From the Consuming package directory, link the Dependency package:
npx link <dependency-package-path>
This creates a symbolic link inside the node_modules of Consuming package, referencing the Dependency package.
🛡️ Secure linking
Unlike npm link, it doesn't install the Dependency package globally or re-install project dependencies.
Publish mode
Using symbolic links may not replicate the exact environment you get from a standard npm install. This discrepancy primarily arises from symlinked packages retaining their development node_modules directory. This can lead to issues, especially when multiple packages depend on the same library.
Here's an example
In a production environment, npm install detects common dependencies and installs only one instance of a shared dependency. However, when there's a symbolic link to the development directory of a dependency, separate copies of those dependencies are resolved from the development node_modules.
Let's say there's an App A with a dependency on Package B, and they both depend on Library C:
Production environment
npm install detects that both App A and Package B depends on Library C, and only installs one copy of Library C for them to share.
Symbolic link environment
App A has its copy of Library C, and Package B also has its development copy of Library C—possibly with different versions. Consequently, when you run the application, it will load two different versions of Library C, leading to unexpected outcomes.
Publish mode helps replicate the production environment in your development setup.
Setup instructions
In the Dependency package, run npm pack to create a tarball:
cd dependency-package-path
npm pack
This generates a tarball (.tgz) file in the current directory. Installing from this simulates the conditions of a published package without actually publishing it.
Tip: You can skip this step if this dependency is already installed from npm and there are no changes to the dependency's package.json
In the Consuming package
Install the Dependency tarball from Step 1
npm install --no-save <dependency-tarball-path>
This sets up the same node_modules tree used in a production environment.
Link the Dependency package
npx link publish <dependency-package-path>
This creates hard links in node_modules/dependency to the specific publish assets of the Dependency package.
Why hard links instead of symbolic links?
Another issue with the symlink approach is that Node.js, and popular bundlers, looks up the node_module directory relative to a module's realpath rather than the import path (symlink path). By using hard links, we can prevent this behavior and ensure that the node_modules directory is resolved using the production tree we set up in Step 2.
Start developing!
Any changes you make to the Dependency package will be reflected in the node_modules directory of the Consuming package.
Note: If the Dependency package emits new files, you'll need to re-run npx link publish <dependency-package-path> to create new hard links.
Configuration file
Create a link.config.json (or link.config.js) configuration file at the root of the Consuming package to automatically setup links to multiple Dependency packages.
typeLinkConfig = {
// Whether to run `npx link` on dependency packages with link.config.json
deepLink?: boolean// List of dependency packages to link
packages?: string[]
}
Note: It's not recommended to commit this file to source control since this is for local development with local paths.
To link the dependencies defined in link.config.json, run:
npx link
Deep linking
By default, npx link only links packages in the Consuming package. However, there are cases where the Dependency packages also needs linking setup.
Deep linking recursively runs link on every linked dependency that has a link.config.json file.
Enable with the --deep flag or deepLink property in link.config.json.
The npm package link receives a total of 12,623 weekly downloads. As such, link popularity was classified as popular.
We found that link demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.It has 1 open source maintainer collaborating on the project.
Package last updated on 08 May 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.