The issue I am facing is npm install locally doesn't give much output with npm v6.14.9 but when deploying to server it gives some meaningless output like
gyp info spawn args ['some properties about Release']
make: entering directory 'directory'
and then goes tonns of output about node-gyp and .cpp files which does not exist in my project. My goal is to remove those outputs. Just FYI installation always successful.
node-gyp is a vital part of npm.
Some npm packages come with native, not Javascript, code inside them. node-gyp's task is to compile that code and make it available for use on your machine. The code has to be compiled because the package author doesn't know whether you'll run your code on MacOs, Windows, Linux, or whatever OS, and the runnable code differs between those systems.
node-gyp isn't a lightweight tool. It needs python and the C++ toolchain. But, if you use a package that needs it, you need it. lzma-native is one such package. Various image-handling packages also need it.
If you don't want to use node-gyp you must remove the package that uses it from your project.
It's good your npm install is successful. If it weren't you would have a challenging troubleshooting task ahead of you.
Pro tip think of your nodejs project as flowers scattered in a river. The flowers are your code, and the river is your packages, the nodejs runtime, and the browsers you use. "Hey, this is wet! I want it dry." is usually not a helpful way of understanding things.
Related
so Leetcode already supports #datastructures-js/priority-queue which is why I could just use
let heap = new MinPriorityQueue()
out of the box. But then I realized when I interview with coderpad or hackerrank, I probably won't have access to the npm package I will need to use these datastructures out of the box like this.
Any advice on how I can make that happen?
I looked at coderpad documentation - and they say I can install any npm package I want, but so far have not found the right way to do it. Any help appreciated!
https://coderpad.io/languages/frontend-frameworks/
CoderPad supports npm command usage via the shell. This means that you can npm i any version of any library in the package ecosystem. You can also create an .npmrc file to customize the install logic of npm.
The shell seems to only be available in "frontend frameworks".
When you select a frontend framework to code in, you’ll notice a multi-pane window that’s similar to what you’d find in popular IDEs.
... The third pane provides an interactive shell, server log output, and a console.
Picking HTML worked for me. It does give you a main.js file, although the regular output window is no longer and there is Console and Logs instead, so it's not quite as convenient as a straight javascript environment.
In Shell:
Starting shell...
~/app $ npm install --save #datastructures-js/priority-queue
added 2 packages, and audited 92 packages in 2s
8 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
In main.js:
import {
PriorityQueue,
MinPriorityQueue,
MaxPriorityQueue,
ICompare,
IGetCompareValue,
} from '#datastructures-js/priority-queue';
let heap = new MinPriorityQueue()
console.log(heap)
Then click Run and check Console to see:
MinPriorityQueue {_heap: MinHeap, constructor: Object}
_heap: MinHeap
<constructor>: "MinPriorityQueue"
I'm trying to learn javascript, and every tutorial I follow gives the same errors or more. I don't understand what any of this is or what it wants me to do. When I go to the url it doesn't fix anything. What do I need to do? Can someone help me with some background reading or something more simple? I know other programming languages, but I don't have any experience with this kind of thing.
found 1 low severity vulnerability in 3522 scanned packages 1 vulnerability requires manual review. See the full report for details. ➜ web-dev-starter git:(master) ✗ npx npm-force-resolutions npx: installed 5 in 1.27s ➜ web-dev-starter git:(master) ✗ npm install audited 3522 packages in 1.712s
2 packages are looking for funding run npm fund for details
found 1 low severity vulnerability run npm audit fix to fix them, or npm audit for details ➜ web-dev-starter git:(master) ✗ npm fund js-starter-code#1.0.0 ├─┬ https://github.com/sponsors/isaacs │ └── glob#7.1.6 └─┬ https://github.com/sponsors/ljharb └── resolve#1.15.1
➜ web-dev-starter git:(master) ✗
I don't know who these people or this git hub is. Do I have to join a membership to get the code? What is this?
GitHub is a very popular website used by developers to collaborate on projects. It is a place where you can upload your code, and other people can download it to their own machine, work on it, and suggest changes. If you want to join GitHub you can go to github.com and create an account for free.
There is a bunch of stuff to learn about using their site, particularily about the tool called git. This is a tool that helps you keep track of changes and updates you make to files in your project. I suggest starting at GitHub's own resources if you want to learn git.
You don't need to do either to fix your vulnerabilities, though. Let's try to figure out what is going on.
When you are doing tutorials, you are probably given some boilerplate code (that is, some code that someone else wrote for you) that you have to download to your own computer. The first step in the tutorial is most likely telling you to do something like this in your Terminal:
$ cd path/to/project
$ npm install
Here, npm is Node package manager. For our purposes, npm is a collection of software that you can download with your Terminal and then include in your code. For example, if you are writing an express application in JavaScript, you need to start your files with
const express = require('express');
JavaScript knows about express (or react or whatever software you are using) because npm installed them for you when you ran npm install. When you call this command, npm looks in the file called package.json and installs the software listed there.
Sometimes, there may be a vulnerability detected in one of the pieces of software npm installs; maybe there is something about it that opens your application up for malicious attacks or workarounds if your software goes live on the internet. When these are discovered and registered, npm will tell you about them.
Note that if you are not using your application on anything that is going to be used by others, you don't really have to worry about these vulnerabilites. But if you want to fix them, you can write
$ npm audit fix
into your Terminal, and let npm take care of it for you. Then npm will try to upgrade the affected software to a newer version where the vulnerability has been fixed.
As a final sidenote, even though you are maybe only using one or two pieces of software from npm, you may note that it is installing a lot more than that. This is because a lot of the software kept by npm depends on other software from npm, and so on.
I'm a little confused as to why I can't get my Gruntfile.js to run, here's the rub:
I installed grunt globally using npm. It lives in my /usr/local/bin/ directory, here it is:
Previously, I'd installed node.js using homebrew, then grunt with npm. Other issues led me to uninstall node via homebrew & reinstall node directly from the disk image node provides.
In my web project's index, there's a Gruntfile.js script that rebuilds my jekyll site everytime live-reload updates. When I run grunt, I get this message:
What I'm trying to wrap my head around:
Why isn't /usr/local/bin/grunt a valid path? Grunt exists at that location. My guess was that running grunt locally, from within my website's index, would fix things.
There's a node_modules folder there & everything was working fine before after all. I found this link, and tried running \grunt to bypass the bash alias, but that had no effect.
Any advice/suggestions are much appreciated! I feel like an imbecile using things, breaking things & not understanding why/how. Eager to finish my project, get a paycheck & finally have time to learn the ins and outs of terminal, bash & popular package managers so I don't run into these sorts of problems...
After discussion with OP, I find this is a Node.js environment issue. After install - do something - uninstall - reinstall in another way - do something, somehow, when npm install -g XXX is executed, the symbolic link is created and point to some place, but the package is installed some where else. That's why OP see /usr/local/bin/grunt but cannot run it.
I've recommended OP to clean up all Node.js stuff, make a clean environment and start right from the beginning.
What are the differences between Yarn and NPM?
At the time of writing this question I can only find some articles on the Internet showing what's the Yarn equvalent of an NPM command like this.
Do they have the same functionalities (I know Yarn does local caching and looks like you only need to download a package once) but other than this is there any benefits for moving from NPM to Yarn?
UPDATE: March 2018 (bit late...)
Since version 5, npm
generates a 'lockfile' called package-lock.json that fixes your entire dependency tree much the same way the yarn (or any other) locking mechanism does,
A tool has been made
--save is now implied for npm i
Better network and cache usage
npm 5.7.0 further introduced the npm ci command to install dependencies more quickly in a continuous integration environment by only installing packages found in the package-lock.json (reporting an error if the package-lock.json and package.json are not synchronized).
Personally, I still use npm.
Original
I am loathe to quote directly from docs, but they do a great job of explaining why, concisely enough that I don't see how to further summarize the ideas.
Largely:
You always know you're getting the same thing on every development
machine
It paralellizes operations that npm does not, and
It makes more efficient use of the network.
It may make more efficient use of other system resources (such as RAM) as well.
What are people's production experiences with it? Who knows, it's an infant to the general public.
TL;DR from Yehuda Katz:
From the get-go, the Yarn lockfile guarantees that repeatedly running
yarn on the same repository results in the same packages.
Second, Yarn attempts to have good performance, with a cold cache, but
especially with a warm cache.
Finally, Yarn makes security a core value.
Nice blog post
“NPM vs Yarn Cheat Sheet” by Gant Laborde
Slightly longer version from the project:
Fast: Yarn caches every package it downloads so it never needs to
again. It also parallelizes operations to maximize resource
utilization so install times are faster than ever.
Reliable: Using a detailed, but concise, lockfile format, and a
deterministic algorithm for installs, Yarn is able to guarantee that
an install that worked on one system will work exactly the same way on
any other system.
Secure: Yarn uses checksums to verify the integrity of every installed
package before its code is executed.
And from the README.md:
Offline Mode: If you've installed a package before, you can install it again without any internet connection.
Deterministic: The same dependencies will be installed the same exact way across every machine regardless of install order.
Network Performance: Yarn efficiently queues up requests and avoids request waterfalls in order to maximize network utilization.
Multiple Registries: Install any package from either npm or Bower and keep your package workflow the same.
Network Resilience: A single request failing won't cause an install to fail. Requests are retried upon failure.
Flat Mode: Resolve mismatching versions of dependencies to a single version to avoid creating duplicates.
More emojis. 🐈
What is PNPM?
pnpm uses hard links and symlinks to save one version of a module only ever once on a disk. When using npm or Yarn for example, if you have 100 projects using the same version of lodash, you will have 100 copies of lodash on disk. With pnpm, lodash will be saved in a single place on the disk and a hard link will put it into the node_modules where it should be installed.
As a result, you save gigabytes of space on your disk and you have a lot faster installations! If you'd like more details about the unique node_modules structure that pnpm creates and why it works fine with the Node.js ecosystem, read this small article: Why should we use pnpm?
How to install PNPM?
npm install -g pnpm
How to install npm package using PNPM?
pnpm install -g typescript // or your desired package
Benefits of PNPM over Yarn and NPM
Here is progress-bar showing installation time taken by NPM, YARN and PNPM (shorter-bar is better)
Click for Complete check Benchmark
for more details, visit https://www.npmjs.com/package/pnpm
Trying to give a better overview for beginners.
npm has been historically (2010) the most popular package manager for JavaScript. If you want to use it for managing the dependencies of your project, you can type the following command:
npm init
This will generate a package.json file. It contains all the dependencies of the project.
Then
npm install
would create a directory node_modules and download the dependencies (that you added to the package.json file) inside it.
It will also create a package-lock.json file. This file is used to describe the tree of dependecies that was generated. It allows developpers to install exectly the same dependencies. For example, you could imagine a developper upgrading a dependency to v2 and then v3 while another one directly upgrading to v3.
npm installs dependencies in a non-deterministically way meaning the two developper could have a different node_modules directory resulting into different behaviours. **npm has suffered from bad reputation as for example
in February 2018: an issue was discovered in version 5.7.0 in which running sudo npm on Linux systems would change the ownership of system files, permanently breaking the operating system.
To resolve those problems and others, Facebook introduced a new package manager (2016): Yarn a faster, more securely, and more reliably package manager for JavaScript.
You can add Yarn to a project by typing:
yarn init
This will create a package.json file. Then, install the dependencies with:
yarn install
A folder node_modules will be generated. Yarn will also generate a file called yarn.lock. This file serve the same purpose as the package-lock.json but is instead constructed using a deterministic and reliable algorithm thus leading to consistant builds.
If you started a project with npm, you can actually migrate to Yarn easily. yarn will consume the same package.json. See Migrating from npm for more details.
However, npm has been improved with each new releases and some projects still uses npm over yarn.
The answer by #msanford covers almost everything, however, I'm missing the security (OWASP's Known Vulnerabilities) part.
Yarn
You can check them using yarn audit, however, you cannot fix them. This is still an open issue on a GitHub (https://github.com/yarnpkg/yarn/issues/7075).
npm
You can use npm audit fix, so some of them you can fix by yourself.
Both of them, i.e. npm audit & yarn audit have their own Continuous Integration tools. These are respectively https://github.com/IBM/audit-ci (used, works great!) and https://yarnpkg.com/package/audit-ci (haven't used).
npm:
The package manager for JavaScript. npm is the command-line
interface to the npm ecosystem. It is battle-tested, surprisingly
flexible, and used by hundreds of thousands of JavaScript developers
every day.
NPM generates a correct lock file whereas a Yarn lock file could be
corrupt in some cases and has to be fixed with yarn-tools
Yarn:
A new package manager for JavaScript. Yarn caches every package it
downloads so it never needs to again. It also parallelizes
operations to maximize resource utilization so install times are
faster than ever.
Yarn doesn't support login with a password (while NPM does)
When you install a package using Yarn (using yarn add packagename), it places the package on your disk. During the next install, this package will be used instead of sending an HTTP request to get the tarball from the registry.
Yarn comes with a handy license checker, which can become really powerful in case you have to check the licenses of all the modules you depend on.
If you are working on proprietary software, it does not really matter which one you use. With npm, you can use npm-shrinkwrap.js, while you can use yarn.lock with Yarn.
For more information please read the following blog
https://blog.risingstack.com/yarn-vs-npm-node-js-package-managers/
Yarn
Advantages::
Supports features like parallel installation and
Zero-Install results in better performance
More secure
Large active user community
Disadvantages::
Doesn’t work with older versions of Node.js (lower than version 5)
Problems with installing native modules
NPM
Advantages::
Ease of use, especially for developers working with older
versions.
Optimized local package installation to save hard drive space.
Disadvantages::
Security vulnerabilities are still there
Conclusion:
Is Yarn better than NPM?
In terms of speed and performance Yarn is better than NPM because it performs the parallel installation. Yarn is still more secure than NPM. However, Yarn uses more disk space than NPM.
My NodeJs is working fine but i have an issue I'm not seeing $ in the prompt as most example point.
Another issue is when i put sudo I dont get anything.Things I have tried are the following
$ sudo npm install npm -g
/usr/bin/npm -> /usr/lib/node_modules/npm/bin/npm-cli.js
npm#2.7.1 /usr/lib/node_modules/npm
given on the following Website
http://www.tutorialspoint.com/nodejs/nodejs_npm.htm
Apologies am very new to Node.JS.Please help
I'm going to explain this in terms familiar to MS windows.
$ npm --version
^ dollar sign is the same as "C:\" in windows.
It just means "from here..." in the most basic terms I can use.
You don't need the dollar sign for anything in that tutorial.
"sudo" means "elevate to an administrator level" similar to opening a command line terminal "in administrator mode." But for Linux (Ubuntu and Mac as *NIX) systems.
--version can be called as "-v" most of the time and means "for the thing I've named before, in this case "npm" show me the version.
Once you've installed NodeJS it comes with a "package manager" called NPM. The best way to relate this to windows is by considering it a command line version of an "installation" that installs different programs as you tell it to with different options.
"npm install -g" means "Hey NPM! Install to EVERYWHERE(call from command line/terminal/bash) the thing I Tell you next. "npm install -g express" for example, means hey NPM, install "expressJS" globally, so I can use the terminal to write commands(micro apps) from the expressJS I just installed with node.
"npm install --save" means hey, install this microapp, but ONLY let me use it in THIS EXACT FOLDER I'm in, and let anyone else that is in this folder know they need to install it to use this application I'm making.
"npm init" Is actually the FIRST thing you should do in any node project folder. It creates the "package.json" file in the current directory, and it will define the folder you're in as the folder to start installing stuff you "npm install" to the "node_modules" folder that will show in the folder you're currently in.
If you want to tinker with NodeJS code, and you don't want to tamper with your local machine and install all kinds of stuff you're not totally sure about yet you can use "REPL.it" (https://repl.it/languages/nodejs) the white window on the right is treated like a file you'd run in node. The dark window on the right is an actual NODE TERMINAL that you can run nodejs commands/code in directly.
There's one other good resources in general and that is here (https://devdocs.io/) it's called "Devdocs" and it has Node, npm, and express code examples, clean explanations, and examples that you can download directly to your local machine.
I hope that gets you moving with NodeJS. It's hard to understand, but with a bit of try and fail you'll start to try more and fail less. Cheers!