Hello readers, Today we are going to discuss about very common yet important package manager command
npm install. I am sure you are using it, whether you are a front-end engineer or a backend (api / devops) engineer.
npm install or nowadays
npx i or
npm i is so common to use, but I doubt whether you have also used
npm ci yet ?
So lets keep the ball rolling and continue to our discussion...
Lets first understand how exactly
npm install works:
To make use of tools (or packages) in Node.js, we need to be able to install and manage them in a useful way. This is where
npm, the Node package manager, comes in picture. It installs the packages you want to use and provides a useful interface to work with them. Not to mention we define /save our packages in so called
package.json file. This is the place where
npm reads your dependency and/or dev dependency and continues to installs them within your project.
During this process
npm also creates a lock file, known as
package-lock.json. It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.
This file is intended to be committed into source repositories, and serves various purposes:
- Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies.
- Provide a facility for users to “time-travel” to previous states of
node_moduleswithout having to commit the directory itself.
- To facilitate greater visibility of tree changes through readable source control diffs.
- And optimize the installation process by allowing
npmto skip repeated metadata resolutions for previously-installed packages.
That said, there are a few catches, like if you are using:
~when you specify the version of your dependency,
npm installmay not install the exact version you specified.
npm installcan update your
package-lock.jsonwhen there are changes such as when you install a new dependency.
This is fine when as long as we are developing or working on project, but may turn into unwanted failures during testing / automated deployments.
The questions here is, so how do we overcome this problem? Well this is where
npm ci comes to your rescue. Lets understand how it helps.
npm-ci: Installing packages with a clean state
This command is similar to
npm-install, except it’s meant to be used in automated environments such as test platforms, continuous integration, and deployment – or any situation where you want to make sure you’re doing a clean install of your dependencies. It can be significantly faster than a regular
npm install by skipping certain user-oriented features. It is also more strict than a regular install, which can help catch errors or inconsistencies caused by the incrementally-installed local environments of most
DO & DON'Ts:
npm ci will ALWAYS do the following things:
- Delete your node_modules before continuing.
- Look at your
package.jsonto install all the dependencies with the exact same version.
- Will throw an error and exit when your dependency do not match between
npm ci will NEVER do the following things:
- It will never modify your
- It will never write to
Requirements to use
- We must have a
package-lock.jsonfile in your project — if you don't,
npm ciwill not work and you will have to use
npm installto generate one.
As you can see, both commands have their valid use cases.
- We must use
npm installto install new dependencies, or to update existing dependencies.
- We must use
npm ciwhen running in continuous integration, or if you want to install dependencies without modifying the
Thank you for reading this article. I am sure it must have helped you gain some knowledge to you.