What’s new in npm v7

October 13th, 2020 was a Happy release Tuesday for the npm CLI team, which officially released [email protected] after several months of hard work.

npm is a package manager for JavaScript, and it is the default package manager for Node.js, the asynchronous event-driven JavaScript runtime built on Chrome’s V8 JavaScript engine.

This new release introduced some highly requested features from the npm CLI userbase.

These features includesworkspaces, the ability to automatically install peer dependencies, and some other features which I’ll be highlighting in this article.

To get started with npm v7.0.0, run npm i -g npm@7 in your terminal.

[email protected] is still something very new, so it doesn’t break the millions of workflows that use npm, especially in production.

For this reason, npm will not be marked as the latest; your workflows will not get npm v7.0.0 by default unless you opt-in by running npm install -g npm@7 or install Node.js 15, which came onto the scene recently after the release of [email protected].

What’s new?

There are 3 major exciting long-awaited and requested features part of npm 7.

Workspaces

This feature has been requested by the community for a long time. Workspaces are a set of features in the npm CLI that offer support for managing multiple packages within a single top-level, root package. This has always been in existence with both Yarn and Pnpm implementing similar features under that same name. They chose to reuse it for the sake of simplicity to benefit the larger community involved.

There are 2 major implementations or changes required in the npm cli that you’ll need to put in place to access the feature set that enables better management of nested packages.

• Make the npm cli workspace-aware.
• In an npm workspaces setup, users expect to be able to install all nested packages and perform the associated lifecycle scripts from the top-level workspace. It should also be aware of workspaces that have a dependency on one another and symlink(A symbolic link between files) them appropriately.

You can read more about the npm workspace here.

Auto-installing peer dependencies

In the previous version (npm v6), peer-dependencies were not installed by default with npm. Instead, individual consumers had to install and manage peer dependencies by themselves. Users would be prompted by a warning, which is often misinterpreted as a problem. This would then be reported to package maintainers, who in response sometimes omit the peer dependency, treating it effectively as an optional dependency instead. This did not come with any checks on its version range or validity.

Furthermore, since the npm installer is not peer dependency-aware, it can design a tree which causes problems when peer dependencies are present.

---

Over 200k developers use LogRocket to create better digital experiences

Learn more →

---

This new release ,(npm v7.0.0), now makes it easy to automatically install peer dependencies, whereas before developers would need to manually manage and install such dependencies.

According to the npm CLI team, the new peer dependency algorithm ensures that a validly matching peer dependency is found at or above the peer-dependent’s location in the node_modules tree.

This proposed algorithm addresses all the problems associated with peer dependencies in the previous version, making peer dependencies a first-class concept and a requirement for package tree validity.

You can read more about installing peer dependencies here.

Package-lock v2 and support for yarn.lock

The new package-lock format will unlock the ability to do deterministically reproducible builds and includes everything npm will need to fully build the package tree.

The CLI can now also use yarn.lock as a source of package metadata and resolution guidance.

You can read more here.

Breaking changes in npm 7.0.0

Asides from these 3 major new features, there are some breaking changes in this release that developers should know, as we all know that some breaking changes are necessary to improve the overall developer experience.

•  The ability to automatically install peer dependencies has the potential to break certain workflows
• npm now makes use of package.exports field, making it no longer possible to require() npm’s internal modules.
• npx has been completely rewritten to now make use of npm exec command
• The output of npm audit has changed both in the human-readable and --json output styles. It no longer uses tables to display vulnerabilities and vuln count is no longer multiplying every single node in the tree
• npm ls will now only show top-level packages by default

If you want to get the same output as npm6 you can now use the “all” option (i.e npm ls --all)

You can read more about the breaking changes in npm 7.0.0 here.

Get the update now

You can start using this update today by running:

npm install -g npm@7

As usual, you can confirm the version using either npm -v or npm --version.

Note: You can easily switch back to previous versions of npm even after installing the latest version by adding the version number behind “@” (i.e. npm install -g npm@<version-number>).

Below is an example illustrating how npm v7 helps us install peer dependencies automatically.

Let’s install a dependency that has peer dependencies to React and see how it gets installed.

First, let’s confirm that we have no dependencies by running npm ls react in the CLI.

Then we can now move on to install any dependency of our choice so as to see this new feature being implemented.

Another example I would love to point out is that npx has been rebuilt.

Previously, npx was its own package, even though it came installed when you installed npm. Now, it’s not a separate package anymore. It’s kind of built into npm (though people don’t really care as long as it works). When you try to install something, it prompts you so as to check that you really want to proceed with the installation.

Before, it would just go ahead to install whatever command you wrote without prompting you.

Funny enough, you might not like the whole idea of it prompting you to answer questions. So, you can make use of the -y flag.

Conclusion

This is the first version of npm CLI that Is being released, since npm as a company was acquired by GitHub back in April 2020. That’s why the official release information is on the GitHub blog.

In this article, I have explained the new features of npm v7, as well as how you can get started with the newest version of npm.

I encourage everyone interested in these new features to get started with npm v7.

Useful resources

Here is a link to Ruy Adorno giving a talk at a GitHub Presents meetup about npm v7 highlights.

200s only Monitor failed and slow network requests in production

Deploying a Node-based web app or website is the easy part. Making sure your Node instance continues to serve resources to your app is where things get tougher. If you’re interested in ensuring requests to the backend or third-party services are successful, try LogRocket.

LogRocket is like a DVR for web and mobile apps, recording literally everything that happens while a user interacts with your app. Instead of guessing why problems happen, you can aggregate and report on problematic network requests to quickly understand the root cause.

LogRocket instruments your app to record baseline performance timings such as page load time, time to first byte, slow network requests, and also logs Redux, NgRx, and Vuex actions/state. Start monitoring for free.