Managing Dependencies in the package.json File

As you create a project that uses MPM modules, you'll find that your 0:00 node_modules folder is filling up with megabytes of package files. 0:04 That's fine, you're using those files in your project. 0:08 However, what if you want to share your projects on GitHub or 0:11 simply use Git to manage your project? 0:14 You certainly don't want to upload all of those packages to your GitHub account. 0:17 You also don't need Git to keep track of those files. 0:21 After all, you will be editing those package files yourself. 0:24 In addition, you'll also want to wait to make sure your packages stay up to date. 0:28 Sure, you could update each package by hand by using npm. 0:33 But there's a simpler way to keep track of your packages and their versions. 0:37 We often refer to this as Managing Package Dependency. 0:40 With JavaScript projects, 0:44 we use a file in the root of the project called package.json. 0:46 This is what npm uses to manage all the dependencies for the project. 0:51 Let me show you how to create that file. 0:55 We're back in our password project, and I'm happy with bcrypt. 0:58 I want to make sure that my other colleagues and 1:02 I use the same version when we're working on the project. 1:05 Instead of manually creating the package.json file, 1:09 we can use npm's init command. 1:13 Hit Enter, and it says this. 1:19 This utility will walk you through creating a package.json file. 1:21 It covers the most common items and tries to guest sensible defaults. 1:27 See npm help json for definitive documentation on these fields and 1:32 exactly what they do. 1:36 Use npm install package name --save afterwards to 1:38 install a package and save it as a dependency to the package.json file. 1:43 Okay, let's remember that --save flag for later. 1:49 That'll come in useful when we're adding additional modules to the project. 1:52 Now the first question is the name of the project. 1:56 By default is suggested the folder we're currently in. 1:59 That's what in these brackets, the default value. 2:03 And if you don't put anything in, npm will use that. 2:06 Let's call this something more descriptive, like hash_generator. 2:10 Hit Enter and we'll do 0.0.1 as our version number. 2:19 The description, 2:24 A password hash generator. 2:28 And the entry point, app.js is fine, so I'm just going to hit Enter. 2:35 The test command whether we have any tests for our project. 2:41 If you're going to create a project professionally you should really have 2:43 tests. 2:47 Tests are a way to ensure your code works and can handle each case scenarios. 2:48 We don't have a git repository at the moment, 2:53 we'll have to manually add that to our package.json file later on. 2:55 Keywords are used to aid people to find your project when searching on npm. 3:00 But this is a private project, so we don't need it. 3:06 And for author you can put in your name there. 3:08 So I'm just gonna put Andrew Chalkley, and 3:12 now any appropriate open source license here. 3:15 I'm going to use MIT. 3:20 Including a license in your project helps other people understand how they can use 3:22 your code in their project. 3:26 MIT is a common license used for open source projects. 3:28 Some examples of projects that are under the MIT license are jQuery and 3:31 Ruby on Rails. 3:37 And if everything looks okay, press Enter. 3:38 Now this has created a package.json file. 3:41 Let's take a look inside. 3:45 It's included all of the information we inputted, and 3:50 it's looked in the node modules folder and has found that there's the bcrypt module. 3:52 And it's included that as a dependency for our project. 3:57 How about another dependency? 4:01 How do we add that to the package.json file? 4:03 Instead of adding it manually, let's let npm do that for us. 4:07 I want to add some color to my program. 4:10 I want the generated hash to show up in green in the console. 4:13 I know that there's an npm module called Colors, 4:17 that lets you add colors to your command line applications. 4:19 To install it, we type, 4:23 npm install colors --save. 4:29 Remember when we did the npm init command? 4:36 It said that we could use the save flag for it to get saved as the dependency and 4:39 update the package.json file. 4:44 Hit Enter and we see that colors is being added to our package.json file. 4:48 You may see warning messages like this when you install packages. 4:56 Warnings are not errors. 5:00 Errors are things that would prevent your code from working. 5:02 Because we didn't include a Git-repo or 5:05 a README file, it's bugging us to create one. 5:08 For now we can ignore it. 5:11 Let's include colors in our project. 5:13 Open up our app.js file. 5:17 We need to require the colors module. 5:20 Inside the console.log method, we can add the .green 5:30 property at the end of the hash stream to make the color of the output, 5:34 when we call the console.log method, green. 5:38 Let's run node app.js. 5:47 Awesome. 5:52 Our hash is green. 5:52 The package.json file makes it easy to install node modules used by our project, 5:54 even if you haven't already installed those modules. 6:00 This is useful when sharing your project. 6:03 For example, you don't want to put all 6:06 of the many modules used by your projects up on GitHub. 6:08 Because that wastes just space and updated versions of the module maybe available. 6:12 In other words, if we put this project on GitHub we should include the package.json 6:16 file but not the node_modules folder. 6:21 There's a file that you can create that will instruct Git 6:24 to ignore files and folders and that's a .gitignore file. 6:29 In there you would just add the path to the file or folder you want to ignore. 6:42 In this case it's node modules. 6:48 Since I can't edit it in workspaces, I can just rename this to .txt. 6:50 And type what I want in it. 7:00 And then rename it back 7:03 Imagine we've cloned the project from a GitHub Repo, and 7:11 we don't have the node_modules folder. 7:15 Let's delete the node_modules folder to replicate that scenario. 7:19 When we run our app now, it says it can't find the module colors. 7:25 That's because it's no longer in the project folder. 7:33 Let's install the packages. 7:37 You could do this by manually adding each module 7:39 using the npm install followed by the module name. 7:42 However, if you have a lot of modules in a project that would be a lot of work. 7:45 There's a much easier way, remember the first usage of the npm install 7:51 command was just npm install, where you don't specify a package. 7:56 Well, npm will look for the package.json file and 8:01 install all the dependencies it specifies. 8:05 Remember we had to include a build flag for our bcrypt module. 8:09 So in this case we just need to include 8:14 --python=python2 on any of the device that has Python 2 installed. 8:18 Or if your packages don't require it, you don't need to include a flag, or 8:23 you can just do npm install. 8:27 And let's see if our project now works. 8:30 Yes, it does. 8:36 And there's our generated password. 8:37 Finally, there's another type of dependency, a development or 8:40 dev dependency. 8:43 There dependencies aren't needed for the application to run, but 8:45 are used as you work on your project. 8:48 A good example of a development dependency is a test framework. 8:51 The reason why you'd want to list this module as a development dependency is to 8:54 reduce the amount of unneeded files in production. 8:58 For example, if you have a website, 9:01 you may have testing in your development environment. 9:03 But you don't need that test for a MAC once it's deployed. 9:06 When you deploy your code, you can just use npm install. 9:09 And it will install the dependencies it needs for your project to run. 9:12 A popular test framework in JavaScript is Mocha. 9:16 To add this as a DEV dependency, 9:19 we'll type npm install mocha --save-dev. 9:23 Take a look at the package.json file now, And 9:34 you'll see there's a devDependencies key, and there's mocha there now. 9:40 Sweet. 9:45 Without going in depth on what's involved with testing, 9:46 let's see how we can use mocha in our development environment. 9:49 Remember, mocha is now installed in this environment. 9:54 So we can now use it. 9:57 When we first created our package.json file we were asked about our tests. 9:59 We can now fill that in. 10:04 The mocha package installs a mocha command that can be utilized by npm. 10:06 We can replace this with just mocha. 10:12 We can get npm to run our mocha command by using npm test. 10:16 But before we do, mocha requires a test folder. 10:21 So let's create that. 10:24 Let's use the npm test command and hit Enter. 10:36 And it says no tests are passing. 10:41 Because we have no tests. 10:44 Once again, this course is about npm and not testing. 10:46 However, if you're interested you can check out the mocha website. 10:50 Let's delete the node modules folder again, And 10:54 play out the two scenarios of installing your dev environment or your production. 11:01 Let's try npm.install and see what it does by default. 11:06 Notice how mocha is in the node_modules folder. 11:32 That's because by default npm believes that an environment is a development 11:37 environment and not a production one which is sensible when you think about it. 11:42 There's probably more developers working on a project in development 11:46 than there are projects running in production in the wild. 11:51 Let's delete the node_modules folder again. 11:55 Now, how do we set the environment? 11:58 With command line applications you can include 12:00 environment variables before the command you're executing. 12:03 We can set NODE_ENV, 12:07 Which means the node environment, to =production, followed by npm install. 12:13 And this will only install the dependencies it needs to run, 12:27 not the dev dependencies. 12:31 Notice now mocha isn't installed, just bcrypt and colors. 12:39 There are more ways to set environment variables, but 12:45 this is one of the easiest to do to test it on your local machine. 12:48 In a company, there are system administrators who 12:54 deal with this end of things when deploying applications. 12:56 As a developer, it's just important to know that there are these variables set on 13:00 a machine which can influence how an application is run. 13:05 In this case, npm will install the required dependencies and 13:09 not dev dependencies. 13:12 There you have it. 13:15 You've installed packages both globally, for modules that you want to use anywhere 13:15 on your system, and locally, for modules that you want to use in a single project. 13:20 You've also used a package.json file to manage dependencies for 13:25 your application to run and to help in development. 13:29 Well done. 13:32