Upgrade to Pro — share decks privately, control downloads, hide ads and more …

npm v7 Highlights

Ruy Adorno
October 27, 2020

npm v7 Highlights

Slides from the talk presented at the GitHub Presente! Online Meetup in Oct 27 2020: https://www.meetup.com/GitHub-Presente/events/273595143/

Ruy Adorno

October 27, 2020

More Decks by Ruy Adorno

Other Decks in Programming


  1. • Make sure to get it • Out with Node.js

    15 • Bugs / Feedback? Reach out:
  2. • This presentation takes you through a quick and simple

    demo of a project using npm7 • Let’s go
  3. • npm exec is a new command that brings npx

    to the core cli • In this example we are going to run an Yeoman Generator by installing both the yo runner and generator-node packages and running as a single command
  4. • npm ls now will only show top-level packages by

    default • In order to get the same output as npm6 you can now use the “all” option: npm ls --all
  5. • npm audit got a much more clean and straightforward

    output, it no longer uses tables to display vulnerabilities and vuln count is no longer multiplying every single node in the tree
  6. • Let’s install a version of mkdirp that has a

    known CVE open in the npm security db
  7. • npm install output still let us know about the

    vulnerabilities at the end of an install
  8. • npm audit fix --force will solve the vulnerability by

    updating to semver-major versions which might in turn contain potential breaking changes
  9. • peerDependencies are now installed by default! Let’s run through

    a quick example by installing a dep that has a peer dep to react and see how it gets installed at the end
  10. • workspaces time! • In this example we’re going to

    create a sub package (or a workspace) that we’re later on going to define as a workspace in our package.json, get it properly linked on our npm install and then require it from our app
  11. • ☝ Workspace created, let’s now add it to the

    workspaces property of the top-level package.json file
  12. • One of the very nice things about the UX

    around workspaces is the possibility to require that workspace with the same syntax you would use to require a package downloaded from the registry ⬇
  13. • This initial workspaces support will help unlock many workflows

    to npm users and there’s much more coming to v7.x with new commands to help working with workspaces. ❤