Hello guys, this time I would like to write about How to Use NPM Package Manager. When we are getting started to learn NodeJS, understanding about NPM Package Manager is the most important part. I think this should be a fundamental basic step learning about NodeJS. So let’s check this out.

I write this article is for user who getting started to learning NodeJS. So if you already understand how to use NPM Package Manager, you are allowed to read again this article in order to remember what is exactly NPM and how to use NPM in the right way.

What is NPM Package Manager?

NPM Package Manager is a public package library for JavaScript programming. There is a million public repository in NPM that you can use it as free for your project. With using NPM, there is a feature for managing the version of it’s library. You are able to install, remove, update and audit the installed libraries so you can maintain it so easily.

How to Install NPM Package Manager?

NPM is bundling with NodeJS, means that when you already install NodeJS, you also install a NPM Package Manager. So you are not required to install NPM Package Manager manually. To make sure your system is having NPM you can just run this command in your terminal or cmd.

1
$ npm -v

When I write this article, the current NPM version at this time is 6.11.3. If you can not see the npm version, maybe you are fail to install NodeJS. To make sure NodeJS has installed correctly in your system, is just run this command in your terminal or cmd.

1
$ node -v

If you are install NodeJS for the LTS version, when I write this article the current version of NodeJS is still v10.17.0.

How to use NPM Package Manager?

In this section I just write the common use of NPM, because it will too long didn’t read if I explain all the NPM features completely.

Getting Started

To start using NPM Package Manager, actually you don’t have to always open your terminal or cmd. There is more easy way, make sure you have an empty or an exists project source code. If you don’t have one, just create a new project by create an empty directory name learn-npm. Let’s now open your Visual Studio Code, then open your project source code. Open a terminal in Visual Studio Code by click CTRL + `.

So you will see a Terminal Box at bottom right in your Visual Studio Code like this

with this way, is more easier, because you can directly build your source code with an embedded terminal in Visual Studio Code. Also you only open one application instead multiple application just only to open terminal or cmd beside with Editor code.

Generate package.json

To install a library from NPM Package Manager, it’s required to generate a package.json file. If you don’t have it, you are not allowed to install a library from NPM Package Manager.

So here is the simple way to generate a package.json file, open your terminal inside Visual Studio Code by pressing CTRL + ` then run this command below.

1
$ npm init

After you run it, you will asked to fill some information about your project like in this picture below.

Then the generated package.json file is like below

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
{
"name": "learn-npm",
"version": "1.0.0",
"description": "Learning NPM Package Manager",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [
"learn",
"learning-npm",
"npm-tutorial"
],
"author": "M ABD AZIZ ALFIAN",
"license": "MIT"
}

Install a library

After we have a package.json, now we can just install a library from NPM Package Manager.

For example we want to install fly-json-odm.

1
$ npm install fly-json-odm

Now check again your package.json file, you will see there is new line with name dependencies

1
2
3
"dependencies": {
"fly-json-odm": "^1.9.1"
}

What is dependencies?
Property name dependencies in package.json file is a list of library you just installed for main project. You are able to add more library inside it. For example we want to install another library name text-obfuscator.

1
$ npm install text-obfuscator

Now check again in your package.json file, then you will see the property name dependencies now has updated.

1
2
3
4
"dependencies": {
"fly-json-odm": "^1.9.1",
"text-obfuscator": "^1.0.2"
}

Install a library for development

You are already learn how to install a library for main project at above. But now how if we want to install a library for development purpose? Yes, there is another property name called devDependencies, in NPM Package Manager this will work for development environment, espcially for unit test in NPM.

Actually your devDependencies library will not included to getting installed for main project. If you see a package.json file at text-obfuscator repository. You will see, there is devDependencies in that project, but it’s not installed in your learn-npm project. You can make sure to looking for inside node_modules directory, and I’m sure you will not find it.

To install a library for development purpose is like below

1
$ npm install mocha --save-dev

Now check your package.json in your current project learn-npm, you will see a new property name devDependencies like this

1
2
3
"devDependencies": {
"mocha": "^6.2.2"
}

Update all installed libraries

To update all installed libraries in your package.json is like this

1
npm update

Then your dependencies libraries will updated automatically to the latest of it’s version.

Uninstall a library

To uninstall or delete some library in your package.json, is like this

1
$ npm uninstall text-obfuscator

See this picture for detail

Now check again your package.json file, you will see that text-obfuscator library has been removed. So your dependencies property right now will be like this.

1
2
3
"dependencies": {
"fly-json-odm": "^1.9.1"
},

Audit all libraries

If you are working with a lot of libraries, sometimes several libraries could be outdated and maybe there is a vulnerability in your current project. To detect this you can just run an audit with a command like this

1
$ npm audit

Then the NPM will scanning to your all libraries and giving you the result like this picture below.

If your libraries has a vulnerability, NPM will giving you a result like this picture

How to test to install a vulnerable library?
You can try to install a vulnerable library by this command below

1
$ npm install mailjs

Then try to audit it by yourself.

Note:

  • If this library has been updated, you have to look it by yourself. Most of vulnerable libraries is using an old lodash dependency.

How to update the NPM Package Manager

NPM Package Manager is always updated by NodeJS team developer. If you seen this picture like below this

It means that there is update for NPM Package Manager. To update it just run this command below

1
$ npm install -g npm

If you run it, you will getting an error in linux like this picture

Why I getting error?
If you see closely at this command

1
$ npm install -g npm

There is -g in your command which is means NPM will install it as global. You are getting error because you need a permission to install it as global in your filesystem.

To fixed this you can just run this command below

1
$ sudo npm install -g npm

If you are using windows, unfortunately you have to close your Visual Studio Code, then open it with Run As Administrator.

Now you are able to update the latest version of NPM Package Manager. To make sure, you can just check the NPM version by run this command

1
$ npm -v

See this picture below for detail

How to run scripts in package.json

If you see in your package.json, there is a property name scripts like this

1
2
3
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},

It was created automatically if you are not specify the command for running unit test when generating a package.json file.

If you are have no unit test environment, just leave as it.

Now to run the scripts in package.json is like this

1
$ npm run test
  • Add hello command in scripts

test is the property name inside scripts in package.json. Actually we can add more scripts inside property name scripts, for example now we try to run hello world. Now update your scripts like this

1
2
3
4
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1",
"hello": "echo \"hello world\""
},

Now to run your new hello command in scripts is just like this

1
$ npm run hello

Then your scripts is executed, see in this picture

  • add server command in scripts

Actually you can just run a server from this scripts, so let’s create a simple server then execute it by using scripts.

  1. Now create a new file index.js
  2. Paste this code inside index.js
    1
    2
    3
    4
    5
    6
    7
    var http = require('http');

    http.createServer(function(req, res){
    res.end("Hello Server!");
    }).listen(3000);

    console.log("Now server running on http://localhost:3000");
  3. saved it and done.

Actualy this index.js file is can be executed directly with command below

1
$ node index.js

But because we want it to be executable from scripts, now update your scripts like this

1
2
3
4
5
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1",
"hello": "echo \"hello world\"",
"server": "node index.js"
},

So now let’s run the server command in scripts like this

1
$ npm run server

Then open your browser to http://127.0.0.1:3000. You will see a text hello server! in browser page.
To stop it just press CTRL + C in your terminal.

Conclusion

NPM Package Manager will help you more easier to manage your libraries for your main project. We have already learning about how to install, update, uninstall and audit the libraries. Also learning about dependencies, devDependencies and scripts in package.json.

Actually there is a lot of features in NPM Package Manager which is I can not to explain all in this article. If you want to learn more about NPM Package Manager, Please read it at here.

Also if you want to create your own library or want to start being a contributor. There is another article about Create Professional Library in NPM which is you must read it now.

Thank you for your time to reading my article.