Successfully reported this slideshow.
Your SlideShare is downloading. ×

Using npm to Manage Your Projects for Fun and Profit - USEFUL INFO IN NOTES!

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 27 Ad
Advertisement

More Related Content

Slideshows for you (20)

Advertisement

Similar to Using npm to Manage Your Projects for Fun and Profit - USEFUL INFO IN NOTES! (20)

Recently uploaded (20)

Advertisement

Using npm to Manage Your Projects for Fun and Profit - USEFUL INFO IN NOTES!

  1. 1. Using npm to Manage Your Projects for Fun and Profit Jonathan Altman (@async_io, http://github.com/jonathana) node.dc January meetup 1/23/2013
  2. 2. Is This How You Start a Project? • mkdir my_cool_new_project • cd my_cool_new_project • npm init • Alternatively: express my_cool_new_project • Other frameworks probably lay down your npm package.json too
  3. 3. It Should Be
  4. 4. “But It’s Not a Redistributable Package”
  5. 5. Use npm Anyway • You Can Still Keep Your Package Private • Project Package Dependency Management • Automated Retrieval • Automated Updates • Dependency Version Management • Environment-Specific Package Selection • Node Runtime Version Requirement
  6. 6. Package Management Without Node npm install express npm install mocha npm rm express npm install -g express express init npm install q npm install ... •And now we need to move to production...how exactly? Or a 2nd dev •We just shipped the unit test library to production?!?
  7. 7. Read The Fine Manual • There is plenty of documentation on the package.json file, what you can put in it, and what it can do • Check out https://npmjs.org/doc/json.html • npm’s semver package documentation: https://npmjs.org/doc/semver.html • http://www.devthought.com/2012/02/17/npm-tricks/ had some useful tips/tricks as well
  8. 8. vagrant@precise64:/vm_src$ express express_example create : express_example create : express_example/package.json create : express_example/app.js [bunch of stuff deleted] create : express_example/public/images install dependencies: $ cd express_example && npm install run the app: $ node app vagrant@precise64:/vm_src$
  9. 9. vagrant@precise64:/vm_src/raw_init_example$ npm init This utility will walk you through creating a package.json file. It only covers the most common items, and tries to guess sane defaults. See `npm help json` for definitive documentation on these fields and exactly what they do. Use `npm install <pkg> --save` afterwards to install a package and save it as a dependency in the package.json file. Press ^C at any time to quit. name: (raw_init_example) version: (0.0.0) 0.0.1 description: Example raw npm init for node.dc meetup entry point: (index.js) app.js test command: mocha git repository: keywords: author: Jonathan M. Altman license: (BSD) Proprietary About to write to /vm_src/raw_init_example/package.json: [package.json contents removed: we’ll cover this in the next slide] Is this ok? (yes) npm WARN package.json raw_init_example@0.0.1 No README.md file found! vagrant@precise64:/vm_src/raw_init_example$
  10. 10. vagrant@precise64:/vm_src/raw_init_example$ cat package.json { "name": "raw_init_example", "version": "0.0.1", "description": "Example raw npm init for node.dc meetup", "main": "app.js", "scripts": { "test": "mocha" }, "repository": "", "author": "Jonathan M. Altman", "license": "Proprietary" } vagrant@precise64:/vm_src/raw_init_example$
  11. 11. Keep Your Package Private • Specify that your project is private in your package.json and it will never get published anywhere "private": true
  12. 12. Specifying Dependencies • Add the following item to the JSON in your package.json: "dependencies": { }, • Then, start adding dependencies
  13. 13. Specifying Global Dependencies "dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" },
  14. 14. vagrant@precise64:/vm_src/raw_init_example$ npm install npm WARN package.json raw_init_example@0.0.1 No README.md file found! npm http GET https://registry.npmjs.org/q [several tens of lines of download/build deleted] q@0.8.12 node_modules/q ejs@0.8.3 node_modules/ejs underscore@1.4.3 node_modules/underscore request@2.12.0 node_modules/request winston@0.6.2 node_modules/winston ├── cycle@1.0.1 [bunch of dependency install lines deleted] ├── async@0.1.22 └── request@2.9.203 vagrant@precise64:/vm_src/raw_init_example$
  15. 15. Dependency Version Management "dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" },
  16. 16. Dependency Version Management • npm wants/uses Semantic Versioning--semver, http://http://semver.org/ -- to specify package versions • (and you should too for your own package version numbering) • Logical comparison operators, and some wildcarding, allow you to control which version(s) of a package you want • Review https://npmjs.org/doc/json.html#dependencies for fuller explanations of how the various specifiers work
  17. 17. Cap the Version Allowed "dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" },
  18. 18. Specify Floor Version Required "dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" },
  19. 19. Specify Specific Major/Minor Ver. "dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" },
  20. 20. Specify Exact Version "dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": "= 0.6.2" },
  21. 21. Specify Version Ranges "dependencies": { "express": ">= 2.5.2 <3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" },
  22. 22. Specify Floor Within Minor "dependencies": { "express": "<3.x" ,"underscore": "~1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" },
  23. 23. Environment Management • If you want to pull packages in for e.g. BDD/TDD or other unit testing, mocking, or anything else where you would not put the dependency in production "devDependencies": { "nock": ">= 0.13.4" ,"mocha": "= 1.4.2" ,"chai": ">= 1.2.0" ,"chai-as-promised": ">= 3.2.2" }
  24. 24. Node Engine Version Management • The npm docs highly recommend against doing this, but you can specify the version(s) of the node engine that you want your package to run against--again using semver specifications: { "engines" : { "node" : ">=0.8.08 <0.9.x" } } • You can also force particular npm versions: { "engines" : { "node" : "~ 0.8.16", npm: "~1.1.65" } } • Unless you put { "engineStrict" : true} in your package.json, this is all just advisory • Isaac Schlueter says “don’t abuse it, or I’ll remove it”
  25. 25. package.json so far: { "dependencies": { "express": "< 3.x" ,"underscore": "name": "raw_init_example", "~1.3.3" ,"everyauth": "0.2.x" ,"mongoose": "~ "version": "0.0.1", 2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= "description": "Example raw npm init for node.dc meetup", 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= "private": true, 0.6.2" }, "devDependencies": { "nock": ">= 0.13.4" ,"mocha": "engines" : { "node" : "~ 0.8.16", npm: "~1.1.65" } }, "= 1.4.2" ,"chai": ">= 1.2.0" ,"chai-as-promised": ">= 3.2.2" }} "main": "app.js", "express": "< 3.x" ,"underscore": "~1.3.3" ,"everyauth": "scripts": { "0.2.x" ,"mongoose": "~ 2.4.8" ,"mongoose-auth": "test": "mocha" ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= }, 0.8.8" ,"winston": ">= 0.6.2" }, "devDependencies": { "nock": "repository": "", ">= 0.13.4" ,"mocha": "= 1.4.2" ,"chai": ">= 1.2.0" ,"chai-as- "author": "Jonathan M. Altman", promised": ">= 3.2.2" }} "license": "Proprietary",
  26. 26. There’s Plenty More npm Can Do For You • npm is a powerful tool. This is just a quick taste of some of the easiest ways to access its most useful features • Some useful links for getting started were at the beginning of the deck
  27. 27. Thank you. Questions?

Editor's Notes

  • Similar to Ruby’s gem bundler. Closest python equivalent is probably virtualenv, but that also covers virtual environments which in node you get with e.g. nave and Rails with rbenv or similar
  • There are better, more surgical ways to specify you want a release in the 2.x series, but this will prevent you from getting 3.x. This was a useful example from back when 3.x was first put up on npmjs.org and a bunch of stuff in the above list hadn’t been fully ported to it yet
  • Can be dangerous, if 1.4.x or 2.x comes out, it might break you if the API changed
  • Generally should be safe: API should be stable across minor releases, but you will get patches. However, you might want minor release point updates. Only problematic if some early patch versions will not work for you but later ones do
  • Very safe, but means that to pull in later patches that should be compatible, you would have to update package.json to allow it. May be useful if extreme control over environment is desired
  • As long as the package doesn’t break you later in the 2.x series than 2.5.2, this should be safe if you don’t want to get version 3 pulled in on you
  • Reasonable safe and sane option. We’ll get 1.3.3 or greater within the 1.3 series, but not 1.4.x or 2.x. You can do similar for floor within major as well: ~1.3

×