Software Engineering Stack Exchange
Software Engineering Stack Exchange

Questions tagged [npm]

26 questions
15
votes
2 answers

Managing private NPM packages and CI/CD

At work, we have an application that is run directly on dev machines, but deployed in Docker swarms (a QA swarm and production swarm). The code and CI/CD pipelines are all in GitLab CE. It uses several private, internal NPM packages. We refer to…
Nick
  • 731
  • 4
  • 11
9
votes
2 answers

A good Node.js workflow for keeping packages up-to-date?

I've recently started developing a project in Node.js. Of course, right now the packages I'm using are pretty up-to-date as I'm starting afresh and using the latest version, but there's a pretty high version turnover rate for most Node.js packages…
Jez
  • 1,308
  • 2
  • 10
  • 19
6
votes
1 answer

Should published npm packages target ES5 syntax?

A bit of background: I've been using Webpack with babel-loader for a while and overall the experience has been hugely positive. Yesterday, I published an npm package of my own (to a private registry), and installed it into my "main" project that…
JLRishe
  • 680
  • 5
  • 9
4
votes
1 answer

Publishing versions out of order

Does npm allow you to publish earlier versions of a package? The only documentation I could find was on npm’s site: [npm-publish] Fails if the package name and version combination already exists in the specified registry. Once a package is…
chharvey
  • 264
  • 2
  • 13
3
votes
3 answers

How is a reproducible build guaranteed with version ranges in NPM?

I know with NPM caret, tilde and some logical operators can be used to specify version ranges. This post explains a bit on how this works. The problem now is I find it hard to reconcile the use of version ranges with the idea of having reproducible…
Finlay Weber
  • 171
  • 6
3
votes
2 answers

Adding library as dependency only to use one function

Few months ago I started working in a team that develops software using Node.js. Quite often we encounter the problem that has been already solved by someone else and the solution is already available in npm registry. Some examples of these problems…
kukis
  • 1,352
  • 2
  • 10
  • 11
3
votes
2 answers

What's a good way to deprecate your NPM modules?

One of my NPM modules is, frankly, pretty lame, hasn't been worked on in years, has no watchers, no stars, and only ~50 downloads per month. I'm going to abandon it, and eventually delete it so it doesn't clutter up my github page. Just in case…
user949300
  • 8,679
  • 2
  • 26
  • 35
2
votes
3 answers

How do you reduce security risks when using NPM packages in commercial Web development?

This is a question for software engineers who are tasked with managing the development cycle for a Web application using NPM packages for deployment on a customer's Intranet or the Internet. This is not about what could theoretically be done…
J.R.
  • 95
  • 5
2
votes
3 answers

Should a process be responsible for scheduling itself?

I need to create a very small service which will programmatically make a database insertion once a day. As our stack primarily uses Node.js, we’re going to write a JS script responsible just for making the insertion and then ending execution. We…
user3781737
  • 129
  • 2
2
votes
2 answers

What pattern lets each of multiple "voters" decide on a central status?

Imagine there's a boolean status variable that is either running or stopped. This variable is running by default and comes together with a deactivator function. When a client calls the deactivator function, the status changes to stopped. Calling the…
bebbi
  • 361
  • 3
  • 8
2
votes
1 answer

continuous deployment of web application built with multiple packages

Our react web application is broken down to multiple components. Some of these components are part of the same git mono repo and some live in a different repo. Now, to implement a bug fix we have to update the changes in one repo, release a version…
NM Roku
  • 29
  • 1
2
votes
1 answer

Automatically update and test npm dependencies

I would like to automate the following sequence of events; A new version of Angular is released on Github 'Something' triggers causing all our angular applications to update their npm dependencies for angular to the latest The applications build,…
Jags
  • 129
  • 3
2
votes
3 answers

Store Nuget\NPM packages in VCS with source or not?

Is it good practice to store Nuget or NPM (or other) packages in the source control with the source, or to keep them in some other place? My gut says they belong with the source, however a package will probably version less often then the source,…
BanksySan
  • 714
  • 2
  • 6
  • 15
1
vote
1 answer

What are the benefits of keeping npm packages up-to-date?

The company I work for is maintaining and developing a web application that uses many Node.js packages. A lot of these packages are really outdated. I can intuitively understand that it is good to keep packages updated but I was looking for concrete…
Akaisteph7
  • 137
  • 3
1
vote
0 answers

Peer dependencies vs. (re-)exporting dependencies in abstract hierarchy (framework)

Say I have a module storage-abstract, which contains abstract logic (framework) for storing key/values. I also have some (arbitrarily many) implementations of this abstraction, each in a separate module, like storage-files, storage-db, storage-cloud…
Remirror
  • 129
  • 3
1
2