Brad Woods Digital Garden

Notes / Misc / npm

The Warhammer 40k Adeptus Mechanicus symbol

Table of contents

    The letters 'npm'

    npm

    Planted: 

    Tended: 

    Status: decay

    Hits: 90

    npm is a package manager for JavaScript.

    The letters 'v1.0.1'.

    SemVer

    This note requires knowledge of SemVer (Semantic Versioning Specification). The purpose of SemVer is to help communicate what changed when a new version of a package is released. It splits software version numbers into 3 integers (seperated by points). A release is categorised as 1 of the following:

    Old VersionNew VersionCategoryDescription
    v1.0.0v1.0.1PATCHBug fixes were added in a backwards compatible manner.
    v1.0.0v1.1.0MINORFunctionality was added in a backwards compatible manner.
    v1.0.0v2.0.0MAJORIncompatiable API changes were made.
    A penny-farthing bicycle.

    Outdated Packages

    To list outdated packages within a project, in the terminal, enter:

    > npm outdated_
    A table of package names and versions.

    For each package, this will display:

    • Current: the current version of a package within the project.
    • Wanted: the maximum version of the package that satisfies the SemVer range specified in package.json. For example:
      • ~1.0.1 tells npm to install 1.0.1 or the latest PATCH version of a package.
      • ^1.0.1 tells npm to install 1.0.1 or the latest PATCH version or the latest MINOR version of a package.
    • Latest: the version of the package tagged as latest in the npm registry (publishers running npm publish with no special configuration will publish the package with a dist-tag of latest).

    Update Packages

    To update all packages, in the terminal, enter:

    > npm update --dd_

    This will update packages to the latest MINOR version. If a publisher has done a MAJOR release since you installed it, npm update will still only update to the lastest MINOR version. This is to encourage doing major package upgrades 1 package at a time, manually. There is a chance that a MAJOR upgrade will break your project. Doing them 1 at a time makes it eaiser to identify and fix any resulting bugs. The --dd flag will provide error message if npm update doesn’t work.

    Audit Packages

    When installing packages, npm install, you sometimes see this message:

    A message in the terminal.

    This displays packages in your project that have released a new version that fixes vulnerabilities. This means your codebase will contain vulnerabilities until you upgrade certain packages. To fix this, in the terminal, run:

    > npm audit fix_

    This will upgrade packages to a version that includes the vulnerability fixes. Vulnerabilities can also be displayed in the terminal by entering the command: npm audit.

    References

    Feedback

    Have any feedback about this note or just want to comment on the state of the economy?

    Where to next?

    Notes
    Misc
    Accessibility
    CORS
    Commit message convention
    Dev cycle
    News
    Team work
    Arrow pointing downYOU ARE HERE
    npm
    robots.txt
    A Johnny Cab pilot