Using npm to Manage Your Projects for Fun and Profit - USEFUL INFO IN NOTES!


Published on

Presentation for the January node.dc meetup on using npm to manage node projects in general, not just library modules

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Similar to Ruby’s gem bundler. Closest python equivalent is probably virtualenv, but that also covers virtual environments which in node you get with e.g. nave and Rails with rbenv or similar
  • There are better, more surgical ways to specify you want a release in the 2.x series, but this will prevent you from getting 3.x. This was a useful example from back when 3.x was first put up on and a bunch of stuff in the above list hadn’t been fully ported to it yet
  • Can be dangerous, if 1.4.x or 2.x comes out, it might break you if the API changed
  • Generally should be safe: API should be stable across minor releases, but you will get patches. However, you might want minor release point updates. Only problematic if some early patch versions will not work for you but later ones do
  • Very safe, but means that to pull in later patches that should be compatible, you would have to update package.json to allow it. May be useful if extreme control over environment is desired
  • As long as the package doesn’t break you later in the 2.x series than 2.5.2, this should be safe if you don’t want to get version 3 pulled in on you
  • Reasonable safe and sane option. We’ll get 1.3.3 or greater within the 1.3 series, but not 1.4.x or 2.x. You can do similar for floor within major as well: ~1.3
  • Using npm to Manage Your Projects for Fun and Profit - USEFUL INFO IN NOTES!

    1. 1. Using npm to Manage YourProjects for Fun and Profit Jonathan Altman (@async_io, node.dc January meetup 1/23/2013
    2. 2. Is This How You Start a Project?• mkdir my_cool_new_project• cd my_cool_new_project• npm init• Alternatively: express my_cool_new_project• Other frameworks probably lay down your npm package.json too
    3. 3. It Should Be
    4. 4. “But It’s Not a Redistributable Package”
    5. 5. Use npm Anyway• You Can Still Keep Your Package Private• Project Package Dependency Management• Automated Retrieval• Automated Updates• Dependency Version Management• Environment-Specific Package Selection• Node Runtime Version Requirement
    6. 6. Package Management Without Nodenpm install expressnpm install mochanpm rm expressnpm install -g expressexpress initnpm install qnpm install ...•And now we need to move to exactly? Or a 2nd dev•We just shipped the unit test library to production?!?
    7. 7. Read The Fine Manual• There is plenty of documentation on the package.json file, what you can put in it, and what it can do• Check out• npm’s semver package documentation:• had some useful tips/tricks as well
    8. 8. vagrant@precise64:/vm_src$ express express_example create : express_example create : express_example/package.json create : express_example/app.js[bunch of stuff deleted] create : express_example/public/images install dependencies: $ cd express_example && npm install run the app: $ node appvagrant@precise64:/vm_src$
    9. 9. vagrant@precise64:/vm_src/raw_init_example$ npm initThis utility will walk you through creating a package.json file.It only covers the most common items, and tries to guess sane defaults.See `npm help json` for definitive documentation on these fieldsand exactly what they do.Use `npm install <pkg> --save` afterwards to install a package andsave it as a dependency in the package.json file.Press ^C at any time to (raw_init_example)version: (0.0.0) 0.0.1description: Example raw npm init for node.dc meetupentry point: (index.js) app.jstest command: mochagit repository:keywords:author: Jonathan M. Altmanlicense: (BSD) ProprietaryAbout to write to /vm_src/raw_init_example/package.json:[package.json contents removed: we’ll cover this in the next slide]Is this ok? (yes)npm WARN package.json raw_init_example@0.0.1 No file found!vagrant@precise64:/vm_src/raw_init_example$
    10. 10. vagrant@precise64:/vm_src/raw_init_example$ catpackage.json{ "name": "raw_init_example", "version": "0.0.1", "description": "Example raw npm init for node.dc meetup", "main": "app.js", "scripts": { "test": "mocha" }, "repository": "", "author": "Jonathan M. Altman", "license": "Proprietary"}vagrant@precise64:/vm_src/raw_init_example$
    11. 11. Keep Your Package Private• Specify that your project is private in your package.json and it will never get published anywhere"private": true
    12. 12. Specifying Dependencies• Add the following item to the JSON in your package.json:"dependencies": {},• Then, start adding dependencies
    13. 13. Specifying Global Dependencies"dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2"},
    14. 14. vagrant@precise64:/vm_src/raw_init_example$ npm installnpm WARN package.json raw_init_example@0.0.1 No file found!npm http GET[several tens of lines of download/build deleted]q@0.8.12 node_modules/qejs@0.8.3 node_modules/ejsunderscore@1.4.3 node_modules/underscorerequest@2.12.0 node_modules/requestwinston@0.6.2 node_modules/winston├── cycle@1.0.1[bunch of dependency install lines deleted]├── async@0.1.22└── request@2.9.203vagrant@precise64:/vm_src/raw_init_example$
    15. 15. Dependency Version Management"dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2"},
    16. 16. Dependency Version Management• npm wants/uses Semantic Versioning--semver, http:// -- to specify package versions• (and you should too for your own package version numbering)• Logical comparison operators, and some wildcarding, allow you to control which version(s) of a package you want• Review for fuller explanations of how the various specifiers work
    17. 17. Cap the Version Allowed"dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2"},
    18. 18. Specify Floor Version Required"dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2"},
    19. 19. Specify Specific Major/Minor Ver."dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2"},
    20. 20. Specify Exact Version"dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": "= 0.6.2"},
    21. 21. Specify Version Ranges"dependencies": { "express": ">= 2.5.2 <3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2"},
    22. 22. Specify Floor Within Minor"dependencies": { "express": "<3.x" ,"underscore": "~1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2"},
    23. 23. Environment Management• If you want to pull packages in for e.g. BDD/TDD or other unit testing, mocking, or anything else where you would not put the dependency in production"devDependencies": { "nock": ">= 0.13.4" ,"mocha": "= 1.4.2" ,"chai": ">= 1.2.0" ,"chai-as-promised": ">= 3.2.2"}
    24. 24. Node Engine Version Management• The npm docs highly recommend against doing this, but you can specify the version(s) of the node engine that you want your package to run against--again using semver specifications:{ "engines" : { "node" : ">=0.8.08 <0.9.x" } }• You can also force particular npm versions:{ "engines" : { "node" : "~ 0.8.16", npm: "~1.1.65" } }• Unless you put { "engineStrict" : true} in your package.json, this is all just advisory• Isaac Schlueter says “don’t abuse it, or I’ll remove it”
    25. 25. package.json so far:{ "dependencies": { "express": "< 3.x" ,"underscore":"name": "raw_init_example", "~1.3.3" ,"everyauth": "0.2.x" ,"mongoose": "~"version": "0.0.1", 2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">="description": "Example raw npm init for node.dc meetup", 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">="private": true, 0.6.2" }, "devDependencies": { "nock": ">= 0.13.4" ,"mocha":"engines" : { "node" : "~ 0.8.16", npm: "~1.1.65" } }, "= 1.4.2" ,"chai": ">= 1.2.0" ,"chai-as-promised": ">= 3.2.2" }}"main": "app.js", "express": "< 3.x" ,"underscore": "~1.3.3" ,"everyauth":"scripts": { "0.2.x" ,"mongoose": "~ 2.4.8" ,"mongoose-auth": "test": "mocha" ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">=}, 0.8.8" ,"winston": ">= 0.6.2" }, "devDependencies": { "nock":"repository": "", ">= 0.13.4" ,"mocha": "= 1.4.2" ,"chai": ">= 1.2.0" ,"chai-as-"author": "Jonathan M. Altman", promised": ">= 3.2.2" }}"license": "Proprietary",
    26. 26. There’s Plenty More npm Can Do For You• npm is a powerful tool. This is just a quick taste of some of the easiest ways to access its most useful features• Some useful links for getting started were at the beginning of the deck
    27. 27. Thank you. Questions?