Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

Preview

Start a free Courses trial
to watch this video

Sign up for Treehouse

Installing Local Packages

9:12 with Andrew Chalkley

There are two ways to install an npm package. In this video we'll take a look at the types of packages you'd include in a project you're coding.

Issues installing bcrypt?

If you are getting errors in the console while installing bcrypt, run npm install bcryptjs instead. Then require bcryptjs in app.js. For example:

var unsecurePlainTextPassword = "password";
var bcrypt = require('bcryptjs');

bcrypt.genSalt(10, function(err, salt) {
  bcrypt.hash(unsecurePlainTextPassword, salt, function(err, hash) {
    console.log(hash);
  });
});

Terminal Commands

  • Clear the screen
    • clear

npm Command Line Usage

  • See list of commands

    • npm

  • Get help for a command

    • npm <command> -h
    • e.g. npm install -h

  • Installing a package

    • npm install <package_name>
    • e.g. npm install bcrypt
    • e.g. with a flag npm install bcrypt --python=mySpecialPythonExecutable

Documentation

We found a package we want to use, bcrypt. 0:00 But how do we install it? 0:03 If you want to follow along you can either install this package on your computer or 0:04 you can launch the workspace for this video. 0:09 Since NPM is a command line tool, we'll spend most of our time in the console. 0:12 If you're working with MPM installed on your own computer, you'll use the command 0:17 prompts if you're a Windows user or the terminal application if you're on a Mac. 0:22 Let's make some space so we can see what we're doing. 0:26 Type npm, and this shows all possible commands that you can use with npm. 0:33 There is a command called install. 0:38 If you ever want any help on a command, type npm, 0:43 the command, and then -h. 0:47 As you can see, 0:54 there are several different ways to call the install command. 0:55 Npm install, npm install with the package name, mpm installed with the package and 0:59 git tag or version number, you can install it from another folder. 1:05 You can install it from a tarball file. 1:10 A tarball is a file former that combines multiple files into a single file. 1:13 This could be a file on your local computer or hosted remotely on a server. 1:19 Finally, you can install it via the git url or 1:25 even just by pointing to the git hook project for a particular git hook user. 1:28 You can use the clear command to clear out the console at any point. 1:34 We know the name of the package we want, and we want the latest version. 1:39 Because we always want the most up to date version of this package, 1:43 we don't need to include a version number. 1:47 So lets type mpm install bcrypt. 1:50 Mpm goes to the mpm online repository of packages. 1:58 And it asks for the latest version. 2:02 MPM downloads the package and installs it. 2:04 Unless there's any issues, which there is in this case. 2:08 B crypt depends on a version of python between these two versions. 2:12 In workspace, the version of python is 3.4.1. 2:17 However, the message, when we tried to install bcrypt, 2:27 said that we could use the Python flag. 2:33 This is so we can specify another version of Python. 2:37 In workspaces we have Python 2 installed as the python2 command. 2:43 We can use this with our python flag. 2:55 This time it installed successfully. 3:14 B crypt itself requires a couple other MPM packages as well, and 3:17 it installs them too. 3:21 Bindings and nam. 3:25 I have no idea what to do, and you don't need to worry about them either. 3:27 They're what B crypt needs, and that's good enough for me. 3:31 Node-gyp is a node module that helps node compile 3:35 other programming languages so it can be used by your node.js Java script code. 3:40 You may see something like this from time to time so so 3:46 don't get too startled when you see something like this. 3:48 Also flags like --python aren't that common either. 3:51 A lot of npm packages are just plain JavaScript. 3:55 It requires no compiling and no flags. 3:59 So where is the package installed? 4:02 Npm creates a special folder called node modules. 4:05 If we go to the file tree on the left and then right click and go down to refresh, 4:09 you'll see the node_modules folder, in the node_modules folder there's 4:15 a bcrypt folder and in there it contains all of the code the package requires. 4:20 You'll also see the center of the node_modules folder containing bcrypt 4:29 dependencies too. 4:33 In the upcoming version of npm, npm three, 4:35 all dependencies are put in the top level node modules folder. 4:39 You rarely need to do anything in these folders. 4:44 You may want to look at some of the source code if something is 4:47 really plaguing your project, but mostly you'll leave this alone and 4:49 let npm handle the contents of this folder. 4:54 You've installed the module on your computer or 4:57 workspace, but how do you include it in your JavaScript project? 5:00 A common usage for 5:04 bcrypt is to create secure strings of passwords to store in a database. 5:06 Why don't we use bcrypt to encrypt passwords? 5:11 We start be creating an @js file. 5:14 Let's create a hash for a string of password. 5:36 To learn how to use bcrypt we can either go to the packages page on npm, 5:52 its GitHub project repository, or if we're without the Internet, 5:56 we could look at the read me in the bcrypt folder. 6:01 Let's take a look at the recommended usage and copy the example code into our app.js. 6:06 Let's replace this string that resembles bacon with our unsecured plain 6:27 text password and go over what this does. 6:31 We used the required function with the name of the module to include 6:34 that module's code in our app.js file. 6:39 Notice how we're not including the file path to the bcrypt code. 6:42 There's a special file in the bcrypt folder called package.json. 6:47 This tells node which files to include when including this module. 6:53 In the package.json, there's a key of main and 6:58 the path to the file that we want to include. 7:01 In this case is the bcrypt.js file. 7:07 Then we use one of bcrypt's methods to generate a unique string or 7:17 salt, and we use that to generate another unique, 7:21 unrecognizable string or hash from the original password string. 7:25 Let's log this hash out. 7:31 In the command line, when we run node 7:41 app.js, We get a unique string, 7:46 a hash generated from our password and salt. 7:51 This course isn't about encrypting passwords or checking encrypted passwords. 7:57 However, if you are feeling adventurous, read the documentation to see how to 8:02 check a password against a generated hash like this one. 8:06 This is something that you'll want to do frequently. 8:10 Storing plain text passwords in a bad idea. 8:13 If your database is compromised by a security breach, a hacker can see them and 8:16 use the passwords to access email or bank accounts of your users. 8:21 Having a password hashed, and 8:26 with b crypt in particular, means that hackers have a junk string. 8:28 They need to know the password to generate that string. 8:33 Each password is generated by a unique salt or random string. 8:37 A hacker would need to generate all possible passwords for 8:41 each hash in the database to determine each user's password. 8:45 This can take an almost infinite amount of time to do. 8:49 We've used npm to install a package in our project. 8:53 This is known as a local package, meaning it's local to the project. 8:57 We've included it in our application, and 9:02 we've used other people's programming to generate a hashed password. 9:04 Next we'll take a look at how to install a global package. 9:08

You need to sign up for Treehouse in order to download course files.

Sign up