Installing Local Packages

9:12 with Andrew Chalkley

There are two ways to install an npm package. In this video we'll take a look at the types of packages you'd include in a project you're coding.

Teacher's Notes
Video Transcript
Downloads

Issues installing bcrypt?

If you are getting errors in the console while installing bcrypt, run npm install bcryptjs instead. Then require bcryptjs in app.js. For example:

var unsecurePlainTextPassword = "password";
var bcrypt = require('bcryptjs');

bcrypt.genSalt(10, function(err, salt) {
  bcrypt.hash(unsecurePlainTextPassword, salt, function(err, hash) {
    console.log(hash);
  });
});

Terminal Commands

Clear the screen
- clear

npm Command Line Usage

See list of commands
- npm
Get help for a command
- npm <command> -h
- e.g. npm install -h
Installing a package
- npm install <package_name>
- e.g. npm install bcrypt
- e.g. with a flag npm install bcrypt --python=mySpecialPythonExecutable

Documentation

0:00
We found a package we want to use, bcrypt.
0:03
But how do we install it?
0:04
If you want to follow along you can either install this package on your computer or
0:09
you can launch the workspace for this video.
0:12
Since NPM is a command line tool, we'll spend most of our time in the console.
0:17
If you're working with MPM installed on your own computer, you'll use the command
0:22
prompts if you're a Windows user or the terminal application if you're on a Mac.
0:26
Let's make some space so we can see what we're doing.
0:33
Type npm, and this shows all possible commands that you can use with npm.
0:38
There is a command called install.
0:43
If you ever want any help on a command, type npm,
0:47
the command, and then -h.
0:54
As you can see,
0:55
there are several different ways to call the install command.
0:59
Npm install, npm install with the package name, mpm installed with the package and
1:05
git tag or version number, you can install it from another folder.
1:10
You can install it from a tarball file.
1:13
A tarball is a file former that combines multiple files into a single file.
1:19
This could be a file on your local computer or hosted remotely on a server.
1:25
Finally, you can install it via the git url or
1:28
even just by pointing to the git hook project for a particular git hook user.
1:34
You can use the clear command to clear out the console at any point.
1:39
We know the name of the package we want, and we want the latest version.
1:43
Because we always want the most up to date version of this package,
1:47
we don't need to include a version number.
1:50
So lets type mpm install bcrypt.
1:58
Mpm goes to the mpm online repository of packages.
2:02
And it asks for the latest version.
2:04
MPM downloads the package and installs it.
2:08
Unless there's any issues, which there is in this case.
2:12
B crypt depends on a version of python between these two versions.
2:17
In workspace, the version of python is 3.4.1.
2:27
However, the message, when we tried to install bcrypt,
2:33
said that we could use the Python flag.
2:37
This is so we can specify another version of Python.
2:43
In workspaces we have Python 2 installed as the python2 command.
2:55
We can use this with our python flag.
3:14
This time it installed successfully.
3:17
B crypt itself requires a couple other MPM packages as well, and
3:21
it installs them too.
3:25
Bindings and nam.
3:27
I have no idea what to do, and you don't need to worry about them either.
3:31
They're what B crypt needs, and that's good enough for me.
3:35
Node-gyp is a node module that helps node compile
3:40
other programming languages so it can be used by your node.js Java script code.
3:46
You may see something like this from time to time so so
3:48
don't get too startled when you see something like this.
3:51
Also flags like --python aren't that common either.
3:55
A lot of npm packages are just plain JavaScript.
3:59
It requires no compiling and no flags.
4:02
So where is the package installed?
4:05
Npm creates a special folder called node modules.
4:09
If we go to the file tree on the left and then right click and go down to refresh,
4:15
you'll see the node_modules folder, in the node_modules folder there's
4:20
a bcrypt folder and in there it contains all of the code the package requires.
4:29
You'll also see the center of the node_modules folder containing bcrypt
4:33
dependencies too.
4:35
In the upcoming version of npm, npm three,
4:39
all dependencies are put in the top level node modules folder.
4:44
You rarely need to do anything in these folders.
4:47
You may want to look at some of the source code if something is
4:49
really plaguing your project, but mostly you'll leave this alone and
4:54
let npm handle the contents of this folder.
4:57
You've installed the module on your computer or
5:00
workspace, but how do you include it in your JavaScript project?
5:04
A common usage for
5:06
bcrypt is to create secure strings of passwords to store in a database.
5:11
Why don't we use bcrypt to encrypt passwords?
5:14
We start be creating an @js file.
5:36
Let's create a hash for a string of password.
5:52
To learn how to use bcrypt we can either go to the packages page on npm,
5:56
its GitHub project repository, or if we're without the Internet,
6:01
we could look at the read me in the bcrypt folder.
6:06
Let's take a look at the recommended usage and copy the example code into our app.js.
6:27
Let's replace this string that resembles bacon with our unsecured plain
6:31
text password and go over what this does.
6:34
We used the required function with the name of the module to include
6:39
that module's code in our app.js file.
6:42
Notice how we're not including the file path to the bcrypt code.
6:47
There's a special file in the bcrypt folder called package.json.
6:53
This tells node which files to include when including this module.
6:58
In the package.json, there's a key of main and
7:01
the path to the file that we want to include.
7:07
In this case is the bcrypt.js file.
7:17
Then we use one of bcrypt's methods to generate a unique string or
7:21
salt, and we use that to generate another unique,
7:25
unrecognizable string or hash from the original password string.
7:31
Let's log this hash out.
7:41
In the command line, when we run node
7:46
app.js, We get a unique string,
7:51
a hash generated from our password and salt.
7:57
This course isn't about encrypting passwords or checking encrypted passwords.
8:02
However, if you are feeling adventurous, read the documentation to see how to
8:06
check a password against a generated hash like this one.
8:10
This is something that you'll want to do frequently.
8:13
Storing plain text passwords in a bad idea.
8:16
If your database is compromised by a security breach, a hacker can see them and
8:21
use the passwords to access email or bank accounts of your users.
8:26
Having a password hashed, and
8:28
with b crypt in particular, means that hackers have a junk string.
8:33
They need to know the password to generate that string.
8:37
Each password is generated by a unique salt or random string.
8:41
A hacker would need to generate all possible passwords for
8:45
each hash in the database to determine each user's password.
8:49
This can take an almost infinite amount of time to do.
8:53
We've used npm to install a package in our project.
8:57
This is known as a local package, meaning it's local to the project.
9:02
We've included it in our application, and
9:04
we've used other people's programming to generate a hashed password.
9:08
Next we'll take a look at how to install a global package.

You need to sign up for Treehouse in order to download course files.

npm Basics

Installing Local Packages

Issues installing bcrypt?

Terminal Commands

npm Command Line Usage

Documentation

Sign in