npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

dependency-relocator

v0.1.3

Published

Copy production NPM dependencies to a custom location

Downloads

7

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

rodneydraaismarodneydraaisma

Keywords

dependencyNPMproductionhosted

Readme

dependencyRelocator

A small npm post install script that relocates npm production dependencies

Introduction

NPM and its problems

These days, more and more JavaScript dependencies rely on NPM as their package manager. This is in general a good thing because instead of you having to re-invent a package manager which you would have to write, test and maintain, there already is one out there that gets tested by millions of developers every day and which has a lot of eyes on it.

NPM has a few problems however that are more prominent when hosting a website.

One of them is the "dumping everything in node_modules" problem. When you are developing you might amass a whole slew of developer only dependencies as well as production dependencies which all live under the node_modules directory. This directory also contains all your dependencies of your dependencies etc. You don't want to host all your dev dependencies online and it also might be cumbersome for security audits etc if you cannot easily figure out what is being hosted and what is not. NPM was never meant to be used for websites in the first place, but since it is being used now, we will have to live with it.

Besides the slew of unneeded hosted (dev)dependencies, there is also the risk of non repeatable releases when relying on a package manager to provide you with all you production dependencies. It would be safer to have everything required for your production, checked in into github (including the third_party dependencies brought in by npm install). NPM has introduced package-lock.json to alleviate this problem somewhat, by ensuring that you know which versions of dependencies were exactly used, but you are still relying on NPM to get those versions.

Solution

For the reasons mentioned above I usually create a third_party folder under my src directory, which holds all production third party dependencies, like lodash, webcomponent polyfills etc. This third_party directory gets added to git to make sure we have total control of the versions of the third party libraries that we use. It also makes it easier to keep track of what gets hosted, what needs to be audited etc and it prevents us from relative path problems when accessing the third_party libraries.

I still want to use NPM however to add and/or update the third party libraries when needed. Enter the npmHostedDependencyRelocator post install script.

npmHostedDependencyRelocator

This script can be run as a post install script for npm install and will copy any dependency listed under the dependencies section of the package.json file, to your own desired location. It will also recursively go into the package.json files of those dependencies and copy all its dependencies. The end result is that all production dependencies listed in the package.json file end up in your preferred folder instead which you can then include instead of node_modules.

installation

npm install dependency-relocator --save-dev

usage

Copy the script into the same location as your project's package.json file. Modify you package.json file to add a postinstall step that calls the script. e.g.

{
  "scripts": {
    "postinstall": "node ./node_modules/dependency-relocator/dependency-relocator.js ./src/my-dependencies"
  },
  "devDependencies": {
    "babel-minify": "^0.4.3",
    "babel-preset-minify": "^0.4.3",
    "eslint": "^5.0.1",
    "eslint-plugin-jasmine": "^2.10.1",
    "fs-extra": "^6.0.1",
    "http-server": "^0.11.1",
    "jasmine": "^3.1.0",
    "karma": "^2.0.4",
    "karma-chrome-launcher": "^2.2.0",
    "karma-firefox-launcher": "^1.1.0",
    "karma-jasmine": "^1.1.2",
    "karma-jasmine-es6": "0.0.3",
    "karma-jasmine-html-reporter": "^1.2.0",
    "karma-spec-reporter": "0.0.32",
    "walk": "^2.3.14"
  },
  "dependencies": {
    "@webcomponents/webcomponentsjs": "^2.0.2",
    "jed": "^1.1.1"
  }
}

The script has one optional parameter that specifies the target location. If this is not specified it will default to ./src/third_party Once you have modified your package.json file, you re-run npm install and all the dependencies listed in the dependencies section will be copied to the specified target directory. Note that any old versions or existing directories in the specified target location, will be overwritten. Also note that executing

npm install --save some_library

will not add the dependency to the right location, only executing

npm install

will do that.