Using npm to Manage Your Projects for Fun and Profit
Jonathan Altman (@async_io, http://github.com/jonathana)node.dc January meetup 1/23/2013
Is This How You Start a Project?
•mkdir my_cool_new_project
•cd my_cool_new_project
•npm init
•Alternatively: express my_cool_new_project
•Other frameworks probably lay down your npm package.json too
It Should Be
“But It’s Not a Redistributable Package”
Use npm Anyway• You Can Still Keep Your Package Private
• Project Package Dependency Management
• Automated Retrieval
• Automated Updates
• Dependency Version Management
• Environment-Specific Package Selection
• Node Runtime Version Requirement
Package Management Without Node
npm install expressnpm install mochanpm rm expressnpm install -g expressexpress initnpm install qnpm install ...
•And now we need to move to production...how exactly? Or a 2nd dev
•We just shipped the unit test library to production?!?
Read The Fine Manual
•There is plenty of documentation on the package.json file, what you can put in it, and what it can do
•Check out https://npmjs.org/doc/json.html
•npm’s semver package documentation: https://npmjs.org/doc/semver.html
•http://www.devthought.com/2012/02/17/npm-tricks/ had some useful tips/tricks as well
vagrant@precise64:/vm_src$ express express_example
create : express_example create : express_example/package.json create : express_example/app.js[bunch of stuff deleted] create : express_example/public/images
install dependencies: $ cd express_example && npm install
run the app: $ node app
vagrant@precise64:/vm_src$
vagrant@precise64:/vm_src/raw_init_example$ npm initThis utility will walk you through creating a package.json file.It only covers the most common items, and tries to guess sane defaults.
See `npm help json` for definitive documentation on these fieldsand exactly what they do.
Use `npm install <pkg> --save` afterwards to install a package andsave it as a dependency in the package.json file.
Press ^C at any time to quit.name: (raw_init_example) version: (0.0.0) 0.0.1description: Example raw npm init for node.dc meetupentry point: (index.js) app.jstest command: mochagit repository: keywords: author: Jonathan M. Altmanlicense: (BSD) ProprietaryAbout to write to /vm_src/raw_init_example/package.json:
[package.json contents removed: we’ll cover this in the next slide]
Is this ok? (yes) npm WARN package.json [email protected] No README.md file found!vagrant@precise64:/vm_src/raw_init_example$
vagrant@precise64:/vm_src/raw_init_example$ cat package.json{ "name": "raw_init_example", "version": "0.0.1", "description": "Example raw npm init for node.dc meetup", "main": "app.js", "scripts": { "test": "mocha" }, "repository": "", "author": "Jonathan M. Altman", "license": "Proprietary"}vagrant@precise64:/vm_src/raw_init_example$
Keep Your Package Private
•Specify that your project is private in your package.json and it will never get published anywhere
"private": true
•Add the following item to the JSON in your package.json:
"dependencies": {},
•Then, start adding dependencies
Specifying Dependencies
"dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" },
Specifying Global Dependencies
vagrant@precise64:/vm_src/raw_init_example$ npm installnpm WARN package.json [email protected] No README.md file found!npm http GET https://registry.npmjs.org/q[several tens of lines of download/build deleted][email protected] node_modules/q
[email protected] node_modules/ejs
[email protected] node_modules/underscore
[email protected] node_modules/request
[email protected] node_modules/winston├── [email protected][bunch of dependency install lines deleted]├── [email protected]└── [email protected]@precise64:/vm_src/raw_init_example$
"dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" },
Dependency Version Management
Dependency Version Management
•npm wants/uses Semantic Versioning--semver, http://http://semver.org/ -- to specify package versions
• (and you should too for your own package version numbering)
•Logical comparison operators, and some wildcarding, allow you to control which version(s) of a package you want
•Review https://npmjs.org/doc/json.html#dependencies for fuller explanations of how the various specifiers work
"dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" },
Cap the Version Allowed
"dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" },
Specify Floor Version Required
"dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" },
Specify Specific Major/Minor Ver.
"dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": "= 0.6.2" },
Specify Exact Version
"dependencies": { "express": ">= 2.5.2 <3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" },
Specify Version Ranges
"dependencies": { "express": "<3.x" ,"underscore": "~1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" },
Specify Floor Within Minor
Environment Management
• If you want to pull packages in for e.g. BDD/TDD or other unit testing, mocking, or anything else where you would not put the dependency in production
"devDependencies": { "nock": ">= 0.13.4" ,"mocha": "= 1.4.2" ,"chai": ">= 1.2.0" ,"chai-as-promised": ">= 3.2.2" }
Node Engine Version Management
• The npm docs highly recommend against doing this, but you can specify the version(s) of the node engine that you want your package to run against--again using semver specifications:
{ "engines" : { "node" : ">=0.8.08 <0.9.x" } }
• You can also force particular npm versions:
{ "engines" : { "node" : "~ 0.8.16", npm: "~1.1.65" } }
• Unless you put { "engineStrict" : true} in your package.json, this is all just advisory
• Isaac Schlueter says “don’t abuse it, or I’ll remove it”
{ "name": "raw_init_example", "version": "0.0.1", "description": "Example raw npm init for node.dc meetup", "private": true, "engines" : { "node" : "~ 0.8.16", npm: "~1.1.65" } }, "main": "app.js", "scripts": { "test": "mocha" }, "repository": "", "author": "Jonathan M. Altman", "license": "Proprietary",
package.json so far: "dependencies": { "express": "< 3.x" ,"underscore": "~1.3.3" ,"everyauth": "0.2.x" ,"mongoose": "~ 2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" }, "devDependencies": { "nock": ">= 0.13.4" ,"mocha": "= 1.4.2" ,"chai": ">= 1.2.0" ,"chai-as-promised": ">= 3.2.2" }}
There’s Plenty More npm Can Do For You
•npm is a powerful tool. This is just a quick taste of some of the easiest ways to access its most useful features
•Some useful links for getting started were at the beginning of the deck
Thank you. Questions?