Access Private NPM Repo with DoD CAC

We're looking for a way we can get the npm command to use our DoD CACs (PKI, PIV, X.509, Smart Card) to authenticate with a privately-hosted repo, configured with PKI-based mutual authentication. Is this possible?

We're looking for a way we can get the npm command to use our DoD CACs (PKI, PIV, X.509, Smart Card) to authenticate with a privately-hosted repo, configured with PKI-based mutual authentication. Is this possible?

Introduction to npm

A simple guide to npm, with a briefly introduction to the node package manager, In September 2019 over 1 million packages were reported beign listed in the npm registry, making npm the biggest single language code repository!

Original post at NPM Introduction

Introduction to npm

npm is the standard package manager for Node.js.

There are many things that npm does. It allows for seamless node.js package management. You can install, share and manage node.js packages.

npm consists of three components:

  1. Website
  2. Registry
  3. CLI

In the npm official Website you can find packages, view documentation, share and publish packages.

The npm Registry is a large database consisting of packages. In September 2019 over 1 million packages were reported being listed in the registry, making npm the biggest single language code repository! and you can be sure there is a package for (almost!) everything. It started as a way to download and manage dependencies of Node.js packages, but it has since become a tool used also in frontend JavaScript.

The CLI is the command line that helps in interacting with the npm for installing, updating and uninstalling packages and also managing dependencies.

Note: Yarn is an alternative to npm. Make sure you check it out as well.

Installation

npm comes with Node.js, this means you don’t have to install it separately. Go to the official website to Download Node.js and install it, if you haven't already installed it on your system.

After installing node, You can check the version of node and npm by running

node --version
npm --version

package.json

The package.json is the project manifest file. Using the package.json you can manage dependencies and write scripts. It has all the meta data about the project.

Init Project

Note: you only need to do this if you are starting a new project, if not take a look if the package.json file already exist

For create a package.json, first head over to your project folder. You can create package.json by running the command

npm init

It asks you for some data like package name, description, version, author, license, etc. You can just press enter for defaults.

Or to quickly create a package.json file. You can use the command

npm init -y

Installing all dependencies

If the project has a packages.json file, by running the command

npm install

it will install all the dependencies that the project needs, that is to say, the packages from the dependencies and devDependencies at the package.json, in the node_modules folder, creating it if it doesn't already exist.

The node_modules is the folder in which our local packages are installed. There will be a new file named package-lock.json. This file contains the exact version of the package, unlike package.json which contains the semantic version.

Installing a single package

You can also install a specific package by running

npm install <package-name>

Often you'll see more flags added to this command:

  • --save installs and adds the entry to the package.json file dependencies (default as of npm 5)
  • --save-dev installs and adds the entry to the package.json file devDependencies
  • --no-save installs but not doesn't add the dependency to your package.json file.

The difference is mainly that devDependencies are usually development tools, like a testing library, while dependencies are bundled with the app in production.

Installing a single package Globally

A globally installed packages works anywhere on the machine. To install global packages you’ve to use -g flag.

Generally, any packages you use in your project have to be installed locally. And packages you use in the command line are to be installed globally.

The command for the local and global packages are same except that you have to use -g flag for global packages.

For example you can install nodemon globally, that is a utility that will monitor for any changes in your source code and automatically restart your server, it's great idea for development

npm install -g nodemon
Versioning

In addition to plain downloads, npm also manages versioning, so you can specify any version of a package, or require a version higher or lower than what you need.

Maybe you could find that a library is only compatible with a major release of another library. Or a bug in the latest release of a lib, still unfixed, is causing an issue.

Specifying an explicit version of a library also helps to keep everyone on the same version of a package, so that the whole team runs the same version until the package.json file is updated.

In all those cases, versioning helps a lot, and npm follows the semantic versioning (semver) standard.

All the package versions are represented with three digits

  • The first digit is major
  • The second is minor
  • The third is patch.

The patch(~) is updated for bug fixes.

The minor(^) is updated for every new functionality that doesn’t break the existing code.

The major is updated for big changes. These generally break the existing code.

In the package.json, when you install a package, you will see a caret^ symbol by default. This indicates that when a user is downloading your project, the package will be updated to the latest minor version. Same applies to patch. If we don’t include any symbol then exact version is downloaded. To get the latest major version, asterisk * is used. But you don’t want to do this as the major version can break your code.

To install either major, minor, patch (or) exact version, you can use the command

npm install <package-name>@x.y.x

For example, let's install lodash

There are several ways to accomplish this. First, let’s start with the basic

npm install lodash

This command installs lodash and fetches the latest available version.

If you know the exact version of the package that you need, you can append it to the package name after the @ character

npm install [email protected]

If you don’t know the exact version of the package, npm also allows using semantic ranges to define the version

npm install [email protected]^4.0.0

This command will install the latest 4.x.x version.

Both examples don’t modify package.json and don’t add installed modules to the list of dependencies. We must use --save to add the installed module to the package.json dependencies and --save-dev to add it to devDependencies.

If you install a module without defining a specific version, npm will add the semantic range to the package.json as is. To prevent this, use --save-exact flag in addition to --save or --save-dev. This flag will force npm to store the exact module version in the package.json.

Updating packages

Since we have installed packages sometimes we need to update our packages to get new features. To do that, you’ve to run

npm update

npm will check and update all the packages listed to the latest version that satisfies your versioning constraints.

Updating a single package

For update a single package you can specify it to update as well

npm update <package-name>

Uninstall a single package

Sometimes you don’t need a particular package and you want to remove it. It’s not a good idea to manually remove the package from the node_modules folder as it can be a dependency for the other packages. To safely uninstall a package you’ve to run

npm uninstall <package-name>

This will completely remove everything npm installed on its behalf.

You must use the corresponding flag to save the changes in the package.json.

For example if you want to uninstall lodash from the dependencies of package.json you should run

npm uninstall lodash --save

Or from the devDependencies

npm uninstall lodash --save-dev
List installed packages

To get the list of installed packages, run the command

npm run list

This will list all the packages including its dependencies. The packages installed by you will be in the depth 0. Its dependencies will be in the depth 1 and further dependencies will be in the depth 2 and so on. To get packages of a certain depth, use the command

npm list depth <number>
Running Tasks

The package.json file supports a format for specifying command line tasks that can be run by using

npm run <task-name>

For example:

{
  "scripts": {
    "start-dev": "node lib/server-development",
    "start": "node lib/server-production"
  },
}

It's very common to use this feature to run Webpack:

{
  "scripts": {
    "watch": "webpack --watch --progress --colors --config webpack.conf.js",
    "dev": "webpack --progress --colors --config webpack.conf.js",
    "prod": "NODE_ENV=production webpack -p --config webpack.conf.js",
  },
}

So instead of typing those long commands, which are easy to forget or mistype, you can run

npm run watch
npm run dev
npm run prod
Getting Help

npm CLI has built -n help command. You can access it by

npm help

To get help for a particular command run

npm <command> -h

You can also search npm documentation for help. To do that use

npm help-search <command>

Now you’ve learned all the basics of npm. To know more about npm you can go to the documentation in the official Website. Now you can start using it in your own projects, happy hacking!

Thanks for reading! ❤

If you liked this post, please do share/like it with all of your programming buddies!

How to Uninstall Npm Packages

How to Uninstall Npm Packages

Trying to figure out how to uninstall a local or global npm package? We've got you covered!

Originally published at https://coderrocketfuel.com
Uninstall Local Packages

To uninstall a package that was installed locally (using npm install <package> and stored in the node_modules directory), use this command:

$ npm uninstall <package>

After that command is run, the package will no longer be in your node_modules folder.

To also remove the package from the dependencies list in your package.json file, you can use either the -S or --save flag:

$ npm uninstall <package> --save
$ npm uninstall -S <package>

If the package is a devDependency, you can remove it from the package.json file with the -D or --save-dev flags:

$ npm uninstall <package> --save-dev
$ npm uninstall -D <package>
Uninstall Global Packages

Last, you can remove any npm package you've installed globally with the -g flag:

$ npm uninstall -g <package>

The global uninstall command will work from wherever you call it on your machine.

Thanks for reading

If you liked this post, share it with all of your programming buddies!

Follow us on Facebook | Twitter

Further reading

The Complete Node.js Developer Course (3rd Edition)

Angular & NodeJS - The MEAN Stack Guide

NodeJS - The Complete Guide (incl. MVC, REST APIs, GraphQL)

A Beginner’s Guide to npm — the Node Package Manager

Node Package Manager (NPM) Tutorial

Creating your first npm package

npm and the Future of JavaScript

Best JavaScript Frameworks, Libraries and Tools to Use in 2019

Creating your first npm package

Creating your first npm package

Publishing NPM Package. It is now time to publish our project to npm so that anyone can use it. If this is your first time publishing a package open up a terminal in the wrap-with-poo directory and type the following command. This will ask you for your npm account information such as username, password, and email.

Publishing NPM Package. It is now time to publish our project to npm so that anyone can use it. If this is your first time publishing a package open up a terminal in the wrap-with-poo directory and type the following command. This will ask you for your npm account information such as username, password, and email.

This weekend I started working on my first ever npm package. I can’t believe for how long I have been writing code that I never bothered to create my own npm package but here we are. I built my newest site using Gridsome and markdown and you can read all about that here. In the markdown files, I wanted an easy way to insert a twitter status and embed the tweet.

I will tell you more about that Gridsome plugin in a future blog post but for now, I want to show you how you can create your very first npm package. I learned a few things while working on this and I would like to share them with you.

Prerequisites

I am going to assume you at least know what node & npm is and have written JavaScript before. If you don’t know either of these and want me to write something up on getting started with those please let me know.

There are a few things that you’re going to need before we dive in and start writing some code.

Creating your npm package

The first thing you are going to do is create a new folder to hold your npm package. For this example, I am going to create a new directory called wrap-with-poo. Yes, you read that correctly.

Go into that folder and type the following:

npm init


This will ask you a bunch of questions and then create a package.json. If you don’t know answers to certain questions just yet don’t worry, you can come back and answer them later.

This utility will walk you through creating a package.json file.
It only covers the most common items and tries to guess sensible defaults.

See `npm help json` for definitive documentation on these fields
and exactly what they do.

Use `npm install <pkg>` afterward to install a package and
save it as a dependency in the package.json file.

Press ^C at any time to quit.
package name: (wrap-with-poop)
version: (1.0.0) 0.0.1
description: This package will take any string you give it and wrap it with the poop emjoi
entry point: (index.js)
test command:
git repository:
keywords: node,npm
author: Dan Vega
license: (ISC) MIT
About to write to /Users/vega/dev/npm/wrap-with-poop/package.json:

{
  "name": "wrap-with-poop",
  "version": "0.0.1",
  "description": "This package will take any string you give it and wrap it with the poop emjoi",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "keywords": [
    "node",
    "npm"
  ],
  "author": "Dan Vega",
  "license": "MIT"
}

Is this OK? (yes) yes


Writing your plugin

Next open this project up in Visual Studio Code and create index.js. The reason you’re creating this file is that in your package.json you said that this was your entry point. In your index.js add the following code:

module.exports = (str) => {
    return `💩${str}💩`;
}


The module.exports object allows us to organize some related code and then expose it as a module. This means that when we are done we could import this module into another application. In this case, we are assigning an arrow function which means we are exposing a single function that takes an argument called str and returns that string wrapped with the poo emoji. That is all you need to do with this project. It is a pretty simple package but it will help walk through a few things.

npm local development

Now that you have our package ready to go you need to test it in another project. In the real world, you should be writing some unit tests against it but I want to save that for another article & screencast.

Next, create a new directory (outside of your package) called wrap-with-poo-testing. You will again need to run npm init but this time you can add the -y argument to skip all of the questions, they are less important this time.

npm init -y

Wrote to /Users/vega/dev/npm/wrap-with-poo/package.json:

{
  "name": "wrap-with-poop",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "keywords": [],
  "author": "",
  "license": "ISC"
}


NPM Install

In this project create a new file called app.js. This is where you are going to use your new wrap-with-poo package. This is normally where you would normally install the npm package you needed by running the following command.

npm install wrap-with-poo


The problem with this is that you haven’t published your new plugin yet so it isn’t in npm. You need a way to reference the package locally while you’re developing it. You could run npm install with the absolute path to the package.

npm install /Users/vega/dev/npm/wrap-with-poo


Which would update your package.json to look like this

{
  "name": "npm",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "keywords": [],
  "author": "",
  "license": "ISC",
  "dependencies": {
    "wrap-with-poo": "file:../wrap-with-poo"
  }
}


If you need to test out pre-install/post-install hooks in your package then you will want to use this approach. If you don’t care about the best way to develop NPM projects locally is by using npm link.

NPM Link

npm link is a process that allows you to create a symbolic link between your project and the dependency. First, you need to move into the directory wrap-with-poo and run the following command.

npm link


This will take your package and create a symbolic link in the npm global folder to it.

/Users/vega/.nvm/versions/node/v10.15.0/lib/node_modules/wrap-with-poo -> /Users/vega/dev/npm/wrap-with-poo

This means that your project can be used in any project with one more simple step. The next thing you need to do is to move into the project wrap-with-poo-testing and run the following command.

npm link wrap-with-poo


This will output the following: /Users/vega/dev/npm/wrap-with-poo-testing/node_modules/wrap-with-poo -> /Users/vega/.nvm/versions/node/v10.15.0/lib/node_modules/wra

** p-with-poo -> /Users/vega/dev/npm/wrap-with-poo**

That is all there is to it, no need to install the dependency. You are ready to begin writing some code to play with you new plugin. Open up the app.js and add the following code.

const poo = require('wrap-with-poo');
const boring = 'This is a boring string';
const fun = poo(boring);

console.log(fun);


And run the following command from the integrated terminal

node app.js


And you will get the following output

💩This is a boring string💩


Publish Source Code

Now that we know our project works its time to make it public for everyone to use. If you haven’t done so yet I would add your project to Github or whatever source code hosting you prefer.

git init
git add .
git commit -m "Initial commit"
git remote add origin https://github.com/cfaddict/wrap-with-poo.git
git push -u origin master


Now that it is on Github go back and add an entry to your package.json so everyone knows where to find the source code using the homepage key.

{
  "name": "wrap-with-poo",
  "version": "0.0.1",
  "description": "This package will wrap any string you give it with the poop emoji",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "keywords": [
    "node",
    "npm",
    "poop"
  ],
  "author": "Dan Vega",
  "license": "MIT",
  "homepage": "https://github.com/cfaddict/wrap-with-poo"
}


Publishing NPM Package

It is now time to publish our project to npm so that anyone can use it. If this is your first time publishing a package open up a terminal in the wrap-with-poo directory and type the following command.

npm adduser


This will ask you for your npm account information such as username, password, and email.

vega wrap-with-poo (master) $ npm adduser
Username: therealdanvega
Password:
Email: (this IS public) [email protected]
Logged in as therealdanvega on https://registry.npmjs.org/.


Now you’re ready to publish but there are a couple of things you need to remember. First every npm package must have a unique name. I would head over to npm and do a quick search for your package. I have already published the package wrap-with-poo so yours will need a new unique name.

The next thing you need to know is that your version number matters. I start with 0.0.1 and work my way up from there. Once you publish a specific version you can’t publish the same version again. It is a good idea to build a number of features into a version and then publish that. If you run

npm version


It will tell you what your current version is.

{ 'wrap-with-poo': '0.0.1',
  npm: '6.7.0',
  ares: '1.15.0',
  cldr: '33.1',
  http_parser: '2.8.0',
  icu: '62.1',
  modules: '64',
  napi: '3',
  nghttp2: '1.34.0',
  node: '10.15.0',
  openssl: '1.1.0j',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.23.2',
  v8: '6.8.275.32-node.45',
  zlib: '1.2.11' }


If everything looks good you can publish your new project by running

npm publish


This might take a few seconds but if everything went ok your package should now be live on npm.

Congrats on publishing your first npm package!!!

Now you can go into any project that already has a package.json and type the following

npm install wrap-with-poo


And use it just like we did in our testing example above.

Documentation

I know some people say that you should create documentation from the beginning but I am not always sure what my code is going to end up looking like so I usually wait on this. Create a README.md in the root of your project and add some information about your project.

Conclusion

As I said at the beginning of this article I can’t believe I published my first npm package this weekend. I just never really had a need to do so until now but I was really excited to learn how easy it was. If this is your first npm package please leave me some comments or tweet at me when yours is live!

Happy Coding!

Learn More

The Complete Node.js Developer Course (2nd Edition)

Learn and Understand NodeJS

Node JS: Advanced Concepts

GraphQL: Learning GraphQL with Node.Js

Angular (Angular 2+) & NodeJS - The MEAN Stack Guide

Beginner Full Stack Web Development: HTML, CSS, React & Node

Node with React: Fullstack Web Development

MERN Stack Front To Back: Full Stack React, Redux & Node.js