Loading lesson path

Node.js•Module Basics

Node.js Managing Dependencies

What is Dependency Management?

Dependency management is the process of tracking, installing, updating, and removing the external packages your application depends on. It helps ensure your applications remains stable, secure, and maintainable over time. npm (Node Package Manager) is the default package manager for Node.js, but alternatives like Yarn and pnpm are also popular. The key components of Node.js dependency management include: The package.json file for declaring dependencies Lock files (

Formula

package - lock.json or yarn.lock

) for dependency versioning Package manager commands to install, update, and remove packages

Security tools to identify and fix vulnerabilities

Understanding Semantic Versioning

Formula

Node.js packages follow semantic versioning (SemVer), using a three - part version number:

MAJOR.MINOR.PATCH

Major

: Incremented for incompatible API changes

Minor

Formula

: Incremented for backward - compatible new features

Patch

Formula

: Incremented for backward - compatible bug fixes

In package.json, version requirements can be specified using special characters:

Symbol

Example

Meaning

^ ^2.8.1 Any with 2.x.x, only MAJOR version must match (2.8.1 or higher) ~ ~2.8.1 Any with 2.8.x, only MAJOR.MINOR must match (2.8.1 or higher) * * Any version (not recommended for production) >= >=2.8.1 Version 2.8.1 or higher none 2.8.1

Exact version only

Example: Different Version Specifications

{
"dependencies": {
"express": "^2.8.1",     // Any 2.x.x version (2.8.1 or higher)
"lodash": "~2.8.1",    // Any 2.8.x version (2.8.1 or higher)
"moment": "2.8.1",      // Exactly version 2.8.1
"axios": ">=2.8.1",     // Version 2.8.1 or any higher version
"debug": "2.x"           // Any version starting with 2
}
}

Installing Dependencies

There are several ways to install dependencies in a Node.js project:

Installing All Dependencies npm install

This command reads the package.json file and installs all dependencies listed there.

Installing a Specific Package npm install express

This installs the latest version of the package and adds it to your dependencies in package.json. Installing a Specific Version npm install express@4.17.1

Formula

Installing Without Saving to package.json npm install express -- no - save
Installing Globally npm install - g nodemon
Global packages are installed system - wide rather than in the project's node_modules directory.

Types of Dependencies

Node.js projects can have several types of dependencies, each serving a different purpose: Regular Dependencies npm install express --save # or simply npm install express These are packages required for your application to run in production.

Formula

Development Dependencies npm install jest -- save - dev
# or npm install jest - D

These are packages needed only for local development and testing, like testing frameworks or build tools.

Peer Dependencies

Specified in package.json to indicate compatibility with other packages without actually including them:

Formula

"name": "my - plugin",

"version": "1.0.0",

"peerDependencies": {
"react": "^17.0.0"
}
}

This tells users that your package expects React 17.x to be installed in their project.

Formula

Optional Dependencies npm install fancy - feature -- save - optional
# or npm install fancy - feature - O

These packages enhance functionality but aren't required for the core application to work.

Tip:

Use dependencies for packages needed in production, and devDependencies for packages only needed during development or testing.

Package Lock Files

Lock files ensure consistent installations across different environments by recording the exact version of each package and its dependencies.

Formula

package - lock.json (npm)

This file is automatically generated when npm modifies the node_modules tree or package.json.

Formula

"name": "my - app",

"version": "1.0.0", "lockfileVersion": 3, "requires": true,

"packages": {
"node_modules/express": {
"version": "4.18.2",

Formula

"resolved": "https://registry.npmjs.org/express/-/express - 4.18.2.tgz",

"dependencies": {
"accepts": "~1.3.8",

Formula

"array - flatten": "1.1.1"

}
}
}
}
yarn.lock (Yarn)
Yarn's lock file serves a similar purpose but has a different format.

Important:

Always commit your lock files to version control to ensure consistent installations across your team and deployment environments.

Updating Dependencies

Check for Outdated Packages npm outdated

Update a Specific Package npm update express

Update All Packages npm update

Formula

Update npm Itself npm install - g npm@latest

Using npm-check-updates

Formula

For more control over updates, you can use the npm - check - updates package:
# Install npm - check - updates globally npm install - g npm - check - updates

# Check for updates ncu

Formula

# Update package.json ncu - u

# Install updated packages npm install

Node.js NPM Scripts

Node.js Publish a Package

Loading lesson path

Learn/Node.js/Module Basics

Node.js•Module Basics

Node.js Managing Dependencies

What is Dependency Management?

Formula

package - lock.json or yarn.lock

) for dependency versioning Package manager commands to install, update, and remove packages

Security tools to identify and fix vulnerabilities

Understanding Semantic Versioning

Formula

Node.js packages follow semantic versioning (SemVer), using a three - part version number:

MAJOR.MINOR.PATCH

Major

: Incremented for incompatible API changes

Minor

Formula

: Incremented for backward - compatible new features

Patch

Formula

: Incremented for backward - compatible bug fixes

In package.json, version requirements can be specified using special characters:

Symbol

Example

Meaning

Exact version only

Example: Different Version Specifications

{
"dependencies": {
"express": "^2.8.1",     // Any 2.x.x version (2.8.1 or higher)
"lodash": "~2.8.1",    // Any 2.8.x version (2.8.1 or higher)
"moment": "2.8.1",      // Exactly version 2.8.1
"axios": ">=2.8.1",     // Version 2.8.1 or any higher version
"debug": "2.x"           // Any version starting with 2
}
}

Installing Dependencies

There are several ways to install dependencies in a Node.js project:

Installing All Dependencies npm install

This command reads the package.json file and installs all dependencies listed there.

Installing a Specific Package npm install express

This installs the latest version of the package and adds it to your dependencies in package.json. Installing a Specific Version npm install express@4.17.1

Formula

Installing Without Saving to package.json npm install express -- no - save
Installing Globally npm install - g nodemon
Global packages are installed system - wide rather than in the project's node_modules directory.

Types of Dependencies

Formula

Development Dependencies npm install jest -- save - dev
# or npm install jest - D

These are packages needed only for local development and testing, like testing frameworks or build tools.

Peer Dependencies

Specified in package.json to indicate compatibility with other packages without actually including them:

Formula

"name": "my - plugin",

"version": "1.0.0",

"peerDependencies": {
"react": "^17.0.0"
}
}

This tells users that your package expects React 17.x to be installed in their project.

Formula

Optional Dependencies npm install fancy - feature -- save - optional
# or npm install fancy - feature - O

These packages enhance functionality but aren't required for the core application to work.

Tip:

Use dependencies for packages needed in production, and devDependencies for packages only needed during development or testing.

Package Lock Files

Lock files ensure consistent installations across different environments by recording the exact version of each package and its dependencies.

Formula

package - lock.json (npm)

This file is automatically generated when npm modifies the node_modules tree or package.json.

Formula

"name": "my - app",

"version": "1.0.0", "lockfileVersion": 3, "requires": true,

"packages": {
"node_modules/express": {
"version": "4.18.2",

Formula

"resolved": "https://registry.npmjs.org/express/-/express - 4.18.2.tgz",

"dependencies": {
"accepts": "~1.3.8",

Formula

"array - flatten": "1.1.1"

}
}
}
}
yarn.lock (Yarn)
Yarn's lock file serves a similar purpose but has a different format.

Important:

Always commit your lock files to version control to ensure consistent installations across your team and deployment environments.

Updating Dependencies

Check for Outdated Packages npm outdated

Update a Specific Package npm update express

Update All Packages npm update

Formula

Update npm Itself npm install - g npm@latest

Using npm-check-updates

Formula

For more control over updates, you can use the npm - check - updates package:
# Install npm - check - updates globally npm install - g npm - check - updates

# Check for updates ncu

Formula

# Update package.json ncu - u

# Install updated packages npm install

Node.js NPM Scripts

Node.js Publish a Package