What are your npm tips and tricks?


(Frédéric Harper) #1

I’ve been using npm for years, but to be honest, it was mostly to install packages. I didn’t know all the amazing things the CLI let you do and since I joined npm, I’m discovering new things weekly. I want to write a blog post about those findings, and create a talk around the npm CLI, so I’m looking at you to help me make this content even better. It’s also a way for me to learn new things :D

So, what are your npm tips and tricks? For me, it was npx: I didn’t know it was a thing!


(mackie) #2

For me, it was npm pack --dry-run, which shows which files would be packed when publishing your package to npm. :package:


(Michael Kühnel) #3

Hah, didn’t know this. Thanks for sharing.


(Michael Kühnel) #4

The possibilities of npm scripts :sparkling_heart:


(Frédéric Harper) #5

and this is the reason why I want to create that content :D


(Frédéric Harper) #6

Thanks for sharing @macklinu. AFAIK, I think --dry-run can be run on most commands. @zkat would know!


(Frédéric Harper) #7

Can’t agree more!

Great post, thanks for sharing @mischah!


(Liran Tal) #8

Together with Juan Picado, we compiled a list of 10 npm security best practices - https://snyk.io/blog/ten-npm-security-best-practices/ :slight_smile:

It covers quite a few topics, from lock files, npmignore file usage, run-scripts, 2fa tokens, and more.


(Markus Tacker) #9

I <3 npm ci.

A real productivity win for me was adopting package-lock.json. This speeds up CI runs runs tremendously and also ensures that all team members use the same dependency version.


(Juan Picado) #10

The npm ci should be used with care, npm audit is being ignored and it is not documented on npmjs.


(Frédéric Harper) #11

I think it’s important to highlight this for me as many people don’t even know it’s a thing and why it’s there.


(Frédéric Harper) #12

Interesting, I need to give a closer look at this, thanks for the feedback!


(Steven) #13

You can use “npm run” to list what scripts are available to run in package.json. It’s really nice when you clone a new project and don’t know the name of the build script.


(Frédéric Harper) #14

Oh! I didn’t know about that, thanks @styfle!