October 13th, 2020 was a Happy release Tuesday for the npm CLI team, which officially released [email protected] after several months of hard work.
npm is a package manager for JavaScript, and it is the default package manager for Node.js, the asynchronous event-driven JavaScript runtime built on Chrome’s V8 JavaScript engine.
This new release introduced some highly requested features from the npm CLI userbase.
These features includesworkspaces, the ability to automatically install peer dependencies, and some other features which I’ll be highlighting in this article.
To get started with npm v7.0.0, run npm i -g npm@7 in your terminal.
[email protected] is still something very new, so it doesn’t break the millions of workflows that use npm, especially in production.
For this reason, npm will not be marked as the latest; your workflows will not get npm v7.0.0 by default unless you opt-in by running npm install -g npm@7 or install Node.js 15, which came onto the scene recently after the release of [email protected].
The Replay is a weekly newsletter for dev and engineering leaders.
Delivered once a week, it's your curated guide to the most important conversations around frontend dev, emerging AI tools, and the state of modern software.
There are 3 major exciting long-awaited and requested features part of npm 7.
This feature has been requested by the community for a long time. Workspaces are a set of features in the npm CLI that offer support for managing multiple packages within a single top-level, root package. This has always been in existence with both Yarn and Pnpm implementing similar features under that same name. They chose to reuse it for the sake of simplicity to benefit the larger community involved.
There are 2 major implementations or changes required in the npm cli that you’ll need to put in place to access the feature set that enables better management of nested packages.
You can read more about the npm workspace here.
In the previous version (npm v6), peer-dependencies were not installed by default with npm. Instead, individual consumers had to install and manage peer dependencies by themselves. Users would be prompted by a warning, which is often misinterpreted as a problem. This would then be reported to package maintainers, who in response sometimes omit the peer dependency, treating it effectively as an optional dependency instead. This did not come with any checks on its version range or validity.
Furthermore, since the npm installer is not peer dependency-aware, it can design a tree which causes problems when peer dependencies are present.
This new release ,(npm v7.0.0), now makes it easy to automatically install peer dependencies, whereas before developers would need to manually manage and install such dependencies.
According to the npm CLI team, the new peer dependency algorithm ensures that a validly matching peer dependency is found at or above the peer-dependent’s location in the node_modules tree.
This proposed algorithm addresses all the problems associated with peer dependencies in the previous version, making peer dependencies a first-class concept and a requirement for package tree validity.
You can read more about installing peer dependencies here.
The new package-lock format will unlock the ability to do deterministically reproducible builds and includes everything npm will need to fully build the package tree.
The CLI can now also use yarn.lock as a source of package metadata and resolution guidance.
You can read more here.
Asides from these 3 major new features, there are some breaking changes in this release that developers should know, as we all know that some breaking changes are necessary to improve the overall developer experience.
Learn more →package.exports field, making it no longer possible to require() npm’s internal modules.npx has been completely rewritten to now make use of npm exec commandnpm audit has changed both in the human-readable and --json output styles. It no longer uses tables to display vulnerabilities and vuln count is no longer multiplying every single node in the treenpm ls will now only show top-level packages by default
If you want to get the same output as npm6 you can now use the “all” option (i.e npm ls --all)
You can read more about the breaking changes in npm 7.0.0 here.
You can start using this update today by running:
npm install -g npm@7
As usual, you can confirm the version using either npm -v or npm --version.
Note: You can easily switch back to previous versions of npm even after installing the latest version by adding the version number behind “@” (i.e.
npm install -g npm@<version-number>).
Below is an example illustrating how npm v7 helps us install peer dependencies automatically.
Let’s install a dependency that has peer dependencies to React and see how it gets installed.
First, let’s confirm that we have no dependencies by running npm ls react in the CLI.
Then we can now move on to install any dependency of our choice so as to see this new feature being implemented.
Another example I would love to point out is that npx has been rebuilt.
Previously, npx was its own package, even though it came installed when you installed npm. Now, it’s not a separate package anymore. It’s kind of built into npm (though people don’t really care as long as it works). When you try to install something, it prompts you so as to check that you really want to proceed with the installation.
Before, it would just go ahead to install whatever command you wrote without prompting you.
Funny enough, you might not like the whole idea of it prompting you to answer questions. So, you can make use of the -y flag.
This is the first version of npm CLI that Is being released, since npm as a company was acquired by GitHub back in April 2020. That’s why the official release information is on the GitHub blog.
In this article, I have explained the new features of npm v7, as well as how you can get started with the newest version of npm.
I encourage everyone interested in these new features to get started with npm v7.
Here is a link to Ruy Adorno giving a talk at a GitHub Presents meetup about npm v7 highlights.
Monitor failed and slow network requests in productionDeploying a Node-based web app or website is the easy part. Making sure your Node instance continues to serve resources to your app is where things get tougher. If you’re interested in ensuring requests to the backend or third-party services are successful, try LogRocket.
LogRocket lets you replay user sessions, eliminating guesswork around why bugs happen by showing exactly what users experienced. It captures console logs, errors, network requests, and pixel-perfect DOM recordings — compatible with all frameworks.
LogRocket's Galileo AI watches sessions for you, instantly identifying and explaining user struggles with automated monitoring of your entire product experience.
LogRocket instruments your app to record baseline performance timings such as page load time, time to first byte, slow network requests, and also logs Redux, NgRx, and Vuex actions/state. Start monitoring for free.
useEffectEventJack Herrington breaks down how React’s new useEffectEvent Hook stabilizes behavior, simplifies timers, and enables predictable abstractions.
AG-UI is an event-driven protocol for building real AI apps. Learn how to use it with streaming, tool calls, and reusable agent logic.
Frontend frameworks are often chosen by default, not necessity. This article examines when native web APIs deliver better outcomes for users and long-term maintenance.
Valdi skips the JavaScript runtime by compiling TypeScript to native views. Learn how it compares to React Native’s new architecture and when the trade-off makes sense.
Would you be interested in joining LogRocket's developer community?
Join LogRocket’s Content Advisory Board. You’ll help inform the type of content we create and get access to exclusive meetups, social accreditation, and swag.
Sign up now
2 Replies to "What’s new in npm v7"
There is currently one minor update, so the latest version is 7.1.2.
If you are using nvm for multiple version use it to install current node version then update npm with –force flag.
Does that mean that it is now possible to use angular 7 libraries in angular 11 applications ?