This course will be retired on April 9, 2022. We recommend "npm Basics" for up-to-date content.

Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

Preview

Start a free Courses trial
to watch this video

Sign up for Treehouse

Managing Dependencies in the package.json File

13:33 with Andrew Chalkley

A package.json file is the standard way to manage your dependencies in a project. In this video you'll learn how to create your first package.json file.

Terminal Commands

  • Clear the screen
    • clear

npm Command Line Usage

  • Get help for a command

    • npm <command> -h
    • e.g. npm init -h

  • Initializing a package.json file

    • npm init
    • npm help json for what each of the fields in the package.json does

  • Installing an npm Package as a dependency

    • npm install colors --save

  • Installing an npm Package as a development dependency

    • npm install mocha --save-dev

  • Install all packages specified in your package.json

    • npm install <flags>
    • e.g. npm install
    • e.g. npm install --python=python2

  • Running npm in a production environment

    • NODE_ENV=production npm install

Git Usage

To ignore files create a .gitignore and add the files and folders you want to ignore.

Example .gitignore file:

node_modules/
.DS_Store
config/database.yml

As you create a project that uses NPM modules, you'll find that your 0:00
node_modules folder is filling up with megabytes of package files. 0:04
That's fine, you're using those files in your project. 0:08
However, what if you want to share your projects on GitHub or 0:11
simply use Git to manage your project? 0:14
You certainly don't want to upload all of those packages to your GitHub account. 0:17
You also don't need Git to keep track of those files. 0:21
After all, you will be editing those package files yourself. 0:24
In addition, you'll also want to wait to make sure your packages stay up to date. 0:28
Sure, you could update each package by hand by using npm. 0:33
But there's a simpler way to keep track of your packages and their versions. 0:37
We often refer to this as Managing Package Dependency. 0:40
With JavaScript projects, 0:44
we use a file in the root of the project called package.json. 0:46
This is what npm uses to manage all the dependencies for the project. 0:51
Let me show you how to create that file. 0:55
We're back in our password project, and I'm happy with bcrypt. 0:58
I want to make sure that my other colleagues and 1:02
I use the same version when we're working on the project. 1:05
Instead of manually creating the package.json file, 1:09
we can use npm's init command. 1:13
Hit Enter, and it says this. 1:19
This utility will walk you through creating a package.json file. 1:21
It covers the most common items and tries to guest sensible defaults. 1:27
See npm help json for definitive documentation on these fields and 1:32
exactly what they do. 1:36
Use npm install package name --save afterwards to 1:38
install a package and save it as a dependency to the package.json file. 1:43
Okay, let's remember that --save flag for later. 1:49
That'll come in useful when we're adding additional modules to the project. 1:52
Now the first question is the name of the project. 1:56
By default is suggested the folder we're currently in. 1:59
That's what in these brackets, the default value. 2:03
And if you don't put anything in, npm will use that. 2:06
Let's call this something more descriptive, like hash_generator. 2:10
Hit Enter and we'll do 0.0.1 as our version number. 2:19
The description, 2:24
A password hash generator. 2:28
And the entry point, app.js is fine, so I'm just going to hit Enter. 2:35
The test command whether we have any tests for our project. 2:41
If you're going to create a project professionally you should really have 2:43
tests. 2:47
Tests are a way to ensure your code works and can handle each case scenarios. 2:48
We don't have a git repository at the moment, 2:53
we'll have to manually add that to our package.json file later on. 2:55
Keywords are used to aid people to find your project when searching on npm. 3:00
But this is a private project, so we don't need it. 3:06
And for author you can put in your name there. 3:08
So I'm just gonna put Andrew Chalkley, and 3:12
now any appropriate open source license here. 3:15
I'm going to use MIT. 3:20
Including a license in your project helps other people understand how they can use 3:22
your code in their project. 3:26
MIT is a common license used for open source projects. 3:28
Some examples of projects that are under the MIT license are jQuery and 3:31
Ruby on Rails. 3:37
And if everything looks okay, press Enter. 3:38
Now this has created a package.json file. 3:41
Let's take a look inside. 3:45
It's included all of the information we inputted, and 3:50
it's looked in the node modules folder and has found that there's the bcrypt module. 3:52
And it's included that as a dependency for our project. 3:57
How about another dependency? 4:01
How do we add that to the package.json file? 4:03
Instead of adding it manually, let's let npm do that for us. 4:07
I want to add some color to my program. 4:10
I want the generated hash to show up in green in the console. 4:13
I know that there's an npm module called Colors, 4:17
that lets you add colors to your command line applications. 4:19
To install it, we type, 4:23
npm install colors --save. 4:29
Remember when we did the npm init command? 4:36
It said that we could use the save flag for it to get saved as the dependency and 4:39
update the package.json file. 4:44
Hit Enter and we see that colors is being added to our package.json file. 4:48
You may see warning messages like this when you install packages. 4:56
Warnings are not errors. 5:00
Errors are things that would prevent your code from working. 5:02
Because we didn't include a Git-repo or 5:05
a README file, it's bugging us to create one. 5:08
For now we can ignore it. 5:11
Let's include colors in our project. 5:13
Open up our app.js file. 5:17
We need to require the colors module. 5:20
Inside the console.log method, we can add the .green 5:30
property at the end of the hash stream to make the color of the output, 5:34
when we call the console.log method, green. 5:38
Let's run node app.js. 5:47
Awesome. 5:52
Our hash is green. 5:52
The package.json file makes it easy to install node modules used by our project, 5:54
even if you haven't already installed those modules. 6:00
This is useful when sharing your project. 6:03
For example, you don't want to put all 6:06
of the many modules used by your projects up on GitHub. 6:08
Because that wastes just space and updated versions of the module maybe available. 6:12
In other words, if we put this project on GitHub we should include the package.json 6:16
file but not the node_modules folder. 6:21
There's a file that you can create that will instruct Git 6:24
to ignore files and folders and that's a .gitignore file. 6:29
In there you would just add the path to the file or folder you want to ignore. 6:42
In this case it's node modules. 6:48
Since I can't edit it in workspaces, I can just rename this to .txt. 6:50
And type what I want in it. 7:00
And then rename it back 7:03
Imagine we've cloned the project from a GitHub Repo, and 7:11
we don't have the node_modules folder. 7:15
Let's delete the node_modules folder to replicate that scenario. 7:19
When we run our app now, it says it can't find the module colors. 7:25
That's because it's no longer in the project folder. 7:33
Let's install the packages. 7:37
You could do this by manually adding each module 7:39
using the npm install followed by the module name. 7:42
However, if you have a lot of modules in a project that would be a lot of work. 7:45
There's a much easier way, remember the first usage of the npm install 7:51
command was just npm install, where you don't specify a package. 7:56
Well, npm will look for the package.json file and 8:01
install all the dependencies it specifies. 8:05
Remember we had to include a build flag for our bcrypt module. 8:09
So in this case we just need to include 8:14
--python=python2 on any of the device that has Python 2 installed. 8:18
Or if your packages don't require it, you don't need to include a flag, or 8:23
you can just do npm install. 8:27
And let's see if our project now works. 8:30
Yes, it does. 8:36
And there's our generated password. 8:37
Finally, there's another type of dependency, a development or 8:40
dev dependency. 8:43
There dependencies aren't needed for the application to run, but 8:45
are used as you work on your project. 8:48
A good example of a development dependency is a test framework. 8:51
The reason why you'd want to list this module as a development dependency is to 8:54
reduce the amount of unneeded files in production. 8:58
For example, if you have a website, 9:01
you may have testing in your development environment. 9:03
But you don't need that test framework once it's deployed. 9:06
When you deploy your code, you can just use npm install. 9:09
And it will install the dependencies it needs for your project to run. 9:12
A popular test framework in JavaScript is Mocha. 9:16
To add this as a DEV dependency, 9:19
we'll type npm install mocha --save-dev. 9:23
Take a look at the package.json file now, And 9:34
you'll see there's a devDependencies key, and there's mocha there now. 9:40
Sweet. 9:45
Without going in depth on what's involved with testing, 9:46
let's see how we can use mocha in our development environment. 9:49
Remember, mocha is now installed in this environment. 9:54
So we can now use it. 9:57
When we first created our package.json file we were asked about our tests. 9:59
We can now fill that in. 10:04
The mocha package installs a mocha command that can be utilized by npm. 10:06
We can replace this with just mocha. 10:12
We can get npm to run our mocha command by using npm test. 10:16
But before we do, mocha requires a test folder. 10:21
So let's create that. 10:24
Let's use the npm test command and hit Enter. 10:36
And it says no tests are passing. 10:41
Because we have no tests. 10:44
Once again, this course is about npm and not testing. 10:46
However, if you're interested you can check out the mocha website. 10:50
Let's delete the node modules folder again, And 10:54
play out the two scenarios of installing your dev environment or your production. 11:01
Let's try npm.install and see what it does by default. 11:06
Notice how mocha is in the node_modules folder. 11:32
That's because by default npm believes that an environment is a development 11:37
environment and not a production one which is sensible when you think about it. 11:42
There's probably more developers working on a project in development 11:46
than there are projects running in production in the wild. 11:51
Let's delete the node_modules folder again. 11:55
Now, how do we set the environment? 11:58
With command line applications you can include 12:00
environment variables before the command you're executing. 12:03
We can set NODE_ENV, 12:07
Which means the node environment, to =production, followed by npm install. 12:13
And this will only install the dependencies it needs to run, 12:27
not the dev dependencies. 12:31
Notice now mocha isn't installed, just bcrypt and colors. 12:39
There are more ways to set environment variables, but 12:45
this is one of the easiest to do to test it on your local machine. 12:48
In a company, there are system administrators who 12:54
deal with this end of things when deploying applications. 12:56
As a developer, it's just important to know that there are these variables set on 13:00
a machine which can influence how an application is run. 13:05
In this case, npm will install the required dependencies and 13:09
not dev dependencies. 13:12
There you have it. 13:15
You've installed packages both globally, for modules that you want to use anywhere 13:15
on your system, and locally, for modules that you want to use in a single project. 13:20
You've also used a package.json file to manage dependencies for 13:25
your application to run and to help in development. 13:29
Well done. 13:32

You need to sign up for Treehouse in order to download course files.

Sign up