October 13th, 2020 was a Happy release Tuesday for the npm CLI team, which officially released [email protected]
after several months of hard work.
npm is a package manager for JavaScript, and it is the default package manager for Node.js, the asynchronous event-driven JavaScript runtime built on Chrome’s V8 JavaScript engine.
This new release introduced some highly requested features from the npm CLI userbase.
These features includesworkspaces, the ability to automatically install peer dependencies, and some other features which I’ll be highlighting in this article.
To get started with npm v7.0.0
, run npm i -g npm@7
in your terminal.
[email protected]
is still something very new, so it doesn’t break the millions of workflows that use npm, especially in production.
For this reason, npm will not be marked as the latest
; your workflows will not get npm v7.0.0 by default unless you opt-in by running npm install -g npm@7
or install Node.js 15, which came onto the scene recently after the release of [email protected]
.
There are 3 major exciting long-awaited and requested features part of npm 7.
This feature has been requested by the community for a long time. Workspaces are a set of features in the npm CLI that offer support for managing multiple packages within a single top-level, root package. This has always been in existence with both Yarn and Pnpm implementing similar features under that same name. They chose to reuse it for the sake of simplicity to benefit the larger community involved.
There are 2 major implementations or changes required in the npm cli
that you’ll need to put in place to access the feature set that enables better management of nested packages.
You can read more about the npm workspace here.
In the previous version (npm v6
), peer-dependencies were not installed by default with npm. Instead, individual consumers had to install and manage peer dependencies by themselves. Users would be prompted by a warning, which is often misinterpreted as a problem. This would then be reported to package maintainers, who in response sometimes omit the peer dependency, treating it effectively as an optional dependency instead. This did not come with any checks on its version range or validity.
Furthermore, since the npm installer is not peer dependency-aware, it can design a tree which causes problems when peer dependencies are present.
This new release ,(npm v7.0.0
), now makes it easy to automatically install peer dependencies, whereas before developers would need to manually manage and install such dependencies.
According to the npm CLI team, the new peer dependency algorithm ensures that a validly matching peer dependency is found at or above the peer-dependent’s location in the node_modules tree.
This proposed algorithm addresses all the problems associated with peer dependencies in the previous version, making peer dependencies a first-class concept and a requirement for package tree validity.
You can read more about installing peer dependencies here.
The new package-lock format will unlock the ability to do deterministically reproducible builds and includes everything npm will need to fully build the package tree.
The CLI can now also use yarn.lock
as a source of package metadata and resolution guidance.
You can read more here.
Asides from these 3 major new features, there are some breaking changes in this release that developers should know, as we all know that some breaking changes are necessary to improve the overall developer experience.
package.exports
field, making it no longer possible to require()
npm’s internal modules.npx
has been completely rewritten to now make use of npm exec
commandnpm audit
has changed both in the human-readable and --json
output styles. It no longer uses tables to display vulnerabilities and vuln count is no longer multiplying every single node in the treenpm ls
will now only show top-level packages by defaultIf you want to get the same output as npm6
you can now use the “all” option (i.e npm ls --all
)
You can read more about the breaking changes in npm 7.0.0 here.
You can start using this update today by running:
npm install -g npm@7
As usual, you can confirm the version using either npm -v
or npm --version
.
Note: You can easily switch back to previous versions of npm even after installing the latest version by adding the version number behind “@” (i.e.
npm install -g npm@<version-number>
).
Below is an example illustrating how npm v7
helps us install peer dependencies automatically.
Let’s install a dependency that has peer dependencies to React and see how it gets installed.
First, let’s confirm that we have no dependencies by running npm ls react
in the CLI.
Then we can now move on to install any dependency of our choice so as to see this new feature being implemented.
Another example I would love to point out is that npx
has been rebuilt.
Previously, npx
was its own package, even though it came installed when you installed npm. Now, it’s not a separate package anymore. It’s kind of built into npm (though people don’t really care as long as it works). When you try to install something, it prompts you so as to check that you really want to proceed with the installation.
Before, it would just go ahead to install whatever command you wrote without prompting you.
Funny enough, you might not like the whole idea of it prompting you to answer questions. So, you can make use of the -y
flag.
This is the first version of npm CLI that Is being released, since npm as a company was acquired by GitHub back in April 2020. That’s why the official release information is on the GitHub blog.
In this article, I have explained the new features of npm v7, as well as how you can get started with the newest version of npm.
I encourage everyone interested in these new features to get started with npm v7.
Here is a link to Ruy Adorno giving a talk at a GitHub Presents meetup about npm v7 highlights.
Deploying a Node-based web app or website is the easy part. Making sure your Node instance continues to serve resources to your app is where things get tougher. If you’re interested in ensuring requests to the backend or third-party services are successful, try LogRocket.
LogRocket is like a DVR for web and mobile apps, recording literally everything that happens while a user interacts with your app. Instead of guessing why problems happen, you can aggregate and report on problematic network requests to quickly understand the root cause.
LogRocket instruments your app to record baseline performance timings such as page load time, time to first byte, slow network requests, and also logs Redux, NgRx, and Vuex actions/state. Start monitoring for free.
Hey there, want to help make our blog better?
Join LogRocket’s Content Advisory Board. You’ll help inform the type of content we create and get access to exclusive meetups, social accreditation, and swag.
Sign up nowBuild scalable admin dashboards with Filament and Laravel using Form Builder, Notifications, and Actions for clean, interactive panels.
Break down the parts of a URL and explore APIs for working with them in JavaScript, parsing them, building query strings, checking their validity, etc.
In this guide, explore lazy loading and error loading as two techniques for fetching data in React apps.
Deno is a popular JavaScript runtime, and it recently launched version 2.0 with several new features, bug fixes, and improvements […]
2 Replies to "What’s new in npm v7"
There is currently one minor update, so the latest version is 7.1.2.
If you are using nvm for multiple version use it to install current node version then update npm with –force flag.
Does that mean that it is now possible to use angular 7 libraries in angular 11 applications ?