Working with NPM and Packages

We already used NPM, the Node Package Manager, in order to install a single package and its dependencies for the example project in The Node Beginner Book.

However, there is much more to NPM, and a more thorough introduction is in order.

The most useful thing that NPM does isn't installing packages. This could be done manually with slightly more hassle. What's really useful about NPM is that it handles package dependencies. A lot of packages that we need for our own project need other packages themselves. Have a look at h t t p s ://n p m j s . o r g /p a c k a g e /r e q u e s t, for example. It's the overview page for the NPM package request. According to its description, it provides a simplified HTTP request client. But in order to do so, request not only uses its own code. It also needs other packages for doing its job. These are listed under Dependencies: qs, json-stringify-safe, and others.

Whenever we use the NPM command line tool, npm, in order to install a package, NPM not only pulls the package itself, but also its dependencies, and installs those as well.

Using npm install request is simply a manual way to implicitly say my project depends on request, please install it for me. However, there is an explicit way of defining dependencies for our own projects, which also allows to have all dependencies resolved and installed automatically.

In order to use this mechanism, we need to create a control file within our project that defines our dependencies. This control file is then used by NPM to resolve and install those dependencies.

This control file must be located at the top level folder of our project, and must be named package.json.

This is what a package.json file looks like for a project that depends on request:

{
   "dependencies": {
     "request": ""
   }
 }

Having this file as part of our code base makes NPM aware of the dependencies of our project without the need to explicitly tell NPM what to install by hand.

We can now use NPM to automatically pull in all dependencies of our project, simply by executing npm install within the top level folder of our code base.

In this example, this doesn't look like much of a convenience win compared to manually installing request, but once we have more than a handful of dependencies in our projects, it really makes a difference.

The package.json file also allows us to pin dependencies to certain versions, i.e., we can define a version number for every dependency, which ensures that NPM won't pull the latest version automatically, but exactly the version of a package we need:

{
   "dependencies": {
     "request": "2.27.0"
   }
 }

In this case, NPM will always pull request version 2.27.0 (and the dependencies of this version), even if newer versions are available.

Patterns are possible, too:

{
   "dependencies": {
     "request": "2.27.x"
   }
 }

The x is a placeholder for any number. This way, NPM would pull in request version 2.27.0 and 2.27.5, but not 2.28.0.

The official documentation at h t t p s ://d o c s . n p m j s . c o m /m i s c /s e m v e r has more examples of possible dependency definitions.

Please note that the package.json file does much more than just defining dependencies. We will dig deeper in the course of this book.
For now, we are prepared to use NPM for resolving the dependencies that arise in our first project – our first test-driven Node.js application.

Downloading the example code
You can download the example code files for this book from your account at  h t t p ://w w w . p a c k t p u b . c o m . The code bundle for the book is also hosted on GitHub at 
https://github.com/PacktPublishing/The-Node-Craftsman-Book