$package" on any other directory, unless you give it the --dev option
Are not installed transitively
Other Dependency types:
These are less commonly used but may serve a purpose.
peerDependencies
optionalDependencies
Let's say, I have install some new packages, uninstall some packages, update some packages to new versions. All changes are saved into package.json. When I pull the changes with this new package.json, is there a single command to do the synchronisation between the locally installed packages and those specified in the updated package.json?
I am looking for something like:
$ npm syncrhonise
npm install will install all packages specified in package.json. npm update will do the same but will also go a find any new versions of those packages. You can uninstall an individual package using npm uninstall <package>. There are already solutions to remove all packages here
I found two ways:
First npm prune will uninstall everything not listed in your package.json
npm prune [<name> [<name ...]]
This command removes "extraneous" packages. If a package name is
provided, then only packages matching one of the supplied names are
removed.
Extraneous packages are packages that are not listed on the
parent package's dependencies list.
Documentation available at prune.
Second You could remove your node_modules/ folder and then reinstall the dependencies from package.json.
rm -rf node_modules/
npm install
This would erase all installed packages in the current folder and only
install the dependencies from package.json. If the dependencies have
been previously installed npm will try to use the cached version,
avoiding downloading the dependency a second time.
Windows Trick
Due to its folder nesting Windows can’t delete the folder as its name is too long. To solve this, install RimRaf:
npm install rimraf -g
rimraf node_modules
I've just started using Grunt.js. It is pretty hard to set up and I am at the point of creating a package.json file.
Following this tutorial, it says there are 3 ways to create a package.json file.
The first is to do npm install grunt --save-dev
But what does --save-dev means? I tried looking but it ends in vain.
--save-dev: Package will appear in your devDependencies.
According to the npm install docs.
If someone is planning on downloading and using your module in their program, then they probably don't want or need to download and build the external test or documentation framework that you use.
In other words, when you run npm install, your project's devDependencies will be installed, but the devDependencies for any packages that your app depends on will not be installed; further, other apps having your app as a dependency need not install your devDependencies. Such modules should only be needed when developing the app (eg grunt, mocha etc).
According to the package.json docs
Edit: Attempt at visualising what npm install does:
yourproject
dependency installed
dependency installed
dependency installed
devDependency NOT installed
devDependency NOT installed
devDependency installed
dependency installed
devDependency NOT installed
There are (at least) two types of package dependencies you can indicate in your package.json files:
Those packages that are required in order to use your module are listed under the "dependencies" property. Using npm you can add those dependencies to your package.json file this way:
npm install --save packageName
Those packages required in order to help develop your module are listed under the "devDependencies" property. These packages are not necessary for others to use the module, but if they want to help develop the module, these packages will be needed. Using npm you can add those devDependencies to your package.json file this way:
npm install --save-dev packageName
To add on to Andreas' answer, you can install only the dependencies by using:
npm install --production
When you use the parameter "--save" your dependency will go inside the #1 below in package.json. When you use the parameter "--save-dev" your dependency will go inside the #2 below in package.json.
#1. "dependencies": these packages are required by your application in production.
#2. "devDependencies": these packages are only needed for development and testing
Documentation from npm for npm install <package-name> --save and npm install <package-name> --save-dev can be found here:
https://docs.npmjs.com/getting-started/using-a-package.json#the-save-and-save-dev-install-flags
A package.json file declares metadata about the module you are developing. Both aforementioned commands modify this package.json file. --save will declare the installed package (in this case, grunt) as a dependency for your module; --save-dev will declare it as a dependency for development of your module.
Ask yourself: will the installed package be required for use of my module, or will it only be required for developing it?
For me the first answer appears a bit confusing, so to make it short and clean:
npm install <package_name> saves any specified packages into dependencies by default. Additionally, you can control where and how they get saved with some additional flags:
npm install <package_name> --no-save Prevents saving to dependencies.
npm install <package_name> ---save-dev updates the devDependencies in your package. These are only used for local testing and development.
You can read more at in the dcu
–save
The package installed is core dependency.
–save-dev
The package installed is not a core rather development dependency.
Use only when developing
--save-dev means omit in production environments, use only in development environments (smaller, and probably faster).