Bummer! This is just a preview. You need to be signed in with a Basic account to view the entire video.
Start a free Basic trial
to watch this video
There are two ways to install an npm package. In this video we'll take a look at the types of packages you'd include in a project you're coding.
Issues installing bcrypt?
If you are getting errors in the console while installing bcrypt, run npm install bcryptjs
instead. Then require bcryptjs
in app.js. For example:
var unsecurePlainTextPassword = "password";
var bcrypt = require('bcryptjs');
bcrypt.genSalt(10, function(err, salt) {
bcrypt.hash(unsecurePlainTextPassword, salt, function(err, hash) {
console.log(hash);
});
});
Terminal Commands
- Clear the screen
clear
npm Command Line Usage
-
See list of commands
npm
-
Get help for a command
npm <command> -h
- e.g.
npm install -h
-
Installing a package
-
npm install <package_name>
- e.g.
npm install bcrypt
- e.g. with a flag
npm install bcrypt --python=mySpecialPythonExecutable
-
Documentation
-
0:00
We found a package we want to use, bcrypt.
-
0:03
But how do we install it?
-
0:04
If you want to follow along you can either install this package on your computer or
-
0:09
you can launch the workspace for this video.
-
0:12
Since NPM is a command line tool, we'll spend most of our time in the console.
-
0:17
If you're working with MPM installed on your own computer, you'll use the command
-
0:22
prompts if you're a Windows user or the terminal application if you're on a Mac.
-
0:26
Let's make some space so we can see what we're doing.
-
0:33
Type npm, and this shows all possible commands that you can use with npm.
-
0:38
There is a command called install.
-
0:43
If you ever want any help on a command, type npm,
-
0:47
the command, and then -h.
-
0:54
As you can see,
-
0:55
there are several different ways to call the install command.
-
0:59
Npm install, npm install with the package name, mpm installed with the package and
-
1:05
git tag or version number, you can install it from another folder.
-
1:10
You can install it from a tarball file.
-
1:13
A tarball is a file former that combines multiple files into a single file.
-
1:19
This could be a file on your local computer or hosted remotely on a server.
-
1:25
Finally, you can install it via the git url or
-
1:28
even just by pointing to the git hook project for a particular git hook user.
-
1:34
You can use the clear command to clear out the console at any point.
-
1:39
We know the name of the package we want, and we want the latest version.
-
1:43
Because we always want the most up to date version of this package,
-
1:47
we don't need to include a version number.
-
1:50
So lets type mpm install bcrypt.
-
1:58
Mpm goes to the mpm online repository of packages.
-
2:02
And it asks for the latest version.
-
2:04
MPM downloads the package and installs it.
-
2:08
Unless there's any issues, which there is in this case.
-
2:12
B crypt depends on a version of python between these two versions.
-
2:17
In workspace, the version of python is 3.4.1.
-
2:27
However, the message, when we tried to install bcrypt,
-
2:33
said that we could use the Python flag.
-
2:37
This is so we can specify another version of Python.
-
2:43
In workspaces we have Python 2 installed as the python2 command.
-
2:55
We can use this with our python flag.
-
3:14
This time it installed successfully.
-
3:17
B crypt itself requires a couple other MPM packages as well, and
-
3:21
it installs them too.
-
3:25
Bindings and nam.
-
3:27
I have no idea what to do, and you don't need to worry about them either.
-
3:31
They're what B crypt needs, and that's good enough for me.
-
3:35
Node-gyp is a node module that helps node compile
-
3:40
other programming languages so it can be used by your node.js Java script code.
-
3:46
You may see something like this from time to time so so
-
3:48
don't get too startled when you see something like this.
-
3:51
Also flags like --python aren't that common either.
-
3:55
A lot of npm packages are just plain JavaScript.
-
3:59
It requires no compiling and no flags.
-
4:02
So where is the package installed?
-
4:05
Npm creates a special folder called node modules.
-
4:09
If we go to the file tree on the left and then right click and go down to refresh,
-
4:15
you'll see the node_modules folder, in the node_modules folder there's
-
4:20
a bcrypt folder and in there it contains all of the code the package requires.
-
4:29
You'll also see the center of the node_modules folder containing bcrypt
-
4:33
dependencies too.
-
4:35
In the upcoming version of npm, npm three,
-
4:39
all dependencies are put in the top level node modules folder.
-
4:44
You rarely need to do anything in these folders.
-
4:47
You may want to look at some of the source code if something is
-
4:49
really plaguing your project, but mostly you'll leave this alone and
-
4:54
let npm handle the contents of this folder.
-
4:57
You've installed the module on your computer or
-
5:00
workspace, but how do you include it in your JavaScript project?
-
5:04
A common usage for
-
5:06
bcrypt is to create secure strings of passwords to store in a database.
-
5:11
Why don't we use bcrypt to encrypt passwords?
-
5:14
We start be creating an @js file.
-
5:36
Let's create a hash for a string of password.
-
5:52
To learn how to use bcrypt we can either go to the packages page on npm,
-
5:56
its GitHub project repository, or if we're without the Internet,
-
6:01
we could look at the read me in the bcrypt folder.
-
6:06
Let's take a look at the recommended usage and copy the example code into our app.js.
-
6:27
Let's replace this string that resembles bacon with our unsecured plain
-
6:31
text password and go over what this does.
-
6:34
We used the required function with the name of the module to include
-
6:39
that module's code in our app.js file.
-
6:42
Notice how we're not including the file path to the bcrypt code.
-
6:47
There's a special file in the bcrypt folder called package.json.
-
6:53
This tells node which files to include when including this module.
-
6:58
In the package.json, there's a key of main and
-
7:01
the path to the file that we want to include.
-
7:07
In this case is the bcrypt.js file.
-
7:17
Then we use one of bcrypt's methods to generate a unique string or
-
7:21
salt, and we use that to generate another unique,
-
7:25
unrecognizable string or hash from the original password string.
-
7:31
Let's log this hash out.
-
7:41
In the command line, when we run node
-
7:46
app.js, We get a unique string,
-
7:51
a hash generated from our password and salt.
-
7:57
This course isn't about encrypting passwords or checking encrypted passwords.
-
8:02
However, if you are feeling adventurous, read the documentation to see how to
-
8:06
check a password against a generated hash like this one.
-
8:10
This is something that you'll want to do frequently.
-
8:13
Storing plain text passwords in a bad idea.
-
8:16
If your database is compromised by a security breach, a hacker can see them and
-
8:21
use the passwords to access email or bank accounts of your users.
-
8:26
Having a password hashed, and
-
8:28
with b crypt in particular, means that hackers have a junk string.
-
8:33
They need to know the password to generate that string.
-
8:37
Each password is generated by a unique salt or random string.
-
8:41
A hacker would need to generate all possible passwords for
-
8:45
each hash in the database to determine each user's password.
-
8:49
This can take an almost infinite amount of time to do.
-
8:53
We've used npm to install a package in our project.
-
8:57
This is known as a local package, meaning it's local to the project.
-
9:02
We've included it in our application, and
-
9:04
we've used other people's programming to generate a hashed password.
-
9:08
Next we'll take a look at how to install a global package.
You need to sign up for Treehouse in order to download course files.
Sign up