xenial (1) npm-install.1.gz

Provided by: npm_3.5.2-0ubuntu4_all bug

NAME

       npm-install - Install a package

SYNOPSIS

       npm install (with no args, in package dir)
       npm install [<@scope>/]<name>
       npm install [<@scope>/]<name>@<tag>
       npm install [<@scope>/]<name>@<version>
       npm install [<@scope>/]<name>@<version range>
       npm install <tarball file>
       npm install <tarball url>
       npm install <folder>

       alias: npm i
       common options: [-S|--save|-D|--save-dev|-O|--save-optional] [-E|--save-exact] [--dry-run]

DESCRIPTION

       This  command  installs  a  package, and any packages that it depends on. If the package has a shrinkwrap
       file, the installation of dependencies will be driven by that. See npm help shrinkwrap.

       A package is:

       •   a) a folder containing a program described by a npm help 5 package.json file

       •   b) a gzipped tarball containing (a)

       •   c) a url that resolves to (b)

       •   d) a <name>@<version> that is published on the registry (see npm help 7 npm-registry) with (c)

       •   e) a <name>@<tag> that points to (d)

       •   f) a <name> that has a "latest" tag satisfying (e)

       •   g) a <git remote url> that resolves to (a)

       Even if you never publish your package, you can still get a lot of benefits of using npm if you just want
       to write a node program (a), and perhaps if you also want to be able to easily install it elsewhere after
       packing it up into a tarball (b).

       •   npm install (in package directory, no arguments):

           Install the dependencies in the local node_modules folder.

           In global mode (ie, with -g or --global appended to the command), it  installs  the  current  package
           context (ie, the current working directory) as a global package.

           By default, npm install will install all modules listed as dependencies in npm help 5 package.json.

           With the --production flag (or when the NODE_ENV environment variable is set to production), npm will
           not install modules listed in devDependencies.

       •   npm install <folder>:

           Install a package that is sitting in a folder on the filesystem.

       •   npm install <tarball file>:

           Install a package that is sitting on the filesystem. Note: if you just want to link a  dev  directory
           into your npm root, you can do this more easily by using npm link.

           Example:

               npm install ./package.tgz

       •   npm install <tarball url>:

           Fetch  the  tarball url, and then install it. In order to distinguish between this and other options,
           the argument must start with "http://" or "https://"

           Example:

               npm install https://github.com/indexzero/forever/tarball/v0.5.6

       •   npm install [<@scope>/]<name> [-S|--save|-D|--save-dev|-O|--save-optional]:

           Do a <name>@<tag> install, where <tag> is the "tag" config. (See npm help 7 npm-config.)

           In most cases, this will install the latest version of the module published on npm.

           Example:

               npm install sax

       npm install takes 3 exclusive, optional flags which save or update  the  package  version  in  your  main
       package.json:

       •   -S, --save: Package will appear in your dependencies.

       •   -D, --save-dev: Package will appear in your devDependencies.

       •   -O, --save-optional: Package will appear in your optionalDependencies.

       When  using  any  of the above options to save dependencies to your package.json, there is an additional,
       optional flag:

       •   -E, --save-exact: Saved dependencies will be configured with an exact version rather than using npm´s
           default semver range operator.

       Further, if you have an npm-shrinkwrap.json then it will be updated as well.

       <scope>  is  optional.  The  package  will  be downloaded from the registry associated with the specified
       scope. If no registry is associated with the given scope the default registry is assumed. See npm help  7
       npm-scope.

       Note:  if  you  do  not  include  the  @-symbol  on  your scope name, npm will interpret this as a GitHub
       repository instead, see below. Scopes names must also be followed by a slash.

       Examples:

               npm install sax --save
               npm install githubname/reponame
               npm install @myorg/privatepackage
               npm install node-tap --save-dev
               npm install dtrace-provider --save-optional
               npm install readable-stream --save --save-exact

       Note: If there is a file or folder named <name> in the current working directory, then  it  will  try  to
       install that, and only try to fetch the package by name if it is not valid.

       •   npm install [<@scope>/]<name>@<tag>:

           Install the version of the package that is referenced by the specified tag. If the tag does not exist
           in the registry data for that package, then this will fail.

           Example:

               npm install sax@latest
               npm install @myorg/mypackage@latest

       •   npm install [<@scope>/]<name>@<version>:

           Install the specified version of the package. This will fail if the version has not been published to
           the registry.

           Example:

               npm install sax@0.1.1
               npm install @myorg/privatepackage@1.5.0npm install [<@scope>/]<name>@<version range>:

           Install  a  version  of  the  package matching the specified version range. This will follow the same
           rules for resolving dependencies described in npm help 5 package.json.

           Note that most version ranges must be put in quotes so that your shell will  treat  it  as  a  single
           argument.

           Example:

               npm install sax@">=0.1.0 <0.2.0"
               npm install @myorg/privatepackage@">=0.1.0 <0.2.0"

       •   npm install <git remote url>:

           Installs  the package from the hosted git provider, cloning it with git. First it tries via the https
           (git with github) and if that fails, via ssh.

               <protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>[#<commit-ish>]

       <protocol> is one of git, git+ssh, git+http, or git+https. If no <commit-ish> is specified,  then  master
       is used.

       The  following  git environment variables are recognized by npm and will be added to the environment when
       running git:

       •   GIT_ASKPASSGIT_PROXY_COMMANDGIT_SSHGIT_SSH_COMMANDGIT_SSL_CAINFOGIT_SSL_NO_VERIFY

       See the git man page for details.

       Examples:

               npm install git+ssh://git@github.com:npm/npm.git#v1.0.27
               npm install git+https://isaacs@github.com/npm/npm.git
               npm install git://github.com/npm/npm.git#v1.0.27
               GIT_SSH_COMMAND=´ssh -i ~/.ssh/custom_ident´ npm install git+ssh://git@github.com:npm/npm.git

       •   npm install <githubname>/<githubrepo>[#<commit-ish>]:

       •   npm install github:<githubname>/<githubrepo>[#<commit-ish>]:

           Install the package at https://github.com/githubname/githubrepo by attempting to clone it using git.

           If you don´t specify a commit-ish then master will be used.

           Examples:

               npm install mygithubuser/myproject
               npm install github:mygithubuser/myproject

       •   npm install gist:[<githubname>/]<gistID>[#<commit-ish>]:

           Install the package at https://gist.github.com/gistID by attempting to clone it using git. The GitHub
           username  associated  with the gist is optional and will not be saved in package.json if -S or --save
           is used.

           If you don´t specify a commit-ish then master will be used.

           Example:

               npm install gist:101a11beef

       •   npm install bitbucket:<bitbucketname>/<bitbucketrepo>[#<commit-ish>]:

           Install the package at https://bitbucket.org/bitbucketname/bitbucketrepo by attempting  to  clone  it
           using git.

           If you don´t specify a commit-ish then master will be used.

           Example:

               npm install bitbucket:mybitbucketuser/myproject

       •   npm install gitlab:<gitlabname>/<gitlabrepo>[#<commit-ish>]:

           Install the package at https://gitlab.com/gitlabname/gitlabrepo by attempting to clone it using git.

           If you don´t specify a commit-ish then master will be used.

           Example:

               npm install gitlab:mygitlabuser/myproject

       You may combine multiple arguments, and even multiple types of arguments. For example:

           npm install sax@">=0.1.0 <0.2.0" bench supervisor

       The  --tag  argument  will  apply  to  all of the specified install targets. If a tag with the given name
       exists, the tagged version is preferred over newer versions.

       The --dry-run argument will report in the usual way what the install would  have  done  without  actually
       installing anything.

       The -f or --force argument will force npm to fetch remote resources even if a local copy exists on disk.

           npm install sax --force

       The  -g  or --global argument will cause npm to install the package globally rather than locally. See npm
       help 5 npm-folders.

       The --global-style argument will cause npm to install the package into  your  local  node_modules  folder
       with the same layout it uses with the global node_modules folder. Only your direct dependencies will show
       in node_modules and everything they depend on will be  flattened  in  their  node_modules  folders.  This
       obviously will elminate some deduping.

       The  --legacy-bundling  argument will cause npm to install the package such that versions of npm prior to
       1.4, such as the one included with node 0.8, can install  the  package.  This  eliminates  all  automatic
       deduping.

       The --link argument will cause npm to link global installs into the local space in some cases.

       The  --no-bin-links  argument  will prevent npm from creating symlinks for any binaries the package might
       contain.

       The --no-optional argument will prevent optional dependencies from being installed.

       The --no-shrinkwrap argument, which will ignore an available shrinkwrap file  and  use  the  package.json
       instead.

       The  --nodedir=/path/to/node/source  argument will allow npm to find the node source code so that npm can
       compile native modules.

       The  --only={prod[uction]|dev[elopment]}  argument  will  cause  either  only  devDependencies  or   only
       non-devDependencies to be installed regardless of the NODE_ENV.

       See  npm  help  7  npm-config.  Many  of the configuration params have some effect on installation, since
       that´s most of what npm does.

ALGORITHM

       To install a package, npm uses the following algorithm:

           load the existing node_modules tree from disk
           clone the tree
           fetch the package.json and assorted metadata and add it to the clone
           walk the clone and add any missing dependencies
             dependencies will be added as close to the top as is possible
             without breaking any other modules
           compare the original tree with the cloned tree and make a list of
           actions to take to convert one to the other
           execute all of the actions, deepest first
             kinds of actions are install, update, remove and move

       For this package{dep} structure: A{B,C}, B{C}, C{D}, this algorithm produces:

           A
           +-- B
           +-- C
           +-- D

       That is, the dependency from B to C is satisfied by the fact that A already caused C to be installed at a
       higher level. D is still installed at the top level because nothing conflicts with it.

       For A{B,C}, B{C,D@1}, C{D@2}, this algorithm produces:

           A
           +-- B
           +-- C
              `-- D@2
           +-- D@1

       Because B´s D@1 will be installed in the top level, C now has to install D@2 privately for itself.

       See  npm  help  5  folders  for  a  more  detailed description of the specific folder structures that npm
       creates.

   Limitations of npm´s Install Algorithm
       There are some very rare and pathological edge-cases where a cycle can cause npm  to  try  to  install  a
       never-ending tree of packages. Here is the simplest case:

           A -> B -> A´ -> B´ -> A -> B -> A´ -> B´ -> A -> ...

       where  A  is  some  version  of  a  package, and  is a different version of the same package. Because B
       depends on a different version of A than the one that is already in the tree, it must install a  separate
       copy.  The  same  is  true of , which must install . Because  depends on the original version of A,
       which has been overridden, the cycle falls into infinite regress.

       To avoid this situation, npm flat-out refuses  to  install  any  name@version  that  is  already  present
       anywhere  in the tree of package folder ancestors. A more correct, but more complex, solution would be to
       symlink the existing version into the new location. If this ever affects a  real  use-case,  it  will  be
       investigated.

SEE ALSO

       •   npm help 5 folders

       •   npm help update

       •   npm help link

       •   npm help rebuild

       •   npm help 7 scripts

       •   npm help build

       •   npm help config

       •   npm help 7 config

       •   npm help 5 npmrc

       •   npm help 7 registry

       •   npm help tag

       •   npm help uninstall

       •   npm help shrinkwrap

       •   npm help 5 package.json

                                                  December 2015                                   NPM-INSTALL(1)