npm
Initial release | January 12, 2010[1] |
---|---|
Stable release | 3.10.3
/ 23 June 2016[2] |
Repository | |
Written in | JavaScript |
License | Artistic License 2.0 |
Website | npmjs |
npm is the default package manager for the JavaScript runtime environment Node.js.
History
npm is written entirely in JavaScript and was developed by Isaac Z. Schlueter as a result of having "seen module packaging done terribly" and with inspiration from the shortcomings of other similar projects such as PHP (PEAR) and Perl (CPAN).[3]
Description
npm is automatically included when Node.js is installed.[4] npm consists of a command line client that interacts with a remote registry. It allows users to consume and distribute JavaScript modules that are available on the registry.[5] Packages on the registry are in CommonJS format and include a metadata file in JSON format.[6] Over 280,000 packages are available on the main npm registry.[7] Packages on npm are registered on a first come first serve basis and do not distinguish among authors, meaning that the unpublishing of a package can not only break the projects that depend on it, but also pose a security risk.[8] The npm registry has no vetting process for submission, which means that packages found there can be low quality, insecure, or malicious.[6] However, the npm server administrators are fully capable of deleting malicious packages or banning malicious users.[9] npm exposes usage statistics and number of depending packages to assist developers in picking libraries.[10]
Usage
npm can manage packages that are local dependencies of a particular project, as well as globally-installed JavaScript tools.[11] When used as a dependency manager for a local project, npm can install, in one command, all the dependencies of a project through the package.json file.[12] In the package.json file, each dependency can specify a range of valid versions using the semantic versioning scheme, allowing developers to auto-update their packages while at the same time avoiding unwanted breaking changes.[13] npm also provides version-bumping tools for developers to tag their packages with a particular version.[14]
See also
References
- ^ "Earliest releases of npm". GitHub. Retrieved 27 July 2016.
- ^ "v3.10.3 (2016-06-23)". GitHub. 2016-03-18. Archived from the original on 2016-03-18. Retrieved 2016-07-03.
- ^ Schlueter, Isaac Z. (25 March 2013). "Forget CommonJS. It's dead. **We are server side JavaScript.**". GitHub.
- ^ Dierx, Peter (30 March 2016). "A Beginner's Guide to npm — the Node Package Manager". sitepoint. Retrieved 22 July 2016.
- ^ Ampersand.js. "Ampersand.js - Learn". ampersandjs.com. Retrieved 22 July 2016.
- ^ a b Ojamaa, Andres; Duuna, Karl (2012). "Assessing the Security of Node.js Platform". IEEE Xplore. Retrieved 22 July 2016.
- ^ Kennedy, Hugh; DeVay, Paul. "Understanding npm". Nsight. Retrieved 22 July 2016.
- ^ Yegulalp, Serdar (23 March 2016). "How one yanked JavaScript package wreaked havoc". InfoWorld. Retrieved 22 July 2016.
- ^ npm, Inc. "npm". npm. Retrieved 22 October 2016.
- ^ https://npm-stat.com/
- ^ Ellingwood, Justin. "How To Use npm to Manage Node.js Packages on a Linux Server". DigitalOcean. Retrieved 22 October 2016.
- ^ "npm-install". docs.npmjs. Retrieved 22 October 2016.
- ^ "semver". docs.npmjs. Retrieved 22 October 2016.
- ^ "npm-version". docs.npm. Retrieved 29 October 2016.
External links