SlideShare a Scribd company logo
Using npm to Manage Your
Projects for Fun and Profit
 Jonathan Altman (@async_io, http://github.com/jonathana)
            node.dc January meetup 1/23/2013
Is This How You Start a Project?

•   mkdir my_cool_new_project

•   cd my_cool_new_project

•   npm init

•   Alternatively: express my_cool_new_project

•   Other frameworks probably lay down your npm package.json too
It Should Be
“But It’s Not a Redistributable
           Package”
Use npm Anyway
•   You Can Still Keep Your Package Private

•   Project Package Dependency Management

•   Automated Retrieval

•   Automated Updates

•   Dependency Version Management

•   Environment-Specific Package Selection

•   Node Runtime Version Requirement
Package Management Without
                Node
npm install express
npm install mocha
npm rm express
npm install -g express
express init
npm install q
npm install ...
•And now we need to move to production...how exactly?     Or a 2nd dev
•We just shipped the unit test library to production?!?
Read The Fine Manual
•   There is plenty of documentation on the package.json file, what you
    can put in it, and what it can do

•   Check out https://npmjs.org/doc/json.html

•   npm’s semver package documentation:
    https://npmjs.org/doc/semver.html

•   http://www.devthought.com/2012/02/17/npm-tricks/ had some useful
    tips/tricks as well
vagrant@precise64:/vm_src$ express express_example

  create : express_example
  create : express_example/package.json
  create : express_example/app.js
[bunch of stuff deleted]
  create : express_example/public/images

 install dependencies:
   $ cd express_example && npm install

 run the app:
  $ node app

vagrant@precise64:/vm_src$
vagrant@precise64:/vm_src/raw_init_example$ npm init
This utility will walk you through creating a package.json file.
It only covers the most common items, and tries to guess sane defaults.

See `npm help json` for definitive documentation on these fields
and exactly what they do.

Use `npm install <pkg> --save` afterwards to install a package and
save it as a dependency in the package.json file.

Press ^C at any time to quit.
name: (raw_init_example)
version: (0.0.0) 0.0.1
description: Example raw npm init for node.dc meetup
entry point: (index.js) app.js
test command: mocha
git repository:
keywords:
author: Jonathan M. Altman
license: (BSD) Proprietary
About to write to /vm_src/raw_init_example/package.json:

[package.json contents removed: we’ll cover this in the next slide]

Is this ok? (yes)
npm WARN package.json raw_init_example@0.0.1 No README.md file found!
vagrant@precise64:/vm_src/raw_init_example$
vagrant@precise64:/vm_src/raw_init_example$ cat
package.json
{
  "name": "raw_init_example",
  "version": "0.0.1",
  "description": "Example raw npm init for node.dc meetup",
  "main": "app.js",
  "scripts": {
    "test": "mocha"
  },
  "repository": "",
  "author": "Jonathan M. Altman",
  "license": "Proprietary"
}
vagrant@precise64:/vm_src/raw_init_example$
Keep Your Package Private
•   Specify that your project is private in your package.json and it will
    never get published anywhere

"private": true
Specifying Dependencies
• Add the following item to the JSON in your
  package.json:
"dependencies": {
},

• Then, start adding dependencies
Specifying Global Dependencies
"dependencies": {
   "express": "<3.x"
   ,"underscore": ">=1.3.3"
   ,"everyauth": "0.2.x"
   ,"mongoose": ">=2.4.8"
   ,"mongoose-auth": ">=0.0.12"
   ,"ejs": ">= 0.0.1"
   ,"request": ">= 2.x"
   ,"q": ">= 0.8.8"
   ,"winston": ">= 0.6.2"
},
vagrant@precise64:/vm_src/raw_init_example$ npm install
npm WARN package.json raw_init_example@0.0.1 No README.md file found!
npm http GET https://registry.npmjs.org/q
[several tens of lines of download/build deleted]
q@0.8.12 node_modules/q

ejs@0.8.3 node_modules/ejs

underscore@1.4.3 node_modules/underscore

request@2.12.0 node_modules/request

winston@0.6.2 node_modules/winston
├── cycle@1.0.1
[bunch of dependency install lines deleted]
├── async@0.1.22
└── request@2.9.203
vagrant@precise64:/vm_src/raw_init_example$
Dependency Version Management
"dependencies": {
   "express": "<3.x"
   ,"underscore": ">=1.3.3"
   ,"everyauth": "0.2.x"
   ,"mongoose": ">=2.4.8"
   ,"mongoose-auth": ">=0.0.12"
   ,"ejs": ">= 0.0.1"
   ,"request": ">= 2.x"
   ,"q": ">= 0.8.8"
   ,"winston": ">= 0.6.2"
},
Dependency Version Management
•   npm wants/uses Semantic Versioning--semver, http://http://semver.org/
    -- to specify package versions

•   (and you should too for your own package version numbering)

•   Logical comparison operators, and some wildcarding, allow you to
    control which version(s) of a package you want

•   Review https://npmjs.org/doc/json.html#dependencies for fuller
    explanations of how the various specifiers work
Cap the Version Allowed
"dependencies": {
   "express": "<3.x"
   ,"underscore": ">=1.3.3"
   ,"everyauth": "0.2.x"
   ,"mongoose": ">=2.4.8"
   ,"mongoose-auth": ">=0.0.12"
   ,"ejs": ">= 0.0.1"
   ,"request": ">= 2.x"
   ,"q": ">= 0.8.8"
   ,"winston": ">= 0.6.2"
},
Specify Floor Version Required
"dependencies": {
   "express": "<3.x"
   ,"underscore": ">=1.3.3"
   ,"everyauth": "0.2.x"
   ,"mongoose": ">=2.4.8"
   ,"mongoose-auth": ">=0.0.12"
   ,"ejs": ">= 0.0.1"
   ,"request": ">= 2.x"
   ,"q": ">= 0.8.8"
   ,"winston": ">= 0.6.2"
},
Specify Specific Major/Minor Ver.
"dependencies": {
   "express": "<3.x"
   ,"underscore": ">=1.3.3"
   ,"everyauth": "0.2.x"
   ,"mongoose": ">=2.4.8"
   ,"mongoose-auth": ">=0.0.12"
   ,"ejs": ">= 0.0.1"
   ,"request": ">= 2.x"
   ,"q": ">= 0.8.8"
   ,"winston": ">= 0.6.2"
},
Specify Exact Version
"dependencies": {
   "express": "<3.x"
   ,"underscore": ">=1.3.3"
   ,"everyauth": "0.2.x"
   ,"mongoose": ">=2.4.8"
   ,"mongoose-auth": ">=0.0.12"
   ,"ejs": ">= 0.0.1"
   ,"request": ">= 2.x"
   ,"q": ">= 0.8.8"
   ,"winston": "= 0.6.2"
},
Specify Version Ranges
"dependencies": {
   "express": ">= 2.5.2 <3.x"
   ,"underscore": ">=1.3.3"
   ,"everyauth": "0.2.x"
   ,"mongoose": ">=2.4.8"
   ,"mongoose-auth": ">=0.0.12"
   ,"ejs": ">= 0.0.1"
   ,"request": ">= 2.x"
   ,"q": ">= 0.8.8"
   ,"winston": ">= 0.6.2"
},
Specify Floor Within Minor
"dependencies": {
   "express": "<3.x"
   ,"underscore": "~1.3.3"
   ,"everyauth": "0.2.x"
   ,"mongoose": ">=2.4.8"
   ,"mongoose-auth": ">=0.0.12"
   ,"ejs": ">= 0.0.1"
   ,"request": ">= 2.x"
   ,"q": ">= 0.8.8"
   ,"winston": ">= 0.6.2"
},
Environment Management
•   If you want to pull packages in for e.g. BDD/TDD or other unit testing,
    mocking, or anything else where you would not put the dependency in
    production

"devDependencies": {
  "nock": ">= 0.13.4"
  ,"mocha": "= 1.4.2"
  ,"chai": ">= 1.2.0"
  ,"chai-as-promised": ">= 3.2.2"
}
Node Engine Version Management
•   The npm docs highly recommend against doing this, but you can specify the version(s) of the node engine that
    you want your package to run against--again using semver specifications:

{ "engines" : { "node" : ">=0.8.08 <0.9.x" } }

•   You can also force particular npm versions:

{ "engines" : { "node" : "~ 0.8.16", npm: "~1.1.65" } }

•   Unless you put { "engineStrict" : true} in your package.json, this is all just advisory

•   Isaac Schlueter says “don’t abuse it, or I’ll remove it”
package.json so far:
{                                                            "dependencies": { "express": "< 3.x" ,"underscore":
"name": "raw_init_example",                                 "~1.3.3" ,"everyauth": "0.2.x" ,"mongoose": "~
"version": "0.0.1",                                         2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">=
"description": "Example raw npm init for node.dc meetup",   0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">=
"private": true,                                            0.6.2" }, "devDependencies": { "nock": ">= 0.13.4" ,"mocha":
"engines" : { "node" : "~ 0.8.16", npm: "~1.1.65" } },      "= 1.4.2" ,"chai": ">= 1.2.0" ,"chai-as-promised": ">= 3.2.2" }}
"main": "app.js",                                              "express": "< 3.x" ,"underscore": "~1.3.3" ,"everyauth":
"scripts": {                                                "0.2.x" ,"mongoose": "~ 2.4.8" ,"mongoose-auth":
  "test": "mocha"                                           ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">=
},                                                          0.8.8" ,"winston": ">= 0.6.2" }, "devDependencies": { "nock":
"repository": "",                                           ">= 0.13.4" ,"mocha": "= 1.4.2" ,"chai": ">= 1.2.0" ,"chai-as-
"author": "Jonathan M. Altman",                             promised": ">= 3.2.2" }}
"license": "Proprietary",
There’s Plenty More npm Can Do
             For You

•   npm is a powerful tool. This is just a quick taste of some of the easiest
    ways to access its most useful features

•   Some useful links for getting started were at the beginning of the deck
Thank you. Questions?

More Related Content

What's hot

Cache is King - RubyHACK 2019
Cache is King - RubyHACK 2019Cache is King - RubyHACK 2019
Cache is King - RubyHACK 2019Molly Struve
 
HTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionHTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionXavier Mertens
 
Philipp Krenn "Make Your Data FABulous"
Philipp Krenn "Make Your Data FABulous"Philipp Krenn "Make Your Data FABulous"
Philipp Krenn "Make Your Data FABulous"Fwdays
 
ニコニコ動画を検索可能にしてみよう
ニコニコ動画を検索可能にしてみようニコニコ動画を検索可能にしてみよう
ニコニコ動画を検索可能にしてみようgenta kaneyama
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB        Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB MongoDB
 
Node.js - async for the rest of us.
Node.js - async for the rest of us.Node.js - async for the rest of us.
Node.js - async for the rest of us.Mike Brevoort
 
Apache CouchDB talk at Ontario GNU Linux Fest
Apache CouchDB talk at Ontario GNU Linux FestApache CouchDB talk at Ontario GNU Linux Fest
Apache CouchDB talk at Ontario GNU Linux FestMyles Braithwaite
 
Hands on Data Grids - Stephen Milidge
Hands on Data Grids - Stephen MilidgeHands on Data Grids - Stephen Milidge
Hands on Data Grids - Stephen MilidgeJAXLondon2014
 
Philipp Krenn | Make Your Data FABulous | Codemotion Madrid 2018
Philipp Krenn | Make Your Data FABulous | Codemotion Madrid 2018Philipp Krenn | Make Your Data FABulous | Codemotion Madrid 2018
Philipp Krenn | Make Your Data FABulous | Codemotion Madrid 2018Codemotion
 
Gazelle - Plack Handler for performance freaks #yokohamapm
Gazelle - Plack Handler for performance freaks #yokohamapmGazelle - Plack Handler for performance freaks #yokohamapm
Gazelle - Plack Handler for performance freaks #yokohamapmMasahiro Nagano
 
Jsr107 come, code, cache, compute!
Jsr107 come, code, cache, compute!Jsr107 come, code, cache, compute!
Jsr107 come, code, cache, compute!C2B2 Consulting
 
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance:  Getting the Most from APIs (MBL203) | AWS re:Invent ...Mobile App Performance:  Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...Amazon Web Services
 
Remove php calls and scale your site like crazy !
Remove php calls and scale your site like crazy !Remove php calls and scale your site like crazy !
Remove php calls and scale your site like crazy !Wim Godden
 
[263] s2graph large-scale-graph-database-with-hbase-2
[263] s2graph large-scale-graph-database-with-hbase-2[263] s2graph large-scale-graph-database-with-hbase-2
[263] s2graph large-scale-graph-database-with-hbase-2NAVER D2
 
MySQL NDB 8.0 clusters in your laptop with dbdeployer
MySQL NDB 8.0 clusters in your laptop with dbdeployerMySQL NDB 8.0 clusters in your laptop with dbdeployer
MySQL NDB 8.0 clusters in your laptop with dbdeployerGiuseppe Maxia
 
Dbdeployer, the universal installer
Dbdeployer, the universal installerDbdeployer, the universal installer
Dbdeployer, the universal installerGiuseppe Maxia
 
Test complex database systems in your laptop with dbdeployer
Test complex database systems in your laptop with dbdeployerTest complex database systems in your laptop with dbdeployer
Test complex database systems in your laptop with dbdeployerGiuseppe Maxia
 

What's hot (20)

Cache is King - RubyHACK 2019
Cache is King - RubyHACK 2019Cache is King - RubyHACK 2019
Cache is King - RubyHACK 2019
 
HTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionHTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC Edition
 
Webconfig
WebconfigWebconfig
Webconfig
 
Philipp Krenn "Make Your Data FABulous"
Philipp Krenn "Make Your Data FABulous"Philipp Krenn "Make Your Data FABulous"
Philipp Krenn "Make Your Data FABulous"
 
ニコニコ動画を検索可能にしてみよう
ニコニコ動画を検索可能にしてみようニコニコ動画を検索可能にしてみよう
ニコニコ動画を検索可能にしてみよう
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB        Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB
 
Node.js - async for the rest of us.
Node.js - async for the rest of us.Node.js - async for the rest of us.
Node.js - async for the rest of us.
 
Week6
Week6Week6
Week6
 
Apache CouchDB talk at Ontario GNU Linux Fest
Apache CouchDB talk at Ontario GNU Linux FestApache CouchDB talk at Ontario GNU Linux Fest
Apache CouchDB talk at Ontario GNU Linux Fest
 
Hands on Data Grids - Stephen Milidge
Hands on Data Grids - Stephen MilidgeHands on Data Grids - Stephen Milidge
Hands on Data Grids - Stephen Milidge
 
Philipp Krenn | Make Your Data FABulous | Codemotion Madrid 2018
Philipp Krenn | Make Your Data FABulous | Codemotion Madrid 2018Philipp Krenn | Make Your Data FABulous | Codemotion Madrid 2018
Philipp Krenn | Make Your Data FABulous | Codemotion Madrid 2018
 
Gazelle - Plack Handler for performance freaks #yokohamapm
Gazelle - Plack Handler for performance freaks #yokohamapmGazelle - Plack Handler for performance freaks #yokohamapm
Gazelle - Plack Handler for performance freaks #yokohamapm
 
Jsr107 come, code, cache, compute!
Jsr107 come, code, cache, compute!Jsr107 come, code, cache, compute!
Jsr107 come, code, cache, compute!
 
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance:  Getting the Most from APIs (MBL203) | AWS re:Invent ...Mobile App Performance:  Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
 
Remove php calls and scale your site like crazy !
Remove php calls and scale your site like crazy !Remove php calls and scale your site like crazy !
Remove php calls and scale your site like crazy !
 
[263] s2graph large-scale-graph-database-with-hbase-2
[263] s2graph large-scale-graph-database-with-hbase-2[263] s2graph large-scale-graph-database-with-hbase-2
[263] s2graph large-scale-graph-database-with-hbase-2
 
MySQL NDB 8.0 clusters in your laptop with dbdeployer
MySQL NDB 8.0 clusters in your laptop with dbdeployerMySQL NDB 8.0 clusters in your laptop with dbdeployer
MySQL NDB 8.0 clusters in your laptop with dbdeployer
 
Test like a_boss
Test like a_bossTest like a_boss
Test like a_boss
 
Dbdeployer, the universal installer
Dbdeployer, the universal installerDbdeployer, the universal installer
Dbdeployer, the universal installer
 
Test complex database systems in your laptop with dbdeployer
Test complex database systems in your laptop with dbdeployerTest complex database systems in your laptop with dbdeployer
Test complex database systems in your laptop with dbdeployer
 

Viewers also liked

Java Development with MongoDB
Java Development with MongoDBJava Development with MongoDB
Java Development with MongoDBScott Hernandez
 
Guide to AngularJS Services - NOVA MEAN August 2014
Guide to AngularJS Services - NOVA MEAN August 2014Guide to AngularJS Services - NOVA MEAN August 2014
Guide to AngularJS Services - NOVA MEAN August 2014async_io
 
NOVA MEAN - Why the M in MEAN is a Significant Contributor to Its Success
NOVA MEAN - Why the M in MEAN is a Significant Contributor to Its SuccessNOVA MEAN - Why the M in MEAN is a Significant Contributor to Its Success
NOVA MEAN - Why the M in MEAN is a Significant Contributor to Its Successasync_io
 
Using Jython To Prototype Mahout Code
Using Jython To Prototype Mahout CodeUsing Jython To Prototype Mahout Code
Using Jython To Prototype Mahout Codeasync_io
 
Building a Cauldron for Chef to Cook In
Building a Cauldron for Chef to Cook InBuilding a Cauldron for Chef to Cook In
Building a Cauldron for Chef to Cook Inasync_io
 
Lessons Learned from Building a REST API on Google App Engine
Lessons Learned from Building a REST API on Google App EngineLessons Learned from Building a REST API on Google App Engine
Lessons Learned from Building a REST API on Google App Engineasync_io
 
Dcjq node.js presentation
Dcjq node.js presentationDcjq node.js presentation
Dcjq node.js presentationasync_io
 
Javascript Promises/Q Library
Javascript Promises/Q LibraryJavascript Promises/Q Library
Javascript Promises/Q Libraryasync_io
 

Viewers also liked (8)

Java Development with MongoDB
Java Development with MongoDBJava Development with MongoDB
Java Development with MongoDB
 
Guide to AngularJS Services - NOVA MEAN August 2014
Guide to AngularJS Services - NOVA MEAN August 2014Guide to AngularJS Services - NOVA MEAN August 2014
Guide to AngularJS Services - NOVA MEAN August 2014
 
NOVA MEAN - Why the M in MEAN is a Significant Contributor to Its Success
NOVA MEAN - Why the M in MEAN is a Significant Contributor to Its SuccessNOVA MEAN - Why the M in MEAN is a Significant Contributor to Its Success
NOVA MEAN - Why the M in MEAN is a Significant Contributor to Its Success
 
Using Jython To Prototype Mahout Code
Using Jython To Prototype Mahout CodeUsing Jython To Prototype Mahout Code
Using Jython To Prototype Mahout Code
 
Building a Cauldron for Chef to Cook In
Building a Cauldron for Chef to Cook InBuilding a Cauldron for Chef to Cook In
Building a Cauldron for Chef to Cook In
 
Lessons Learned from Building a REST API on Google App Engine
Lessons Learned from Building a REST API on Google App EngineLessons Learned from Building a REST API on Google App Engine
Lessons Learned from Building a REST API on Google App Engine
 
Dcjq node.js presentation
Dcjq node.js presentationDcjq node.js presentation
Dcjq node.js presentation
 
Javascript Promises/Q Library
Javascript Promises/Q LibraryJavascript Promises/Q Library
Javascript Promises/Q Library
 

Similar to Using npm to Manage Your Projects for Fun and Profit - USEFUL INFO IN NOTES!

Node.js et NPM: de la récupération de dépendances à la publication de paquets
Node.js et NPM: de la récupération de dépendances à la publication de paquetsNode.js et NPM: de la récupération de dépendances à la publication de paquets
Node.js et NPM: de la récupération de dépendances à la publication de paquetsFrank Rousseau
 
Building HTTP API's with NodeJS and MongoDB
Building HTTP API's with NodeJS and MongoDBBuilding HTTP API's with NodeJS and MongoDB
Building HTTP API's with NodeJS and MongoDBdonnfelker
 
Package.json ( NodeJS )
Package.json ( NodeJS )Package.json ( NodeJS )
Package.json ( NodeJS )Vivek Garg
 
15th Athens Big Data Meetup - 1st Talk - Running Spark On Mesos
15th Athens Big Data Meetup - 1st Talk - Running Spark On Mesos15th Athens Big Data Meetup - 1st Talk - Running Spark On Mesos
15th Athens Big Data Meetup - 1st Talk - Running Spark On MesosAthens Big Data
 
MongoDB Europe 2016 - Debugging MongoDB Performance
MongoDB Europe 2016 - Debugging MongoDB PerformanceMongoDB Europe 2016 - Debugging MongoDB Performance
MongoDB Europe 2016 - Debugging MongoDB PerformanceMongoDB
 
Building and Deploying Application to Apache Mesos
Building and Deploying Application to Apache MesosBuilding and Deploying Application to Apache Mesos
Building and Deploying Application to Apache MesosJoe Stein
 
Data encoding and Metadata for Streams
Data encoding and Metadata for StreamsData encoding and Metadata for Streams
Data encoding and Metadata for Streamsunivalence
 
Ensuring High Availability for Real-time Analytics featuring Boxed Ice / Serv...
Ensuring High Availability for Real-time Analytics featuring Boxed Ice / Serv...Ensuring High Availability for Real-time Analytics featuring Boxed Ice / Serv...
Ensuring High Availability for Real-time Analytics featuring Boxed Ice / Serv...MongoDB
 
From zero to hero - Easy log centralization with Logstash and Elasticsearch
From zero to hero - Easy log centralization with Logstash and ElasticsearchFrom zero to hero - Easy log centralization with Logstash and Elasticsearch
From zero to hero - Easy log centralization with Logstash and ElasticsearchRafał Kuć
 
From Zero to Hero - Centralized Logging with Logstash & Elasticsearch
From Zero to Hero - Centralized Logging with Logstash & ElasticsearchFrom Zero to Hero - Centralized Logging with Logstash & Elasticsearch
From Zero to Hero - Centralized Logging with Logstash & ElasticsearchSematext Group, Inc.
 
Webinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBWebinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBMongoDB
 
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"DataStax Academy
 
Intravert Server side processing for Cassandra
Intravert Server side processing for CassandraIntravert Server side processing for Cassandra
Intravert Server side processing for CassandraEdward Capriolo
 
Everything You Should Know About the New Angular CLI
Everything You Should Know About the New Angular CLIEverything You Should Know About the New Angular CLI
Everything You Should Know About the New Angular CLIAmadou Sall
 
Mastering Spring Boot's Actuator with Madhura Bhave
Mastering Spring Boot's Actuator with Madhura BhaveMastering Spring Boot's Actuator with Madhura Bhave
Mastering Spring Boot's Actuator with Madhura BhaveVMware Tanzu
 
How ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps lifeHow ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps life琛琳 饶
 
MongoDB: Optimising for Performance, Scale & Analytics
MongoDB: Optimising for Performance, Scale & AnalyticsMongoDB: Optimising for Performance, Scale & Analytics
MongoDB: Optimising for Performance, Scale & AnalyticsServer Density
 
MongoDB Performance Tuning
MongoDB Performance TuningMongoDB Performance Tuning
MongoDB Performance TuningPuneet Behl
 

Similar to Using npm to Manage Your Projects for Fun and Profit - USEFUL INFO IN NOTES! (20)

Node.js et NPM: de la récupération de dépendances à la publication de paquets
Node.js et NPM: de la récupération de dépendances à la publication de paquetsNode.js et NPM: de la récupération de dépendances à la publication de paquets
Node.js et NPM: de la récupération de dépendances à la publication de paquets
 
Building HTTP API's with NodeJS and MongoDB
Building HTTP API's with NodeJS and MongoDBBuilding HTTP API's with NodeJS and MongoDB
Building HTTP API's with NodeJS and MongoDB
 
Package.json
Package.jsonPackage.json
Package.json
 
Package.json ( NodeJS )
Package.json ( NodeJS )Package.json ( NodeJS )
Package.json ( NodeJS )
 
nodecalgary1
nodecalgary1nodecalgary1
nodecalgary1
 
15th Athens Big Data Meetup - 1st Talk - Running Spark On Mesos
15th Athens Big Data Meetup - 1st Talk - Running Spark On Mesos15th Athens Big Data Meetup - 1st Talk - Running Spark On Mesos
15th Athens Big Data Meetup - 1st Talk - Running Spark On Mesos
 
MongoDB Europe 2016 - Debugging MongoDB Performance
MongoDB Europe 2016 - Debugging MongoDB PerformanceMongoDB Europe 2016 - Debugging MongoDB Performance
MongoDB Europe 2016 - Debugging MongoDB Performance
 
Building and Deploying Application to Apache Mesos
Building and Deploying Application to Apache MesosBuilding and Deploying Application to Apache Mesos
Building and Deploying Application to Apache Mesos
 
Data encoding and Metadata for Streams
Data encoding and Metadata for StreamsData encoding and Metadata for Streams
Data encoding and Metadata for Streams
 
Ensuring High Availability for Real-time Analytics featuring Boxed Ice / Serv...
Ensuring High Availability for Real-time Analytics featuring Boxed Ice / Serv...Ensuring High Availability for Real-time Analytics featuring Boxed Ice / Serv...
Ensuring High Availability for Real-time Analytics featuring Boxed Ice / Serv...
 
From zero to hero - Easy log centralization with Logstash and Elasticsearch
From zero to hero - Easy log centralization with Logstash and ElasticsearchFrom zero to hero - Easy log centralization with Logstash and Elasticsearch
From zero to hero - Easy log centralization with Logstash and Elasticsearch
 
From Zero to Hero - Centralized Logging with Logstash & Elasticsearch
From Zero to Hero - Centralized Logging with Logstash & ElasticsearchFrom Zero to Hero - Centralized Logging with Logstash & Elasticsearch
From Zero to Hero - Centralized Logging with Logstash & Elasticsearch
 
Webinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBWebinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDB
 
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
 
Intravert Server side processing for Cassandra
Intravert Server side processing for CassandraIntravert Server side processing for Cassandra
Intravert Server side processing for Cassandra
 
Everything You Should Know About the New Angular CLI
Everything You Should Know About the New Angular CLIEverything You Should Know About the New Angular CLI
Everything You Should Know About the New Angular CLI
 
Mastering Spring Boot's Actuator with Madhura Bhave
Mastering Spring Boot's Actuator with Madhura BhaveMastering Spring Boot's Actuator with Madhura Bhave
Mastering Spring Boot's Actuator with Madhura Bhave
 
How ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps lifeHow ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps life
 
MongoDB: Optimising for Performance, Scale & Analytics
MongoDB: Optimising for Performance, Scale & AnalyticsMongoDB: Optimising for Performance, Scale & Analytics
MongoDB: Optimising for Performance, Scale & Analytics
 
MongoDB Performance Tuning
MongoDB Performance TuningMongoDB Performance Tuning
MongoDB Performance Tuning
 

Recently uploaded

Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKUXDXConf
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
Motion for AI: Creating Empathy in Technology
Motion for AI: Creating Empathy in TechnologyMotion for AI: Creating Empathy in Technology
Motion for AI: Creating Empathy in TechnologyUXDXConf
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfChristopherTHyatt
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024Stephanie Beckett
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka DoktorováCzechDreamin
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backElena Simperl
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsUXDXConf
 
Server-Driven User Interface (SDUI) at Priceline
Server-Driven User Interface (SDUI) at PricelineServer-Driven User Interface (SDUI) at Priceline
Server-Driven User Interface (SDUI) at PricelineUXDXConf
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀DianaGray10
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024   Teams Premium - Pretty SecureECS 2024   Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureFemke de Vroome
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyUXDXConf
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
Intelligent Gimbal FINAL PAPER Engineering.pdf
Intelligent Gimbal FINAL PAPER Engineering.pdfIntelligent Gimbal FINAL PAPER Engineering.pdf
Intelligent Gimbal FINAL PAPER Engineering.pdfAnthony Lucente
 

Recently uploaded (20)

Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Motion for AI: Creating Empathy in Technology
Motion for AI: Creating Empathy in TechnologyMotion for AI: Creating Empathy in Technology
Motion for AI: Creating Empathy in Technology
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
Server-Driven User Interface (SDUI) at Priceline
Server-Driven User Interface (SDUI) at PricelineServer-Driven User Interface (SDUI) at Priceline
Server-Driven User Interface (SDUI) at Priceline
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024   Teams Premium - Pretty SecureECS 2024   Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Intelligent Gimbal FINAL PAPER Engineering.pdf
Intelligent Gimbal FINAL PAPER Engineering.pdfIntelligent Gimbal FINAL PAPER Engineering.pdf
Intelligent Gimbal FINAL PAPER Engineering.pdf
 

Using npm to Manage Your Projects for Fun and Profit - USEFUL INFO IN NOTES!

  • 1. Using npm to Manage Your Projects for Fun and Profit Jonathan Altman (@async_io, http://github.com/jonathana) node.dc January meetup 1/23/2013
  • 2. Is This How You Start a Project? • mkdir my_cool_new_project • cd my_cool_new_project • npm init • Alternatively: express my_cool_new_project • Other frameworks probably lay down your npm package.json too
  • 4. “But It’s Not a Redistributable Package”
  • 5. Use npm Anyway • You Can Still Keep Your Package Private • Project Package Dependency Management • Automated Retrieval • Automated Updates • Dependency Version Management • Environment-Specific Package Selection • Node Runtime Version Requirement
  • 6. Package Management Without Node npm install express npm install mocha npm rm express npm install -g express express init npm install q npm install ... •And now we need to move to production...how exactly? Or a 2nd dev •We just shipped the unit test library to production?!?
  • 7. Read The Fine Manual • There is plenty of documentation on the package.json file, what you can put in it, and what it can do • Check out https://npmjs.org/doc/json.html • npm’s semver package documentation: https://npmjs.org/doc/semver.html • http://www.devthought.com/2012/02/17/npm-tricks/ had some useful tips/tricks as well
  • 8. vagrant@precise64:/vm_src$ express express_example create : express_example create : express_example/package.json create : express_example/app.js [bunch of stuff deleted] create : express_example/public/images install dependencies: $ cd express_example && npm install run the app: $ node app vagrant@precise64:/vm_src$
  • 9. vagrant@precise64:/vm_src/raw_init_example$ npm init This utility will walk you through creating a package.json file. It only covers the most common items, and tries to guess sane defaults. See `npm help json` for definitive documentation on these fields and exactly what they do. Use `npm install <pkg> --save` afterwards to install a package and save it as a dependency in the package.json file. Press ^C at any time to quit. name: (raw_init_example) version: (0.0.0) 0.0.1 description: Example raw npm init for node.dc meetup entry point: (index.js) app.js test command: mocha git repository: keywords: author: Jonathan M. Altman license: (BSD) Proprietary About to write to /vm_src/raw_init_example/package.json: [package.json contents removed: we’ll cover this in the next slide] Is this ok? (yes) npm WARN package.json raw_init_example@0.0.1 No README.md file found! vagrant@precise64:/vm_src/raw_init_example$
  • 10. vagrant@precise64:/vm_src/raw_init_example$ cat package.json { "name": "raw_init_example", "version": "0.0.1", "description": "Example raw npm init for node.dc meetup", "main": "app.js", "scripts": { "test": "mocha" }, "repository": "", "author": "Jonathan M. Altman", "license": "Proprietary" } vagrant@precise64:/vm_src/raw_init_example$
  • 11. Keep Your Package Private • Specify that your project is private in your package.json and it will never get published anywhere "private": true
  • 12. Specifying Dependencies • Add the following item to the JSON in your package.json: "dependencies": { }, • Then, start adding dependencies
  • 13. Specifying Global Dependencies "dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" },
  • 14. vagrant@precise64:/vm_src/raw_init_example$ npm install npm WARN package.json raw_init_example@0.0.1 No README.md file found! npm http GET https://registry.npmjs.org/q [several tens of lines of download/build deleted] q@0.8.12 node_modules/q ejs@0.8.3 node_modules/ejs underscore@1.4.3 node_modules/underscore request@2.12.0 node_modules/request winston@0.6.2 node_modules/winston ├── cycle@1.0.1 [bunch of dependency install lines deleted] ├── async@0.1.22 └── request@2.9.203 vagrant@precise64:/vm_src/raw_init_example$
  • 15. Dependency Version Management "dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" },
  • 16. Dependency Version Management • npm wants/uses Semantic Versioning--semver, http://http://semver.org/ -- to specify package versions • (and you should too for your own package version numbering) • Logical comparison operators, and some wildcarding, allow you to control which version(s) of a package you want • Review https://npmjs.org/doc/json.html#dependencies for fuller explanations of how the various specifiers work
  • 17. Cap the Version Allowed "dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" },
  • 18. Specify Floor Version Required "dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" },
  • 19. Specify Specific Major/Minor Ver. "dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" },
  • 20. Specify Exact Version "dependencies": { "express": "<3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": "= 0.6.2" },
  • 21. Specify Version Ranges "dependencies": { "express": ">= 2.5.2 <3.x" ,"underscore": ">=1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" },
  • 22. Specify Floor Within Minor "dependencies": { "express": "<3.x" ,"underscore": "~1.3.3" ,"everyauth": "0.2.x" ,"mongoose": ">=2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= 0.6.2" },
  • 23. Environment Management • If you want to pull packages in for e.g. BDD/TDD or other unit testing, mocking, or anything else where you would not put the dependency in production "devDependencies": { "nock": ">= 0.13.4" ,"mocha": "= 1.4.2" ,"chai": ">= 1.2.0" ,"chai-as-promised": ">= 3.2.2" }
  • 24. Node Engine Version Management • The npm docs highly recommend against doing this, but you can specify the version(s) of the node engine that you want your package to run against--again using semver specifications: { "engines" : { "node" : ">=0.8.08 <0.9.x" } } • You can also force particular npm versions: { "engines" : { "node" : "~ 0.8.16", npm: "~1.1.65" } } • Unless you put { "engineStrict" : true} in your package.json, this is all just advisory • Isaac Schlueter says “don’t abuse it, or I’ll remove it”
  • 25. package.json so far: { "dependencies": { "express": "< 3.x" ,"underscore": "name": "raw_init_example", "~1.3.3" ,"everyauth": "0.2.x" ,"mongoose": "~ "version": "0.0.1", 2.4.8" ,"mongoose-auth": ">=0.0.12" ,"ejs": ">= "description": "Example raw npm init for node.dc meetup", 0.0.1" ,"request": ">= 2.x" ,"q": ">= 0.8.8" ,"winston": ">= "private": true, 0.6.2" }, "devDependencies": { "nock": ">= 0.13.4" ,"mocha": "engines" : { "node" : "~ 0.8.16", npm: "~1.1.65" } }, "= 1.4.2" ,"chai": ">= 1.2.0" ,"chai-as-promised": ">= 3.2.2" }} "main": "app.js", "express": "< 3.x" ,"underscore": "~1.3.3" ,"everyauth": "scripts": { "0.2.x" ,"mongoose": "~ 2.4.8" ,"mongoose-auth": "test": "mocha" ">=0.0.12" ,"ejs": ">= 0.0.1" ,"request": ">= 2.x" ,"q": ">= }, 0.8.8" ,"winston": ">= 0.6.2" }, "devDependencies": { "nock": "repository": "", ">= 0.13.4" ,"mocha": "= 1.4.2" ,"chai": ">= 1.2.0" ,"chai-as- "author": "Jonathan M. Altman", promised": ">= 3.2.2" }} "license": "Proprietary",
  • 26. There’s Plenty More npm Can Do For You • npm is a powerful tool. This is just a quick taste of some of the easiest ways to access its most useful features • Some useful links for getting started were at the beginning of the deck

Editor's Notes

  1. Similar to Ruby’s gem bundler. Closest python equivalent is probably virtualenv, but that also covers virtual environments which in node you get with e.g. nave and Rails with rbenv or similar
  2. There are better, more surgical ways to specify you want a release in the 2.x series, but this will prevent you from getting 3.x. This was a useful example from back when 3.x was first put up on npmjs.org and a bunch of stuff in the above list hadn’t been fully ported to it yet
  3. Can be dangerous, if 1.4.x or 2.x comes out, it might break you if the API changed
  4. Generally should be safe: API should be stable across minor releases, but you will get patches. However, you might want minor release point updates. Only problematic if some early patch versions will not work for you but later ones do
  5. Very safe, but means that to pull in later patches that should be compatible, you would have to update package.json to allow it. May be useful if extreme control over environment is desired
  6. As long as the package doesn’t break you later in the 2.x series than 2.5.2, this should be safe if you don’t want to get version 3 pulled in on you
  7. Reasonable safe and sane option. We’ll get 1.3.3 or greater within the 1.3 series, but not 1.4.x or 2.x. You can do similar for floor within major as well: ~1.3