8 npm Tricks You Can Use to Impress Your Colleagues
As a JavaScript developer, you likely use npm on a daily basis to install packages, manage dependencies, and automate tasks in your projects. With over 1.5 million packages in the registry, npm is an essential tool in any node.js developer‘s toolkit.
While most developers are familiar with the basics of searching for packages and installing them with npm install, npm is a powerful tool with many tricks and shortcuts that can save you time and impress your colleagues with your npm expertise. In this post, we‘ll explore eight lesser-known npm techniques that will take your npm skills to the next level.
1. Configure defaults to save time
Every time you create a new package with npm init, npm walks you through a questionnaire to determine the package name, version, description, keywords, and other fields for the package.json manifest file. While this is helpful the first few times, you likely want to customize some default values to save time in the future.
You can configure many default values in an .npmrc file in your home directory. For example, to set a default author name, license, and initial version for all new packages you create, add the following to ~/.npmrc:
init-author-name=Joe Developer
init-license=MIT
init-version=0.0.1With these in place, running npm init -y will generate a new package.json with your default values already populated, streamlining the process of initializing a new package.
2. Use npx to execute packages
Introduced in npm version 5.2, the npx tool allows you to execute a package directly, without needing to install it globally or add it to your project‘s dependencies. This is useful for trying out a package quickly or running one-off commands.
For example, to get a quick weather forecast in your terminal using the wttr.in package, you could run:
npx wttr.inRather than first installing the package globally with npm install -g wttr.in, npx will fetch the package if needed, execute it, then clean up after itself.
Using npx shows you keep up with the latest npm has to offer and makes it easy to run quick, one-off commands without cluttering up your environment.
3. Prune unused packages
As projects grow and evolve, you inevitably end up with packages in your node_modules folder that are no longer being used. This can bloat the size of your project and slow down installations.
npm provides a handy command to clean up unused packages:
npm pruneRunning npm prune will remove any packages from node_modules that are not listed as dependencies in package.json. You can also pair it with the --production flag to prune dev dependencies in production environments.
Pruning unused dependencies keeps your project lean and is sure to earn the admiration of your efficiency-minded teammates.
4. Lock down dependencies
Inconsistent dependency versions are a common cause of "works on my machine" bugs. By default, when someone runs npm install, npm will fetch the latest versions of packages that satisfy the version ranges specified in package.json. This means dependencies could be upgraded even when you‘re just installing a new package.
To avoid this, commit your package-lock.json or yarn.lock file to source control. These lockfiles specify the exact versions of each dependency that were installed.
You can then use npm ci instead of npm install to install dependencies exactly as specified in the lockfile, giving you more consistent, reproducible builds:
npm ciThis is especially important when setting up continuous integration/continuous deployment (CI/CD) workflows. By using npm ci in a clean environment, you ensure dependencies are always installed consistently based on the lockfile, not the potentially loose version ranges in package.json.
5. Open a package‘s repo from the command line
When you come across an interesting package or encounter an issue, one of the first things you likely do is head to the package‘s GitHub repository to check out the code and documentation.
However, there‘s no need to head over to GitHub and manually search for the package. Instead, you can use npm‘s repo command to open the repository URL in your browser automatically:
npm repo lodashRunning this command will open the repository URL for the lodash package in your default web browser. It‘s a convenient trick for quickly accessing a package‘s source code.
6. Customize npm init
In addition to configuring defaults, you can further customize the npm init questionnaire itself by setting config values in .npmrc.
For example, to add a default author email, author URL, and bugs URL to the questionnaire (and resulting package.json), add the following to ~/.npmrc:
[email protected]
init-author-url=https://example.com
init-bugs-url=https://github.com/joe/project/issuesNow when you run npm init, you‘ll be prompted to input these additional fields, streamlining the package setup process even further.
Customizing npm init shows you understand the ins and outs of npm configuration. Plus, the saner your defaults, the less time you spend setting up new packages.
7. Link local packages for development
When developing multiple packages locally that depend on each other, you may find yourself needing to test changes to one package in the context of another. While you could use npm install with a file path to install the local version, npm provides a better way with npm link.
The npm link command creates a symlink in the global node_modules folder that points to your local package directory. You can then link that global symlink into other local projects, allowing you to develop and test changes in real-time without needing to manually reinstall the package repeatedly.
For example, say you have a local api package that you want to test in your web package:
cd ~/projects/api
npm link
cd ~/projects/web
npm link apiAfter running npm link in the api package directory, running npm link api in the web package directory will create a symlink in web/node_modules/api that points to your local api package. Any changes you make to the api package will be instantly available in the web project.
Once you‘re finished developing, you can unlink the package with npm unlink:
cd ~/projects/web
npm unlink apiUsing npm link is a huge time-saver when developing multiple dependent packages and will impress colleagues with your npm know-how.
8. Audit packages for security vulnerabilities
With the staggering number of packages in the npm registry, it‘s important to be aware of potential security issues in your dependencies. Luckily, npm makes it easy with the npm audit command.
Running npm audit will check your installed packages against known security vulnerabilities and display a report of any issues found, along with recommendations for how to resolve them:
npm auditTo automatically install compatible updates to vulnerable packages, you can use:
npm audit fixThis will fetch the latest versions of any packages that have published fixes for security flaws.
Regularly auditing your project for vulnerabilities shows a commitment to security best practices and keeps your applications safe from potential exploits. Be sure to impress upon your team the importance of running npm audit periodically, especially after installing new dependencies.
Conclusion
We‘ve covered eight npm tricks that are sure to take your npm game to the next level and wow your colleagues:
- Configure defaults to save time
- Use npx to execute packages
- Prune unused packages
- Lock down dependencies
- Open package repos from the command line
- Customize npm init
- Link local packages for development
- Audit packages for security vulnerabilities
Of course, these are just a few of the many features and tricks npm has to offer. To really master npm, be sure to read through the official npm documentation. The more you learn about npm‘s powerful options and configuration, the more efficient and effective you‘ll be at managing JavaScript projects.
Spending time to learn the ins and outs of your tools is always a worthy investment. The next time a colleague is impressed by your clever use of an npm trick, be sure to share your knowledge and spread the npm mastery!