NPM is node's package manager system, its like NuGet for .net or RubyGems. This type of package manager allows developers to easily publish software packages and libraries, and for consumers of those libraries to easily install them. Npm was created initially by Isaac Schlueter and it's first release was in January 2010The only bad thing I can say about npm is that there logo policy is so defensive, I'm not even sure if I can put an image of the npm logo in this article without getting an angry email.
To practice using NodeJs and npm's packaging system I wanted to choose some functionality that would actually be helpful to someone. When I'm reading a stack exchange article and I notice a plain text link, sometimes I will replace that plain text link with a linked text title. So an article with the plain text link 'https://www.google.com' in it would become 'Google' or perhaps a full referenence like "'Google', google.com". Unfortunately I learned that because Stack Exchange is hesistent to allow public automated editing, in order for a stack exchange app to update an article a full website login is needed, making automated editing less desirable or possible. Therefore I narrowed the scope of my learning engagement to performing all of the actions of stackexchange link replacement with the exception of the actual update to the article. I broke the task down into 4 separate packages to maximize the potential that someone will actual find one of the packages useful and download it. Each of the 4 packages is configured with a package.json file.
Package.json is the backbone of any npm package, its the base-level config file. If your familiar with the .net package system, the package.json file is like a combination of a visual studio project file, and a nuget spec file. One the primary functions of the package.json file is management dependencies. The nice thing about npm packages is that its incredibly easy to include references to other projects and to have those references automatically installed when your package is install, so that it automagically works every time. There are different string parameters that can be used to specify whether to be specific about the version of the dependency or allow newer or different versions to be installed instead of the specified version. Package.json can also be configured to install some dependencies only for development, in case you want to setup some special dev tools.
Testing is built-in to the design of npm packages. A script or series of commands can be configured to run when the test command: npm test is executed. This also allows people to chain a series of test commands together so that a series of testing systems can be activated. In this manner, I not only wired up tests but also a vulnerability scanner and style checker, among other widgets. These are run whenever I make a new commit by the free TravisCI server, or can run them at the command-line with a simple 'npm test'. The vulnerability scanner I have configured to run during check-in and test, snyk, has already altered me to 2 new vulnerabilities in the request package, which is the goto package for web requests. Sadly, in my stack-exchange-markdown-retriever project, I have a dependency on the stackexchange and I have haven't been able to the package owner to update his request version, even though I created a pull request to help him. The package owner may not have an interest in their stack-exchange package project anymore, so I may have to replace his package with direct calls to the stack exchange API.
Publishing a npm package is fairly straightforward and like NuGet is open to submission from any registered user. You simply have to register with the npm website to receive an API key used to publish one's package on the NPM network. Unlike NuGet however, npm doesn't allow duplicate package names to be used, I'm looking at you people who stole the name "Random Name Generator" for my NuGet package. My package was registered first so I feel certain ownership for what that's worth, which isn't much. The documentation for publishing to npm is fairly well written and presented which is a hallmark of a framework that's going to be around for awhile.
Likewise updating an npm package is fairly easy. The npm version command is used to update the version number in the package. The cool thing about many of the npm commands, like 'version', is that if one's project is in the GIT repository many npm commands will automatically execute commits and tagging. So the npm version will actually create a commit and a tag for the version automatically when its called. There are other examples of GIT integration but yet another reason why the npm/nodeJs platform is both powerful and modern.
Here's some lines to the npm packages I've created:
- Random Name Generator (NuGet)
- Json Pretty Printer (NuGet)