The default package manager for Node.js, NPM enables you to install, publish, manage, and distribute JavaScript code easily
The Node Package Manager, NPM, has become a powerful and important tool, supporting many different JavaScript frameworks โ including JQuery, AngularJS, and React JS. If youโre building JavaScript modules and want to share them with the world, NPM is the tool to use.
With a public registry for your code, NPM makes it easy to share code and ensure users can get updates quickly. With small NPM packages, the result is another set of tools for building modular code thatโs simple to reuse across your applications, both server-side and client-side.
The NPM registry is a database of modules, showing not only what packages are available, but also how theyโre related. When you download a module โ the Express Node.js MVC framework, for instance โ you automatically download the dependencies, so youโre ready to go as soon as all the files you need are installed on your development system.
Roll your own package
Building an NPM package is a relatively simple process since you use the tooling built intoย NPM itself. Start with NPMโs init command to build the package.json file for your application. Youโll need a name, a version number, and a main .js file. Itโs also a good idea to add a name and a contact email address for support.
This will create a stub package.json file that can then be edited to add the details of all the files youโre packaging for distribution. You can test your files usingย NPM locally, but once youโre ready to share a file with the world youโll need an account on theย NPM registry, which you can create using NPMโs adduser command.
What goes into anย NPM package?ย The heart of it is a Gzipped folder, containing the files used by your module. Youโll need to store it on a public server, like GitHub or your own servers. (Going with a service like GitHub makes a lot of sense, because one packaging option is to link to a source control service that can be used to share open source code quickly and easily.)
Youโll also need a fully detailed package.json file. This includes your projectโs name, its current version, and the engines it runs on. This last option lets you specify a version of Node, AngularJS, or whatever to ensure your code will run as expected. Many open source frameworks change rapidly โ for example, if you have a dependency on a specific version of Node, thenย NPM will ensure that your code can be installed on that version only.
Other key fields in package.json handle scripts used to install your files or run other commands to ensure target systems have the appropriate prerequisites that arenโt described by only. Youโll also need to specify an entry point for your code โฆ if there is one. Packages that contain several scripts wonโt need an entry point, but theyโre likely to need documentation, which you can bundle in a main folder that can be set up by NPM.
Itโs important to note that althoughย NPM wonโt bundle all your files, itโs a good idea to use a .npmignore file to ensure that specific configuration and log files arenโt packaged up. For example, you donโt want to include your AWS keys, nor do you want your personal documentation to end up on a million cloud servers!
Pushing the package live
Publishing a package is simple: Use the publish command. Youโll need a unique name for your package, as theย NPM registry uses it to construct a URI for your files, which you can test in a browser.
Updates can be made using the version command, describing the update as a patch, a minor update, or a major release โ NPM will automatically update the version number of your package, before you publish the updated files. Semantic versioning like this is a powerful but simple tool, and itโs used to define any dependencies in a package.
Once youโve built a package, you can quickly test it with a local install into another directory. You can then test the module youโve installed to ensure all the files you need are in the package and that extraneous files arenโt wrapped and delivered. If it works, then youโre ready to publish your package and link it to theย NPM registry.
Listing your packageโs dependencies is important. You might know that your code is designed to run on top of version 1.2.0 of Express, but someone finding a link to your package might be running version 1.1.5 and wonโt be able to use your code.
With NPM, you can use the package.json file to list dependencies, with the package name and the version number. Whenย NPM installs your package, it will check for the engine youโve required, and if that isnโt present, the install will fail. If the correct engine is available, it will then check the versions of the required dependencies, downloading the most appropriate version where possible. If the required version isnโt available, then the installation will fail.
You donโt need to be specific with version numbers. If your code will run on all the minor and patch versions of a package, then you can specify 1.x.x. Similarly if you have a dependency on a specific minor version, but not patches, then use 1.3.x. You ย have the option if using the >= syntax to specify any version greater than or equal to a specific version number, but that leaves you open to the risk of breaking changes in a future release of a package. Thus, it isnโt recommended.
Youโll find the package.json file used in other tools as well as NPM. Mozilla has a version for Firefox add-ons, and itโs being used by the CommonJS server-side JavaScript project. While the public version ofย NPM allows you to share your code widely, thereโs also the option of running a local registry that can manage business-specific code without exposing it to the world.
