I discovered several tips working with NPM on a daily basis. Here are the top ones.
TL;DR: save-exact, npm ci, npm audit fix, npx, updtr, NVM_SYMLINK_CURRENT
I presented those tips to my coworkers, the slides are available online .
Reproducible buildsProblem: your local install can/will differ from another coworkers, even on the CI server!
Cause: Version range are problematic: "rxjs": "^6.2.2"
Greenkeeper.io tells us that 15% of packages break the minor or patch updates:
Solution: Use --save-exact when installing a dependency
$ npm install --save-exact aDependency # Shorter: $ npm i -E aDependencyBetter solution: Always exact, never use a range: npm config set save-exact true
$ npm config set save-exact true Installing packageProblem: Using npm install will tries to resolves the dependency graph, possibly installing different versions (because of ranges declared in dependencies, not yours even if you used --save-exact ) and then updating the package-lock.json even if you did not want to.
Solution: Use npm ci which only read the package-lock.json
!