Hello everyone, I’m CUGGZ, a recent graduate of the front end chicken. Today summarized some common NPM commands to share with you, I hope to help you!
1. Basic concepts of NPM
NPM, full name Node Package Manager, is a Node.js-based Package Manager, which is the most popular and supports the most third-party modules in the Node.js community. It was designed to make it easier for developers to share and reuse code. NPM provides command line tools to manage Node.js packages, including installation, update, delete, view, search, publish, and so on.
NPM was originally just a package manager for Node.js, but with the continuous development of front-end technology, it has been positioned as a broad package manager, which can implement JavaScript, React, Vue, Gulp, mobile development and other package management. It is currently the largest and most ecological sound package manager.
NPM can solve many problems in node.js module management. Its common application scenarios are as follows:
- Download third-party modules from the NPM image server;
- Download and install the command line program locally from the NPM image server;
- Publish the module to the NPM image server for others to use.
NPM does not need to be installed separately; when node.js is installed, NPM is installed along with it. However, the installed NPM may not be the latest version. You can use the following command to view the version of your local NPM:
npm -v
Copy the code-v stands for –version. If you want to upgrade the NPM version, use the following command:
npm install npm@latest -g
Copy the codeHere, @latest indicates the latest version, and -g stands for –global, indicating global installation.
In addition, you can use the help command to view the NPM help:
NPM -- help commandCopy the codeFor example, to view the format of the install argument:
npm install --help
Copy the code–help can be abbreviated to -h. The command output is as follows. You can see various forms of the install command:
| The command | role |
|---|---|
| npm -v | View the NPM version. |
| npm init | A package.json configuration file appears after initialization. You can quickly skip the question-and-answer interface by adding -y. |
| npm install | All dependencies required by the project are automatically downloaded from the package.json file in the project. |
| NPM install –save-dev(NPM install -d) | Installed packages are for development only, not production, and appear in the devDependencies property in the package.json file. |
| NPM install –save(NPM install -s) | The installed packages that need to be published to production appear in the Dependencies property in the package.json file. |
| npm list | View the installed Node packages in the current directory. |
| npm list -g | View node packages that have been installed globally. |
| npm –help | View the NPM help commands. |
| NPM update package name | Updates the specified package. |
| NPM uninstall the package name | Unmounts the specified package. |
| npm config list | View the configuration information. |
| NPM specifies the command –help | View help for specified commands. |
| NPM info specifies the package name | View all version information about the specified package on the remote NPM. |
| npm config set registry registry.npm.taobao.org | Modify package download source, modified here to Taobao image. |
| npm root | View the installation path of the current package. |
| npm root -g | View the global package installation path. |
| NPM ls package name | To view the specified package and version information installed locally, empty is not displayed. |
| NPM ls Package name -g | View the specified package and version information of the global installation without displaying empty. |
With these concepts out of the way, let’s take a look at some useful techniques for using NPM.
2. Initialize package
A package.json file must be initialized for any project that is managed using NPM. There is no more information about package.json.
You can initialize a package with the following command:
npm init
Copy the codeWhen this command is executed, it goes through the setup step by step in the form of a question and answer. If you do not need to modify the default configuration, press Enter. If you want to skip the wizard and quickly generate a package.json file, you can execute the following command:
npm init --yes
Copy the codeWhere –yes can be shortened to -y. The configuration items in the generated package.json file are the default configuration for NPM. Of course, the default configuration can also be changed. You can change the default configuration of NPM in a form like the following:
npm config set init.author.name YOUR_NAME
npm config set init.author.email YOUR_EMAIL
Copy the codeWhen the above command is executed and then the NPM init command is executed, the package.json author name and mailbox are initialized to the values we set.
2. Get to know the package quickly
When using a package, if you want to see how it works, you can use the following command to open the home page of the package. It will automatically launch the browser and open the page. Here uses React as an example:
npm home react
Copy the codeTo view the existing issues of the package, or the public roadmap, execute the following command:
npm bugs react
Copy the codeIf you want to see the code address of the package, you can execute the following command:
npm repo react
Copy the codeTo view the details of the package, run the following command:
npm info react
Copy the codeThe result is as follows:
npm info react description
Copy the codeThe result is as follows:
3. Install dependencies
You can use the NPM install command to install the required package. If you want to automatically add the package to package.json, you can run the following command:
npm install react --save
Copy the codeIf you want to install different versions of packages, you can do this:
// Install the latest version
npm install react@latest
// Install the specified version
npm install react@16.8. 0
// Install the specified range version
npm install react@"> = 16.8.0 < 17.0.1"
Copy the codeWhen using NPM to install dependencies, there are two types: local and global. The difference between these two types is whether the -g parameter is included:
| The command | shorthand | instructions |
|---|---|---|
| There is no | There is no | Install the module in the local node_modules directory, but not in package.json. |
| –save | -S | Install the module to the local node_modules directory and save it to the Dependencies item in package.json. |
| –sava-dev | -D | Install the module to the local node_modules directory and save it to the devDependencies configuration item in package.json for development purposes only. |
| –global | -g | The installed module is a global module. If it is a command line module, it is directly linked to the environment variable. |
You can use the require keyword to import locally installed packages. To prevent reference modules from disappearing and ensure that dependent modules are present in package.json, it is best to add –save to NPM install.
Note that when the NPM install command is executed, only the dependency information will be downloaded before NPM 5. If you want to save, you need to add the –save option. After NPM 5, you can omit the –save option and it will be saved automatically.
4. Lock dependencies
When using –save to install a dependency, NPM saves the dependency and prefixes it with ^, indicating that the latest version of the package under this larger version will be automatically installed when the NPM install command is executed again. If you want to modify this functionality, you can execute the following command:
npm config set save-prefix='~'
Copy the codeAfter executing this command, the ^ symbol is changed to the ~ symbol. When you install a new module again, you change from allowing only minor version upgrades to allowing only patch pack upgrades.
To lock the current version, run the following command:
npm config set save-exact true
Copy the codeThis locks the dependent version number every time NPM installs XXX –save, which is equivalent to adding –save-exact. It is recommended that all online applications use this locking version number method.
To completely lock dependent versions so that the application is installed with the same version on any machine, you can execute the following command:
npm shrinkwrap
Copy the codeAfter executing this command, an nPm-shrinkwrap. Json configuration file is generated at the root of the project, which contains the dependency tree and version of the module calculated from node_modules. If npm-shrinkwrap. Json is present in the directory, NPM install will be installed using the configuration in npm-shrinkwrap. If not, install using package.json.
5. Search dependencies
NPM provides us with the search command to search the NPM repository for either a string or a regular expression:
npm search react
Copy the codeThe search results are as follows:
Finding a suitable dependency package may not be easy. At this point, you can use the websitenpms.io/Here, the quality, popularity, maintainability and other indicators of each package are quantified. These indicators include whether outdated dependency packages are used, whether there is code checking configuration, whether they have been tested, and when the most recent version was released.
6. Update and uninstall dependencies
NPM provides us with commands to update dependent versions:
npm update [package name]
Copy the codeIf you want to update a globally installed module, add the -global:
npm update -global [package name]
Copy the codeWhen these two commands are executed, it queries the remote repository for the latest version and then the local version. If the local version does not exist, or the remote version is newer, it will be installed.
If you want to update the version of the dependency in package.json, you need to use either -s or –save. Note that as of NPM V2.6.1, NPM Update only updates the top-level module, not the dependent dependent module, whereas previous versions were recursively updated. If you want this effect, use the following command:
npm --depth 9999 update
Copy the codeIn addition to updating packages, you can also delete specified packages:
npm uninstall [package name]
Copy the codeTo delete global packages, add -global:
npm uninstall [package name] -global
Copy the code7. Look for outdated packages
NPM provides a command to view obsolete dependencies:
npm outdated
Copy the codeExecuting this command in my project produces the following output:
You can check the latest version of the NPM package by using the following command:
// Display package information
npm view <package-name>
npm v <package-name>
// Display the latest version
npm v <package-name> version
// Display all versions
npm v <package-name> versions
Copy the code
8. Execute the script
NPM can be used not only to manage modules, but also to execute scripts. There is a scripts field in the package.json file that can be used to define script commands used by NPM. In addition to seeing which commands are available in package.json, you can also use the following command to view all script commands:
npm run
Copy the codeThe result of executing this command in my project is as follows:
npm run dev
npm run build
Copy the codeHere is no more to say, this is probably our usual use of the most command, according to the actual development situation, to customize their own NPM command.
9. Install reliable dependencies
You can use the NPM ci command to clean up and install dependencies. It is commonly used in automated environments such as CI/CD where reliable dependencies can be obtained.
npm ci
Copy the codeWhen this command is executed, it removes the local node_modules file first, so it doesn’t need to verify the relationship between the downloaded file version and the control version, or the existence of the latest library version, so the download is faster than NPM install. It then installs the exact version of the dependency from the package-lock.json file. This version is not written to package.json or package-lock.json files.
When using the command, note the following:
- Projects must have package-lock.json or npm-shrinkwrap. Json files, if not, this command will not work;
- NPM CI is a new command introduced in NPM v6, so use this command to ensure that the NPM version is >=5.7;
- NPM CI cannot be used to install individual dependencies, only dependencies for entire projects.
- NPM CI installs Dependencies and devDependencies;
- Package. json or package-lock.json files are not updated throughout the installation process, the entire installation process is locked;
- If the dependencies in package-lock.json are inconsistent with those in package.json, NPM CI exits but does not modify the package-lock.json file.
10. Delete duplicate packages
We can remove duplicate dependencies by running the NPM dedupe command. This command simplifies the overall structure by removing duplicate packages and sharing common dependencies among multiple dependency packages. It produces a flattened, de-weighted tree.
npm dedupe
npm ddp
Copy the code11. Scan for vulnerabilities
You can run the NPM audit command to scan the project for vulnerabilities in all dependencies:
npm audit
Copy the codeLook at the scan results of my project:
npm audit fix
Copy the code12. List the installed packages
You can obtain package information for the entire project by using the following command:
npm list
Copy the codeThe NPM list command lists all the modules installed for the current project in a tree structure, as well as the modules they depend on.
npm list -global
Copy the codeYou can also view the dependencies of the specified package, for example, under the project I’m working on now, by executing the following command:
npm list react
Copy the codeYou can also use the NPM ls command to view dependencies for a given package:
npm ls react
Copy the code
npm ls --depth=1
Copy the code13. Test the local package
When we develop the NPM module locally, we can use the NPM link command to connect the local NPM module to the project for easy debugging and testing of the module. It is also very simple to use, in the project to execute the following command:
npm link
Copy the codeAfter executing this command, the NPM package is created globally in {prefix}/lib/node_modules/
NPM Link module nameCopy the codeThe module name here is the name of the dependent package, which is the name field value in the package.json file of the module package.
If you do not want to continue using it, execute the following command to remove link:
NPM Unlink module nameCopy the code