How To Install Npm Globally

  1. How To Install Gulp Globally Npm
  2. How To Install Npm Angular Cli
  3. How To Install Npm Globally Windows
  4. How To Install Npm

This package gets invisibly installed globally whenever you install npm. Npx is a global command-line tool that will allow you to execute scripts without having to globally install them. It works very similar to our npm run-scripts setup I have already described. There are two ways to install npm packages: locally or globally. Choose which kind of installation to use based on how you want to use the package. This is especially true for NodeJS/npm newbies, who often try the most popular packages installing them globally, without even defining them in their package.json files; however, this may be.

News from 2019

  • OpenSSL security releases may require Node.js security releases

    The Node.js project may be releasing new versions across all of its supportedrelease lines early next week to incorporate upstream patches from OpenSSL.Please read on for full details.

    The OpenSSL projectannouncedthis week that they will be releasing versions 1.0.2t and 1.1.1d on the 10th ofSeptember, UTC. The releases will fix two security defects that are labelledas 'LOW' severity under theirsecurity policy,meaning they are:

  • Node v12.10.0 (Current)
    • deps:
      • Update npm to 6.10.3 (isaacs) #29023
    • fs:
      • Add recursive option to rmdir() (cjihrig) #29168
      • Allow passing true to emitClose option (Giorgos Ntemiris) #29212
      • Add *timeNs properties to BigInt Stats objects (Joyee Cheung) #21387
    • net:
      • Allow reading data into a static buffer (Brian White) #25436
  • Node v12.9.1 (Current)

    This release fixes two regressions in the http module:

    • Fixes an event listener leak in the HTTP client. This resulted in lots ofwarnings during npm/yarn installs (Robert Nagy) #29245.
    • Fixes a regression preventing the 'end' event from being emitted forkeepalive requests in case the full body was not parsed (Matteo Collina) #29263.
  • Node v12.9.0 (Current)
    • crypto:
      • Added an oaepHash option to asymmetric encryption which allows users to specify a hash function when using OAEP padding (Tobias Nießen) #28335.
    • deps:
      • Updated V8 to 7.6.303.29 (Michaël Zasso) #28955.
        • Improves the performance of various APIs such as JSON.parse and methodscalled on frozen arrays.
        • Adds the Promise.allSettled method.
        • Improves support of BigInt in Intl methods.
        • For more information: https://v8.dev/blog/v8-release-76
      • Updated libuv to 1.31.0 (cjihrig) #29070.
        • UV_FS_O_FILEMAP has been added for faster access to memory mapped files on Windows.
        • uv_fs_mkdir() now returns UV_EINVAL for invalid filenames on Windows. It previously returned UV_ENOENT.
        • The uv_fs_statfs() API has been added.
        • The uv_os_environ() and uv_os_free_environ() APIs have been added.
    • fs:
      • Added fs.writev, fs.writevSync and filehandle.writev (promise version) methods. They allow to write an array of ArrayBufferViews to a file descriptor (Anas Aboureada) #25925, (cjihrig) #29186.
    • http:
      • Added three properties to OutgoingMessage.prototype: writableObjectMode, writableLength and writableHighWaterMark#29018.
    • stream:
      • Added an new property readableEnded to readable streams. Its value is set to true when the 'end' event is emitted. (Robert Nagy) #28814.
      • Added an new property writableEnded to writable streams. Its value is set to true after writable.end() has been called. (Robert Nagy) #28934.
  • August 2019 Security Releases

    Node.js, as well as many other implementations of HTTP/2, have been foundvulnerable to Denial of Service attacks. Seehttps://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.mdfor more information.

  • Node v10.16.3 (LTS)

    This is a security release.

    Node.js, as well as many other implementations of HTTP/2, have been foundvulnerable to Denial of Service attacks.See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.mdfor more information.

  • Node v8.16.1 (LTS)

    This is a security release.

    Node.js, as well as many other implementations of HTTP/2, have been foundvulnerable to Denial of Service attacks.See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.mdfor more information.

  • Node v12.8.1 (Current)

    This is a security release.

    Node.js, as well as many other implementations of HTTP/2, have been foundvulnerable to Denial of Service attacks.See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.mdfor more information.

  • Node v10.16.2 (LTS)

    This release patches a regression in the OpenSSL upgrade to 1.1.1c that causes intermittent hangs in machines that have low entropy.

    • [894a9dd230] - deps: cherry-pick c19c5a6 from openssl upstream (Ali Ijaz Sheikh) #28983
  • Node v12.8.0 (Current)
    • assert:
      • Legacy mode deprecation (DEP0089) is revoked (Colin Ihrig) #28892
    • crypto:
      • The outputLength option is added to crypto.createHash (Tobias Nießen) #28805
      • The maxmem range is increased from 32 to 53 bits (Tobias Nießen) #28799
    • n-api:
      • Added APIs for per-instance state management (Gabriel Schulhof) #28682
    • report:
      • Network interfaces get included in the report (Colin Ihrig) #28911
    • src:
      • v8.getHeapCodeStatistics() is now exported (Yuriy Vasiyarov) #27978

Node.js makes it possible to write applications in JavaScript on the server. It’s built on the V8 JavaScript runtime and written in C++ — so it’s fast. Originally, it was intended as a server environment for applications, but developers started using it to create tools to aid them in local task automation. Since then, a whole new ecosystem of Node-based tools (such as Grunt, Gulp and Webpack) has evolved to transform the face of front-end development.

This popular article was updated in April 2019 to reflect the current state of npm.

To make use of these tools (or packages) in Node.js we need to be able to install and manage them in a useful way. This is where npm, the Node package manager, comes in. It installs the packages you want to use and provides a useful interface to work with them.

In this article I’m going to look at the basics of working with npm. I will show you how to install packages in local and global mode, as well as delete, update and install a certain version of a package. I’ll also show you how to work with package.json to manage a project’s dependencies. If you’re more of a video person, why not sign up for SitePoint Premium and watch our free screencast: What is npm and How Can I Use It?.

But before we can start using npm, we first have to install Node.js on our system. Let’s do that now…

Installing Node.js

Head to the Node.js download page and grab the version you need. There are Windows and Mac installers available, as well as pre-compiled Linux binaries and source code. For Linux, you can also install Node via the package manager, as outlined here.

For this tutorial we are going to use v10.15.3 Stable. At the time of writing, this is the current Long Term Support (LTS) version of Node.

Tip: You might also consider installing Node using a version manager. This negates the permissions issue raised in the next section.

Let’s see where node was installed and check the version.

To verify that your installation was successful let’s give Node’s REPL a try.

The Node.js installation worked, so we can now focus our attention on npm, which was included in the install.

Updating npm

How To Install Gulp Globally Npm

npm, which is Node.js’ Package Manager, is a separate project from Node.js. It tends to be updated more frequently. You can check the latest available npm version on this page. If you realize you have an older version, you can update as follows.

For Linux and Mac users, use the following command:

For Windows users, never ever run the above command. If you already have, you won’t be able to update npm. You will have to uninstall your entire Node.js installation and install again. To properly update npm in Windows, you will need to do the following. First open PowerShell as administrator and execute the following command:

This will ensure you can execute scripts on your system. Next will you need to install the npm-windows-upgrade tool. After you have installed the tool, you need to run it so that it can update npm for you. Do all this within the elevated PowerShell console.

Node Packaged Modules

npm can install packages in local or global mode. In local mode it installs the package in a node_modules folder in your parent working directory. This location is owned by the current user. Global packages are installed in {prefix}/lib/node_modules/ which is owned by root (where {prefix} is usually /usr/ or /usr/local). This means you would have to use sudo to install packages globally, which could cause permission errors when resolving third-party dependencies, as well as being a security concern. Lets change that:

Changing the Location of Global Packages

Let’s see what output npm config gives us.

This gives us information about our install. For now it’s important to get the current global location.

This is the prefix we want to change, so as to install global packages in our home directory. To do that create a new directory in your home folder.

With this simple configuration change, we have altered the location to which global Node packages are installed. This also creates a .npmrc file in our home directory.

We still have npm installed in a location owned by root. But because we changed our global package location we can take advantage of that. We need to install npm again, but this time in the new user-owned location. This will also install the latest version of npm.

Finally, we need to add .node_modules_global/bin to our $PATH environment variable, so that we can run global packages from the command line. Do this by appending the following line to your .profile, .bash_profileor .bashrc and restarting your terminal.

Now our .node_modules_global/bin will be found first and the correct version of npm will be used.

Installing Packages in Global Mode

At the moment we only have one package installed globally — that is the npm package itself. So let’s change that and install UglifyJS (a JavaScript minification tool). We use the --global flag, but this can be abbreviated to -g.

As you can see from the output, additional packages are installed — these are UglifyJS’s dependencies.

Listing Global Packages

We can list the global packages we have installed with the npm list command.

The output however, is rather verbose. We can change that with the --depth=0 option.

That’s better — just the packages we have installed along with their version numbers.

Any packages installed globally will become available from the command line. For example, here’s how you would use the Uglify package to minify example.js into example.min.js:

Installing Packages in Local Mode

When you install packages locally, you normally do so using a package.json file. Let’s go ahead and create one.

Press Enter to accept the defaults, then type yes to confirm. This will create a package.json file at the root of the project.

Tip: If you want a quicker way to generate a package.json file use npm init --y

The fields are hopefully pretty self-explanatory, with the exception of main and scripts. The main field is the primary entry point to your program and the scripts field lets you specify script commands that are run at various times in the lifecycle of your package. We can leave these as they are for now, but if you’d like to find out more, see the package.json documentation on npm and this article on using npm as a build tool.

Now let’s try and install Underscore.

Note that a lockfile is created. We’ll be coming back to this later.

Now if we have a look in package.json we will see that a dependencies field has been added:

Managing Dependencies with package.json

As you can see, Underscore v1.9.1 was installed in our project. The caret (^) at the front of the version number indicates that when installing, npm will pull in the highest version of the package it can find where the only the major version has to match (unless a package-lock.json file is present). In our case, that would be anything below v2.0.0. This method of versioning dependencies (major.minor.patch) is known as semantic versioning. You can read more about it here: Semantic Versioning: Why You Should Be Using it.

And ALL my Aria's are like that. Thing is though.the 'fender copies' that made it to N. But when people talk about 'modding platforms'.I can't think of anything even remotely close to the kind of basic quality the neck and body are on these old Aria's. Aria guitar serial numbers.

Also notice that Underscore was saved as a property of the dependencies field. This has become the default in the latest version of npm and is used for packages (like Underscore) required for the application to run. It would also be possible to save a package as a devDependency by specifying a --save-dev flag. devDependencies are packages used for development purposes, for example for running tests or transpiling code.

You can also add private: true to package.json to prevent accidental publication of private repositories as well as suppressing any warnings generated when running npm install.

By far and away the biggest reason for using package.json to specify a project’s dependencies is portability. For example, when you clone someone else’s code, all you have to do is run npm i in the project root and npm will resolve and fetch all of the necessary packages for you to run the app. We’ll look at this in more detail later.

Before finishing this section, let’s quickly check Underscore is working. Create a file called test.js in the project root and add the following:

Run the file using node test.js and you should see [0, 1, 2, 3, 4] output to the screen.

Uninstalling Local Packages

npm is a package manager so it must be able to remove a package. Let’s assume that the current Underscore package is causing us compatibility problems. We can remove the package and install an older version, like so:

Installing a Specific Version of a Package

We can now install the Underscore package in the version we want. We do that by using the @ sign to append a version number.

Updating a Package

Let’s check if there’s an update for the Underscore package:

The Current column shows us the version that is installed locally. The Latest column tells us the latest version of the package. And the Wanted column tells us the latest version of the package we can upgrade to without breaking our existing code.

Remember the package-lock.json file from earlier? Introduced in npm v5, the purpose of this file is to ensure that the dependencies remain the same on all machines the project is installed on. It is automatically generated for any operations where npm modifies either the node_modules folder, or package.json file.

You can go ahead and try this out if you like. Delete the node_modules folder, then re-run npm i. The latest version of npm will install Underscore v11.9.0 (as this is what is specified in the package-lock.jsonFree custom zombies no download. file). Earlier versions will pull in v1.9.1 due to the rules of semantic versioning. In the past inconsistent package versions have proven a big headache for developers. This was normally solved by using an npm-shrinkwrap.json file which had to be manually created.

Now, let’s assume the latest version of Underscore fixed the bug we had earlier and we want to update our package to that version.

Tip: For this to work, Underscore has to be listed as a dependency in package.json. We can also execute npm update if we have many outdated modules we want to update.

Searching for Packages

We’ve used the mkdir command a couple of times in this tutorial. Is there a node package that does the same? Let’s use npm search.

There is (mkdirp). Let’s install it.

Now create a file mkdir.js and copy-paste this code:

How to install npmNpm

How To Install Npm Angular Cli

And run it from the terminal:

Re-installing Project Dependencies

Let’s first install one more package:

Check the package.json.

Note the dependencies list got updated automatically. In previous versions of npm, you would have had to execute npm install request --save to save the dependency in package.json. If you wanted to install a package without saving it in package.json, just use --no-save argument.

Let’s assume you have cloned your project source code to a another machine and we want to install the dependencies. Let’s delete the node_modules folder first then execute npm install

If you look at your node_modules folder, you’ll see that it gets recreated again. This way, you can easily share your code with others without bloating your project and source repositories with dependencies.

Managing the Cache

When npm installs a package it keeps a copy, so the next time you want to install that package, it doesn’t need to hit the network. The copies are cached in the .npm directory in your home path.

This directory will get cluttered with old packages over time, so it’s useful to clean it up occasionally.

You can also purge all node_module folders from your workspace if you have multiple node projects on your system you want to clean up.

Audit

A new feature was introduced in npm that allows developers to scan the dependencies for known security vulnerabilities. Let’s try out this feature by installing an old version of express.

As soon as we finish installing, we get a quick report that multiple vulnerabilities have been found. You can run the command npm audit to view more details.

You’ll get a detailed list of packages that have vulnerabilities. If you look at the field ‘Path’, it shows the dependency path. For example, the Path express > accepts > negotiator means Express depends on the package Accepts. The package Accepts depends on the the package negotiator which contains the vulnerability.

There are two ways of fixing all these problems. We can either execute the command npm install express@4.16.4 as suggested, or run npm audit fix. Let’s do the latter:

How To Install Npm Globally Windows

As you can see from the above report, all the vulnerabilities have been resolved. The command npm audit fix simply upgraded the affected packages to the latest versions. However, do note that not all vulnerabilities can be fixed automatically. This could happen if you are using a package that underwent a major change which could break your current project if updated. For situations such as this, you will have to review your code and do the update manually.

You can also run npm audit fix --force if you don’t mind upgrading packages with breaking changes. After you have executed the command, run npm audit to ensure that all vulnerabilities have been resolved.

Aliases

As you may have noticed, there are multiple ways of running npm commands. Here is a brief list of some of the commonly used npm aliases:

  • npm i <package> – install local package
  • npm i -g </package><package> – install global package
  • npm un </package><package> – uninstall local package
  • npm up – npm update packages
  • npm t – run tests
  • npm ls – list installed modules
  • npm ll or npm la – print additional package information while listing modules

You can also install multiple packages at once like this:

If you want to learn all common npm commands, just execute npm help for the full list. You can also learn more in our article 10 Tips and Tricks That Will Make You an npm Ninja.

Version Managers

There are a couple of tools available that allow you to manage multiple versions of Node.js on the same machine. One such tool is n. Another such tool is nvm (Node Version Manager). If you are on Windows, you check out nvm for Windows If this is something you’re interested in, why not check out our tutorial: Install Multiple Versions of Node.js using nvm.

Conclusion

How To Install Npm

In this tutorial, I have covered the basics of working with npm. I have demonstrated how to install Node.js from the project’s download page, how to alter the location of global packages (so we can avoid using sudo) and how to install packages in local and global mode. I also covered deleting, updating and installing a certain version of a package, as well as managing a project’s dependencies. If you would to learn more about the new features in the latest releases, you can visit the npm Github releases page.

With version 5, npm is making huge strides into the world of front-end development. According to its COO, it’s user base is changing and most of those using it are not using it to write Node at all. Rather it’s becoming a tool that people use to put JavaScript together on the frontend (seriously, you can use it to install just about anything) and one which is becoming an integral part of writing modern JavaScript. Are you using npm in your projects? If not, now might be a good time to start.

This article was peer reviewed by Graham Cox. Thanks to all of SitePoint’s peer reviewers for making SitePoint content the best it can be!