Joel Olawanle Frontend developer and technical writer.

What’s new in npm v7?

3 min read 1093

NPM logo.

October 13th, 2020 was a Happy release Tuesday for the npm CLI team, which officially released [email protected] after several months of hard work.

npm is a package manager for JavaScript, and it is the default package manager for Node.js, the asynchronous event-driven JavaScript runtime built on Chrome’s V8 JavaScript engine.

This new release introduced some highly requested features from the npm CLI userbase.

These features includesworkspaces, the ability to automatically install peer dependencies, and some other features which I’ll be highlighting in this article.

To get started with npm v7.0.0, run npm i -g [email protected] in your terminal.

[email protected] is still something very new, so it doesn’t break the millions of workflows that use npm, especially in production.

For this reason, npm will not be marked as the latest; your workflows will not get npm v7.0.0 by default unless you opt-in by running npm install -g [email protected] or install Node.js 15, which came onto the scene recently after the release of [email protected].

What’s new?

There are 3 major exciting long-awaited and requested features part of npm 7.

Workspaces

This feature has been requested by the community for a long time. Workspaces are a set of features in the npm CLI that offer support for managing multiple packages within a single top-level, root package. This has always been in existence with both Yarn and Pnpm implementing similar features under that same name. They chose to reuse it for the sake of simplicity to benefit the larger community involved.

There are 2 major implementations or changes required in the npm cli that you’ll need to put in place to access the feature set that enables better management of nested packages.

We made a custom demo for .
No really. Click here to check it out.

  • Make the npm cli workspace-aware.
  • In an npm workspaces setup, users expect to be able to install all nested packages and perform the associated lifecycle scripts from the top-level workspace. It should also be aware of workspaces that have a dependency on one another and symlink(A symbolic link between files) them appropriately.

You can read more about the npm workspace here.

Auto-installing peer dependencies

In the previous version (npm v6), peer-dependencies were not installed by default with npm. Instead, individual consumers had to install and manage peer dependencies by themselves. Users would be prompted by a warning, which is often misinterpreted as a problem. This would then be reported to package maintainers, who in response sometimes omit the peer dependency, treating it effectively as an optional dependency instead. This did not come with any checks on its version range or validity.

Furthermore, since the npm installer is not peer dependency-aware, it can design a tree which causes problems when peer dependencies are present.

This new release ,(npm v7.0.0), now makes it easy to automatically install peer dependencies, whereas before developers would need to manually manage and install such dependencies.

According to the npm CLI team, the new peer dependency algorithm ensures that a validly matching peer dependency is found at or above the peer-dependent’s location in the node_modules tree.

This proposed algorithm addresses all the problems associated with peer dependencies in the previous version, making peer dependencies a first-class concept and a requirement for package tree validity.

You can read more about installing peer dependencies here.

Package-lock v2 and support for yarn.lock

The new package-lock format will unlock the ability to do deterministically reproducible builds and includes everything npm will need to fully build the package tree.

The CLI can now also use yarn.lock as a source of package metadata and resolution guidance.

You can read more here.

Breaking changes in npm 7.0.0

Asides from these 3 major new features, there are some breaking changes in this release that developers should know, as we all know that some breaking changes are necessary to improve the overall developer experience.

  •  The ability to automatically install peer dependencies has the potential to break certain workflows
  • npm now makes use of package.exports field, making it no longer possible to require() npm’s internal modules.
  • npx has been completely rewritten to now make use of npm exec command
  • The output of npm audit has changed both in the human-readable and --json output styles. It no longer uses tables to display vulnerabilities and vuln count is no longer multiplying every single node in the tree
  • npm ls will now only show top-level packages by default

Our project directory.

If you want to get the same output as npm6 you can now use the “all” option (i.e npm ls --all)

You can read more about the breaking changes in npm 7.0.0 here.

Get the update now

You can start using this update today by running:

npm install -g [email protected]

As usual, you can confirm the version using either npm -v or npm --version.

Note: You can easily switch back to previous versions of npm even after installing the latest version by adding the version number behind “@” (i.e. npm install -g [email protected]<version-number>).

Below is an example illustrating how npm v7 helps us install peer dependencies automatically.

Let’s install a dependency that has peer dependencies to React and see how it gets installed.

First, let’s confirm that we have no dependencies by running npm ls react in the CLI.

An example of running an NPM CLI command in our terminal.

Then we can now move on to install any dependency of our choice so as to see this new feature being implemented.

Our method of installing dependencies.

Another example I would love to point out is that npx has been rebuilt.

Previously, npx was its own package, even though it came installed when you installed npm. Now, it’s not a separate package anymore. It’s kind of built into npm (though people don’t really care as long as it works). When you try to install something, it prompts you so as to check that you really want to proceed with the installation.

Our warning prompting us to see if we want to move forward with the installation.

Before, it would just go ahead to install whatever command you wrote without prompting you.

Funny enough, you might not like the whole idea of it prompting you to answer questions. So, you can make use of the -y flag.

The y-flag.

Conclusion

This is the first version of npm CLI that Is being released, since npm as a company was acquired by GitHub back in April 2020. That’s why the official release information is on the GitHub blog.

In this article, I have explained the new features of npm v7, as well as how you can get started with the newest version of npm.

I encourage everyone interested in these new features to get started with npm v7.

Useful resources

Here is a link to Ruy Adorno giving a talk at a GitHub Presents meetup about npm v7 highlights.

: Debug JavaScript errors easier by understanding the context

Debugging code is always a tedious task. But the more you understand your errors the easier it is to fix them.

LogRocket allows you to understand these errors in new and unique ways. Our frontend monitoring solution tracks user engagement with your JavaScript frontends to give you the ability to find out exactly what the user did that led to an error.

LogRocket records console logs, page load times, stacktraces, slow network requests/responses with headers + bodies, browser metadata, and custom logs. Understanding the impact of your JavaScript code will never be easier!

.
Joel Olawanle Frontend developer and technical writer.

2 Replies to “What’s new in npm v7?”

  1. There is currently one minor update, so the latest version is 7.1.2.
    If you are using nvm for multiple version use it to install current node version then update npm with –force flag.

Leave a Reply