The document discusses how to use npm (Node Package Manager) to manage projects and dependencies. It recommends initializing projects using npm init or express, which will generate a package.json file. This file is used to specify dependencies, dependency versions, private packages, devDependencies, and engine requirements. Precise dependency specifications and semantic versioning help manage updates. npm handles automated installation and updating of dependencies.
Breaking the Kubernetes Kill Chain: Host Path Mount
Manage Node Projects with npm
1. Using npm to Manage Your
Projects for Fun and Profit
Jonathan Altman (@async_io, http://github.com/jonathana)
node.dc January meetup 1/23/2013
2. Is This How You Start a Project?
• mkdir my_cool_new_project
• cd my_cool_new_project
• npm init
• Alternatively: express my_cool_new_project
• Other frameworks probably lay down your npm package.json too
5. Use npm Anyway
• You Can Still Keep Your Package Private
• Project Package Dependency Management
• Automated Retrieval
• Automated Updates
• Dependency Version Management
• Environment-Specific Package Selection
• Node Runtime Version Requirement
6. Package Management Without
Node
npm install express
npm install mocha
npm rm express
npm install -g express
express init
npm install q
npm install ...
•And now we need to move to production...how exactly? Or a 2nd dev
•We just shipped the unit test library to production?!?
7. Read The Fine Manual
• There is plenty of documentation on the package.json file, what you
can put in it, and what it can do
• Check out https://npmjs.org/doc/json.html
• npm’s semver package documentation:
https://npmjs.org/doc/semver.html
• http://www.devthought.com/2012/02/17/npm-tricks/ had some useful
tips/tricks as well
8. vagrant@precise64:/vm_src$ express express_example
create : express_example
create : express_example/package.json
create : express_example/app.js
[bunch of stuff deleted]
create : express_example/public/images
install dependencies:
$ cd express_example && npm install
run the app:
$ node app
vagrant@precise64:/vm_src$
9. vagrant@precise64:/vm_src/raw_init_example$ npm init
This utility will walk you through creating a package.json file.
It only covers the most common items, and tries to guess sane defaults.
See `npm help json` for definitive documentation on these fields
and exactly what they do.
Use `npm install <pkg> --save` afterwards to install a package and
save it as a dependency in the package.json file.
Press ^C at any time to quit.
name: (raw_init_example)
version: (0.0.0) 0.0.1
description: Example raw npm init for node.dc meetup
entry point: (index.js) app.js
test command: mocha
git repository:
keywords:
author: Jonathan M. Altman
license: (BSD) Proprietary
About to write to /vm_src/raw_init_example/package.json:
[package.json contents removed: we’ll cover this in the next slide]
Is this ok? (yes)
npm WARN package.json raw_init_example@0.0.1 No README.md file found!
vagrant@precise64:/vm_src/raw_init_example$
16. Dependency Version Management
• npm wants/uses Semantic Versioning--semver, http://http://semver.org/
-- to specify package versions
• (and you should too for your own package version numbering)
• Logical comparison operators, and some wildcarding, allow you to
control which version(s) of a package you want
• Review https://npmjs.org/doc/json.html#dependencies for fuller
explanations of how the various specifiers work
17. Cap the Version Allowed
"dependencies": {
"express": "<3.x"
,"underscore": ">=1.3.3"
,"everyauth": "0.2.x"
,"mongoose": ">=2.4.8"
,"mongoose-auth": ">=0.0.12"
,"ejs": ">= 0.0.1"
,"request": ">= 2.x"
,"q": ">= 0.8.8"
,"winston": ">= 0.6.2"
},
23. Environment Management
• If you want to pull packages in for e.g. BDD/TDD or other unit testing,
mocking, or anything else where you would not put the dependency in
production
"devDependencies": {
"nock": ">= 0.13.4"
,"mocha": "= 1.4.2"
,"chai": ">= 1.2.0"
,"chai-as-promised": ">= 3.2.2"
}
24. Node Engine Version Management
• The npm docs highly recommend against doing this, but you can specify the version(s) of the node engine that
you want your package to run against--again using semver specifications:
{ "engines" : { "node" : ">=0.8.08 <0.9.x" } }
• You can also force particular npm versions:
{ "engines" : { "node" : "~ 0.8.16", npm: "~1.1.65" } }
• Unless you put { "engineStrict" : true} in your package.json, this is all just advisory
• Isaac Schlueter says “don’t abuse it, or I’ll remove it”
26. There’s Plenty More npm Can Do
For You
• npm is a powerful tool. This is just a quick taste of some of the easiest
ways to access its most useful features
• Some useful links for getting started were at the beginning of the deck
Similar to Ruby’s gem bundler. Closest python equivalent is probably virtualenv, but that also covers virtual environments which in node you get with e.g. nave and Rails with rbenv or similar
There are better, more surgical ways to specify you want a release in the 2.x series, but this will prevent you from getting 3.x. This was a useful example from back when 3.x was first put up on npmjs.org and a bunch of stuff in the above list hadn’t been fully ported to it yet
Can be dangerous, if 1.4.x or 2.x comes out, it might break you if the API changed
Generally should be safe: API should be stable across minor releases, but you will get patches. However, you might want minor release point updates. Only problematic if some early patch versions will not work for you but later ones do
Very safe, but means that to pull in later patches that should be compatible, you would have to update package.json to allow it. May be useful if extreme control over environment is desired
As long as the package doesn’t break you later in the 2.x series than 2.5.2, this should be safe if you don’t want to get version 3 pulled in on you
Reasonable safe and sane option. We’ll get 1.3.3 or greater within the 1.3 series, but not 1.4.x or 2.x. You can do similar for floor within major as well: ~1.3