This course will be retired on April 9, 2022. We recommend "npm Basics" for up-to-date content.

Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

Preview

Start a free Courses trial
to watch this video

Sign up for Treehouse

Installing Local Packages

9:12 with Andrew Chalkley

There are two ways to install an npm package. In this video we'll take a look at the types of packages you'd include in a project you're coding.

Issues installing bcrypt?

If you are getting errors in the console while installing bcrypt, run npm install bcryptjs instead. Then require bcryptjs in app.js. For example:

var unsecurePlainTextPassword = "password";
var bcrypt = require('bcryptjs');

bcrypt.genSalt(10, function(err, salt) {
  bcrypt.hash(unsecurePlainTextPassword, salt, function(err, hash) {
    console.log(hash);
  });
});

Terminal Commands

  • Clear the screen
    • clear

npm Command Line Usage

  • See list of commands

    • npm

  • Get help for a command

    • npm <command> -h
    • e.g. npm install -h

  • Installing a package

    • npm install <package_name>
    • e.g. npm install bcrypt
    • e.g. with a flag npm install bcrypt --python=mySpecialPythonExecutable

Documentation

We found a package we want to use, bcrypt. 0:00
But how do we install it? 0:03
If you want to follow along you can either install this package on your computer or 0:04
you can launch the workspace for this video. 0:09
Since NPM is a command line tool, we'll spend most of our time in the console. 0:12
If you're working with npm installed on your own computer, you'll use the command 0:17
prompts if you're a Windows user or the terminal application if you're on a Mac. 0:22
Let's make some space so we can see what we're doing. 0:26
Type npm, and this shows all possible commands that you can use with npm. 0:33
There is a command called install. 0:38
If you ever want any help on a command, type npm, 0:43
the command, and then -h. 0:47
As you can see, 0:54
there are several different ways to call the install command. 0:55
Npm install, npm install with the package name, npm installed with the package and 0:59
git tag or version number, you can install it from another folder. 1:05
You can install it from a tarball file. 1:10
A tarball is a file former that combines multiple files into a single file. 1:13
This could be a file on your local computer or hosted remotely on a server. 1:19
Finally, you can install it via the git url or 1:25
even just by pointing to the github project for a particular github user. 1:28
You can use the clear command to clear out the console at any point. 1:34
We know the name of the package we want, and we want the latest version. 1:39
Because we always want the most up to date version of this package, 1:43
we don't need to include a version number. 1:47
So lets type npm install bcrypt. 1:50
npm goes to the npm online repository of packages. 1:58
And it asks for the latest version. 2:02
npm downloads the package and installs it. 2:04
Unless there's any issues, which there is in this case. 2:08
B crypt depends on a version of python between these two versions. 2:12
In workspace, the version of python is 3.4.1. 2:17
However, the message, when we tried to install bcrypt, 2:27
said that we could use the Python flag. 2:33
This is so we can specify another version of Python. 2:37
In workspaces we have Python 2 installed as the python2 command. 2:43
We can use this with our python flag. 2:55
This time it installed successfully. 3:14
B crypt itself requires a couple other npm packages as well, and 3:17
it installs them too. 3:21
Bindings and nam. 3:25
I have no idea what to do, and you don't need to worry about them either. 3:27
They're what B crypt needs, and that's good enough for me. 3:31
Node-gyp is a node module that helps node compile 3:35
other programming languages so it can be used by your node.js Java script code. 3:40
You may see something like this from time to time so so 3:46
don't get too startled when you see something like this. 3:48
Also flags like --python aren't that common either. 3:51
A lot of npm packages are just plain JavaScript. 3:55
It requires no compiling and no flags. 3:59
So where is the package installed? 4:02
Npm creates a special folder called node modules. 4:05
If we go to the file tree on the left and then right click and go down to refresh, 4:09
you'll see the node_modules folder, in the node_modules folder there's 4:15
a bcrypt folder and in there it contains all of the code the package requires. 4:20
You'll also see the center of the node_modules folder containing bcrypt 4:29
dependencies too. 4:33
In the upcoming version of npm, npm three, 4:35
all dependencies are put in the top level node modules folder. 4:39
You rarely need to do anything in these folders. 4:44
You may want to look at some of the source code if something is 4:47
really plaguing your project, but mostly you'll leave this alone and 4:49
let npm handle the contents of this folder. 4:54
You've installed the module on your computer or 4:57
workspace, but how do you include it in your JavaScript project? 5:00
A common usage for 5:04
bcrypt is to create secure strings of passwords to store in a database. 5:06
Why don't we use bcrypt to encrypt passwords? 5:11
We start be creating an @js file. 5:14
Let's create a hash for a string of password. 5:36
To learn how to use bcrypt we can either go to the packages page on npm, 5:52
its GitHub project repository, or if we're without the Internet, 5:56
we could look at the read me in the bcrypt folder. 6:01
Let's take a look at the recommended usage and copy the example code into our app.js. 6:06
Let's replace this string that resembles bacon with our unsecured plain 6:27
text password and go over what this does. 6:31
We used the required function with the name of the module to include 6:34
that module's code in our app.js file. 6:39
Notice how we're not including the file path to the bcrypt code. 6:42
There's a special file in the bcrypt folder called package.json. 6:47
This tells node which files to include when including this module. 6:53
In the package.json, there's a key of main and 6:58
the path to the file that we want to include. 7:01
In this case is the bcrypt.js file. 7:07
Then we use one of bcrypt's methods to generate a unique string or 7:17
salt, and we use that to generate another unique, 7:21
unrecognizable string or hash from the original password string. 7:25
Let's log this hash out. 7:31
In the command line, when we run node 7:41
app.js, We get a unique string, 7:46
a hash generated from our password and salt. 7:51
This course isn't about encrypting passwords or checking encrypted passwords. 7:57
However, if you are feeling adventurous, read the documentation to see how to 8:02
check a password against a generated hash like this one. 8:06
This is something that you'll want to do frequently. 8:10
Storing plain text passwords in a bad idea. 8:13
If your database is compromised by a security breach, a hacker can see them and 8:16
use the passwords to access email or bank accounts of your users. 8:21
Having a password hashed, and 8:26
with b crypt in particular, means that hackers have a junk string. 8:28
They need to know the password to generate that string. 8:33
Each password is generated by a unique salt or random string. 8:37
A hacker would need to generate all possible passwords for 8:41
each hash in the database to determine each user's password. 8:45
This can take an almost infinite amount of time to do. 8:49
We've used npm to install a package in our project. 8:53
This is known as a local package, meaning it's local to the project. 8:57
We've included it in our application, and 9:02
we've used other people's programming to generate a hashed password. 9:04
Next we'll take a look at how to install a global package. 9:08

You need to sign up for Treehouse in order to download course files.

Sign up