Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
By Sarah Gooding - Feb 07, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
npminstall
Advanced tools
npminstall
Let npm install fast and easy.
Use as Cli
Install
$ npm install npminstall --g
Usage
Usage:
npminstall
npminstall <pkg>
npminstall <pkg>@<tag>
npminstall <pkg>@<version>
npminstall <pkg>@<version range>
npminstall <folder>
npminstall <tarball file>
npminstall <tarball url>
npminstall <git:// url>
npminstall <github username>/<github project>
Can specify one or more: npm install ./foo.tgz bar@stable /some/folder
If no argument is supplied, installs dependencies from ./package.json.
Options:
--production: won't install devDependencies
--save, --save-dev, --save-optional: save installed dependencies into package.json
-g, --global: install devDependencies to global directory which specified in '$ npm config get prefix'
-r, --registry: specify custom registry
-c, --china: specify in china, will automatically using chinses npm registry and other binary's mirrors
Use as Lib
Install
$ npm install npminstall --save
Usage
const co = require('co');
const npminstall = require('npminstall');
co(function*() {
yield npminstall({
// install root dir
root: process.cwd(),
// optional packages need to install, default is package.json's dependencies and devDependencies
// pkgs: [
// { name: 'foo', version: '~1.0.0' },
// ],
// install to specific directory, default to root
// targetDir: '/home/admin/.global/lib',
// link bin to specific directory (for global install)
// binDir: '/home/admin/.global/bin',
// registry, default is https://registry.npmjs.org
// registry: 'https://registry.npmjs.org',
// debug: false,
// storeDir: root + '.npminstall',
});
}).catch(function(err) {
console.error(err.stack);
});
Support Features
- global install (
-g, --global) - postinstall script
- support Windows
- node-gyp
- node-pre-gyp
- bin (yo@1.6.0, fsevents@1.0.6)
- scoped package
- bundleDependencies / bundledDependencies (node-pre-gyp@0.6.19, fsevents@1.0.6)
- optionalDependencies (pm2@1.0.0)
- peerDependencies (co-defer@1.0.0, co-mocha@1.1.2, estraverse-fb@1.3.1)
- deprecate message
-
--productionmode - cleanup when install failed
- all types of npm package
- a) a folder containing a program described by a package.json file (
npm install file:eslint-rule) - b) a gzipped tarball containing (a) (
npm install ./rule.tgz) - c) a url that resolves to (b) (
npm install https://github.com/indexzero/forever/tarball/v0.5.6) - d) a @ that is published on the registry with (c)
- e) a @ (see npm-dist-tag) that points to (d)
- f) a that has a "latest" tag satisfying (e)
- g) a that resolves to (a) (
npm install git://github.com/timaschew/cogent#fix-redirects)
- a) a folder containing a program described by a package.json file (
-
preinstall,install,postinstallscripts -
save,save-dev,save-optional
Different with NPM
This project is inspired by pnpm, and has a similar store structure like pnpm. You can read pnpm vs npm to see the different with npm.
Limitations
- You can't install from shrinkwrap(and don't want to support for now).
- Peer dependencies are a little trickier to deal with(see rule 1 below).
- You can't publish npm modules with bundleDependencies managed by npminstall(because of rule 2 below).
npminstallwill collect all postinstall scripts, and execute them until all dependencies installed.- If last install failed, better to cleanup node_modules directory before retry.
node_modules directory
Two rules:
- The latest version of modules will link at
options.storeDir'snode_modules. - Module's dependencies will link at module's
node_modules.
e.g.:
- app:
{ "dependencies": { "a": "1.0.0" } }(root) - a@1.0.0:
{ "dependencies": { "c": "2.0.0", "b": "1.0.0" } } - b@1.0.0:
{ "dependencies": { "c": "1.0.0" } } - c@1.0.0 & c@2.0.0:
{ "dependencies": { } }
app/
└── node_modules/
├── .npminstall/
│ ├── debug/
│ │ └── 2.2.0/
│ │ └── debug/
│ │ └── node_modules/
│ │ └── ms -> ../../../../ms/0.7.1/ms
│ ├── ms/
│ │ ├── 0.5.1/
│ │ │ └── ms/
│ │ └── 0.7.1/
│ │ └── ms/
│ └── node_modules/
│ └── ms -> ../ms/0.7.1/ms
├── debug -> .npminstall/debug/2.2.0/debug
└── ms -> .npminstall/ms/0.5.1/ms
debug@1.0.0 is root package, won't create link at app/node_modules/.npminstall/node_modules/debug@.
Benchmarks
- npminstall@1.2.0
- pnpm@0.18.0
- npm@2.14.12
| cli | real | user | sys |
|---|---|---|---|
| npminstall | 0m10.908s | 0m8.733s | 0m4.282s |
| npminstall with cache | 0m8.815s | 0m7.492s | 0m3.644s |
| npminstall --no-cache | 0m10.279s | 0m8.255s | 0m3.932s |
| pnpm | 0m13.509s | 0m11.650s | 0m4.443s |
| npm | 0m28.171s | 0m26.085s | 0m8.219s |
| npm with cache | 0m20.939s | 0m19.415s | 0m6.302s |
License
Keywords
FAQs
Make npm install fast and handy.
The npm package npminstall receives a total of 2,466 weekly downloads. As such, npminstall popularity was classified as popular.
We found that npminstall demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Package last updated on 02 Mar 2016
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not Optional
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
By Sarah Gooding - Feb 06, 2025
Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025