Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Preview
Start a free Courses trial
to watch this video
There are two ways to install an npm package. In this video we'll take a look at the types of packages you'd include in a project you're coding.
Issues installing bcrypt?
If you are getting errors in the console while installing bcrypt, run npm install bcryptjs instead. Then require bcryptjs in app.js. For example:
var unsecurePlainTextPassword = "password";
var bcrypt = require('bcryptjs');
bcrypt.genSalt(10, function(err, salt) {
bcrypt.hash(unsecurePlainTextPassword, salt, function(err, hash) {
console.log(hash);
});
});
Terminal Commands
- Clear the screen
clear
npm Command Line Usage
-
See list of commands
npm
-
Get help for a command
npm <command> -h- e.g.
npm install -h
-
Installing a package
-
npm install <package_name> - e.g.
npm install bcrypt - e.g. with a flag
npm install bcrypt --python=mySpecialPythonExecutable
-
Documentation
We found a package we want to use, bcrypt.
0:00
But how do we install it?
0:03
If you want to follow along you can either
install this package on your computer or
0:04
you can launch the workspace for
this video.
0:09
Since NPM is a command line tool, we'll
spend most of our time in the console.
0:12
If you're working with MPM installed on
your own computer, you'll use the command
0:17
prompts if you're a Windows user or the
terminal application if you're on a Mac.
0:22
Let's make some space so
we can see what we're doing.
0:26
Type npm, and this shows all possible
commands that you can use with npm.
0:33
There is a command called install.
0:38
If you ever want any help on a command,
type npm,
0:43
the command, and then -h.
0:47
As you can see,
0:54
there are several different ways
to call the install command.
0:55
Npm install, npm install with the package
name, mpm installed with the package and
0:59
git tag or version number,
you can install it from another folder.
1:05
You can install it from a tarball file.
1:10
A tarball is a file former that combines
multiple files into a single file.
1:13
This could be a file on your local
computer or hosted remotely on a server.
1:19
Finally, you can install
it via the git url or
1:25
even just by pointing to the github
project for a particular github user.
1:28
You can use the clear command to
clear out the console at any point.
1:34
We know the name of the package we want,
and we want the latest version.
1:39
Because we always want the most up
to date version of this package,
1:43
we don't need to include a version number.
1:47
So lets type mpm install bcrypt.
1:50
Mpm goes to the mpm online
repository of packages.
1:58
And it asks for the latest version.
2:02
MPM downloads the package and installs it.
2:04
Unless there's any issues,
which there is in this case.
2:08
B crypt depends on a version of
python between these two versions.
2:12
In workspace,
the version of python is 3.4.1.
2:17
However, the message,
when we tried to install bcrypt,
2:27
said that we could use the Python flag.
2:33
This is so
we can specify another version of Python.
2:37
In workspaces we have Python 2
installed as the python2 command.
2:43
We can use this with our python flag.
2:55
This time it installed successfully.
3:14
B crypt itself requires a couple
other MPM packages as well, and
3:17
it installs them too.
3:21
Bindings and nam.
3:25
I have no idea what to do, and
you don't need to worry about them either.
3:27
They're what B crypt needs,
and that's good enough for me.
3:31
Node-gyp is a node module
that helps node compile
3:35
other programming languages so it can be
used by your node.js Java script code.
3:40
You may see something like
this from time to time so so
3:46
don't get too startled when
you see something like this.
3:48
Also flags like --python
aren't that common either.
3:51
A lot of npm packages
are just plain JavaScript.
3:55
It requires no compiling and no flags.
3:59
So where is the package installed?
4:02
Npm creates a special
folder called node modules.
4:05
If we go to the file tree on the left and
then right click and go down to refresh,
4:09
you'll see the node_modules folder,
in the node_modules folder there's
4:15
a bcrypt folder and in there it contains
all of the code the package requires.
4:20
You'll also see the center of
the node_modules folder containing bcrypt
4:29
dependencies too.
4:33
In the upcoming version of npm, npm three,
4:35
all dependencies are put in
the top level node modules folder.
4:39
You rarely need to do
anything in these folders.
4:44
You may want to look at some of
the source code if something is
4:47
really plaguing your project, but
mostly you'll leave this alone and
4:49
let npm handle the contents
of this folder.
4:54
You've installed the module
on your computer or
4:57
workspace, but how do you include
it in your JavaScript project?
5:00
A common usage for
5:04
bcrypt is to create secure strings
of passwords to store in a database.
5:06
Why don't we use bcrypt
to encrypt passwords?
5:11
We start be creating an @js file.
5:14
Let's create a hash for
a string of password.
5:36
To learn how to use bcrypt we can
either go to the packages page on npm,
5:52
its GitHub project repository, or
if we're without the Internet,
5:56
we could look at the read
me in the bcrypt folder.
6:01
Let's take a look at the recommended usage
and copy the example code into our app.js.
6:06
Let's replace this string that resembles
bacon with our unsecured plain
6:27
text password and go over what this does.
6:31
We used the required function with
the name of the module to include
6:34
that module's code in our app.js file.
6:39
Notice how we're not including
the file path to the bcrypt code.
6:42
There's a special file in the bcrypt
folder called package.json.
6:47
This tells node which files to
include when including this module.
6:53
In the package.json,
there's a key of main and
6:58
the path to the file
that we want to include.
7:01
In this case is the bcrypt.js file.
7:07
Then we use one of bcrypt's methods
to generate a unique string or
7:17
salt, and
we use that to generate another unique,
7:21
unrecognizable string or
hash from the original password string.
7:25
Let's log this hash out.
7:31
In the command line, when we run node
7:41
app.js, We get a unique string,
7:46
a hash generated from our password and
salt.
7:51
This course isn't about encrypting
passwords or checking encrypted passwords.
7:57
However, if you are feeling adventurous,
read the documentation to see how to
8:02
check a password against
a generated hash like this one.
8:06
This is something that you'll
want to do frequently.
8:10
Storing plain text
passwords in a bad idea.
8:13
If your database is compromised by a
security breach, a hacker can see them and
8:16
use the passwords to access email or
bank accounts of your users.
8:21
Having a password hashed, and
8:26
with b crypt in particular,
means that hackers have a junk string.
8:28
They need to know the password
to generate that string.
8:33
Each password is generated by
a unique salt or random string.
8:37
A hacker would need to generate
all possible passwords for
8:41
each hash in the database to
determine each user's password.
8:45
This can take an almost
infinite amount of time to do.
8:49
We've used npm to install
a package in our project.
8:53
This is known as a local package,
meaning it's local to the project.
8:57
We've included it in our application, and
9:02
we've used other people's programming
to generate a hashed password.
9:04
Next we'll take a look at how
to install a global package.
9:08
You need to sign up for Treehouse in order to download course files.
Sign up