npm (software)

npm
Initial release January 12, 2010 (2010-01-12)[1]
Stable release
3.10.3 / 23 June 2016 (2016-06-23)[2]
Written in JavaScript
License Artistic License 2.0
Website npmjs.com

npm is the default package manager for the JavaScript runtime environment Node.js.

History

npm is written entirely in JavaScript and was developed by Isaac Z. Schlueter as a result of having "seen module packaging done terribly" and with inspiration from the shortcomings of other similar projects such as PHP (PEAR) and Perl (CPAN).[3]

Description

npm is automatically included when Node.js is installed.[4] npm consists of a command line client that interacts with a remote registry. It allows users to consume and distribute JavaScript modules that are available on the registry.[5] Packages on the registry are in CommonJS format and include a metadata file in JSON format.[6] Over 280,000 packages are available on the main npm registry.[7] Packages on npm are registered on a first come first serve basis and do not distinguish among authors, meaning that the unpublishing of a package can not only break the projects that depend on it, but also pose a security risk.[8] The npm registry has no vetting process for submission, which means that packages found there can be low quality, insecure, or malicious.[6] However, the npm server administrators are fully capable of deleting malicious packages or banning malicious users.[9] npm exposes usage statistics and number of depending packages to assist developers in picking libraries.[10]

Usage

npm can manage packages that are local dependencies of a particular project, as well as globally-installed JavaScript tools.[11] When used as a dependency manager for a local project, npm can install, in one command, all the dependencies of a project through the package.json file.[12] In the package.json file, each dependency can specify a range of valid versions using the semantic versioning scheme, allowing developers to auto-update their packages while at the same time avoiding unwanted breaking changes.[13] npm also provides version-bumping tools for developers to tag their packages with a particular version.[14]

See also

References

  1. "Earliest releases of npm". GitHub. Retrieved 27 July 2016.
  2. "v3.10.3 (2016-06-23)". GitHub. 2016-03-18. Archived from the original on 2016-03-18. Retrieved 2016-07-03.
  3. Schlueter, Isaac Z. (25 March 2013). "Forget CommonJS. It's dead. **We are server side JavaScript.**". GitHub.
  4. Dierx, Peter (30 March 2016). "A Beginner's Guide to npm — the Node Package Manager". sitepoint. Retrieved 22 July 2016.
  5. Ampersand.js. "Ampersand.js - Learn". ampersandjs.com. Retrieved 22 July 2016.
  6. 1 2 Ojamaa, Andres; Duuna, Karl (2012). "Assessing the Security of Node.js Platform". IEEE Xplore. Retrieved 22 July 2016.
  7. Kennedy, Hugh; DeVay, Paul. "Understanding npm". Nsight. Retrieved 22 July 2016.
  8. Yegulalp, Serdar (23 March 2016). "How one yanked JavaScript package wreaked havoc". InfoWorld. Retrieved 22 July 2016.
  9. npm, Inc. "npm". npm. Retrieved 22 October 2016.
  10. https://npm-stat.com/
  11. Ellingwood, Justin. "How To Use npm to Manage Node.js Packages on a Linux Server". DigitalOcean. Retrieved 22 October 2016.
  12. "npm-install". docs.npmjs. Retrieved 22 October 2016.
  13. "semver". docs.npmjs. Retrieved 22 October 2016.
  14. "npm-version". docs.npm. Retrieved 29 October 2016.

External links


This article is issued from Wikipedia - version of the 11/30/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.