Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

npm tricks and tips

0
0

npm tricks and tips

I discovered several tips working with NPM on a daily basis. Here are the top ones.

TL;DR: save-exact, npm ci, npm audit fix, npx, updtr, NVM_SYMLINK_CURRENT

I presented those tips to my coworkers, the slides are available online .

Reproducible builds

Problem: your local install can/will differ from another coworkers, even on the CI server!

Cause: Version range are problematic: "rxjs": "^6.2.2"

Greenkeeper.io tells us that 15% of packages break the minor or patch updates:


npm tricks and tips

Solution: Use --save-exact when installing a dependency

$ npm install --save-exact aDependency # Shorter: $ npm i -E aDependency

Better solution: Always exact, never use a range: npm config set save-exact true

$ npm config set save-exact true Installing package

Problem: Using npm install will tries to resolves the dependency graph, possibly installing different versions (because of ranges declared in dependencies, not yours even if you used --save-exact ) and then updating the package-lock.json even if you did not want to.

Solution: Use npm ci which only read the package-lock.json

!


Viewing all articles
Browse latest Browse all 12749