What is pacote?
Pacote is a Node.js library that provides a set of utilities for fetching and extracting npm packages. It is designed to handle various types of package sources, including the npm registry, tarballs, git repositories, and local directories. Pacote is often used internally by npm and other tools to manage package dependencies.
What are pacote's main functionalities?
Fetch Package Metadata
This feature allows you to fetch the metadata of a package from the npm registry. The code sample demonstrates how to fetch and log the metadata for the 'lodash' package.
const pacote = require('pacote');
async function fetchMetadata(packageName) {
const manifest = await pacote.manifest(packageName);
console.log(manifest);
}
fetchMetadata('lodash');
Extract Package Tarball
This feature allows you to fetch and extract the tarball of a package. The code sample demonstrates how to fetch the tarball for the 'lodash' package and save it to a file named 'lodash.tgz'.
const pacote = require('pacote');
const fs = require('fs');
async function extractTarball(packageName, destination) {
const tarballStream = await pacote.tarball.stream(packageName);
tarballStream.pipe(fs.createWriteStream(destination));
}
extractTarball('lodash', './lodash.tgz');
Fetch Package from Git Repository
This feature allows you to fetch a package directly from a git repository. The code sample demonstrates how to fetch and log the metadata for the 'lodash' package from its GitHub repository.
const pacote = require('pacote');
async function fetchFromGit(repoUrl) {
const manifest = await pacote.manifest(repoUrl);
console.log(manifest);
}
fetchFromGit('https://github.com/lodash/lodash.git');
Other packages similar to pacote
npm
The npm package itself provides functionalities for managing npm packages, including installing, updating, and removing packages. While npm is a full-fledged package manager, pacote focuses specifically on fetching and extracting packages.
yarn
Yarn is another package manager for JavaScript that offers similar functionalities to npm, including package fetching and dependency management. Yarn also provides a more deterministic dependency resolution compared to npm.
pnpm
pnpm is a fast, disk space-efficient package manager. It uses a content-addressable file system to store all files from all module directories on a disk. While pnpm focuses on efficient package management, pacote is more specialized in fetching and extracting packages.
pacote
NOTE: this package is still under heavy development. Please don't use it yet
pacote
is a Node.js library for downloading
npm-compatible packages. It supports all package specifier
syntax that npm install
and its ilk support. It transparently caches anything
needed to reduce excess operations, using cacache
.
Install
$ npm install --save pacote
Table of Contents
Example
const pacote = require('pacote')
pacote.manifest('pacote@^1', function (err, pkg) {
console.log('package.json from github: ', pkg)
})
pacote.extract('http://hi.com/pkg.tgz', 'deadbeef', './-here', function (err) {
console.log('if `deadbeef` is present in the cache, network is skipped')
console.log('tarball contents extracted to ./here')
})
Features
- simple interface to common package-related actions.
- supports all package types.
- fault-tolerant, fast, content-addressable cache.
- authentication support (private git, private npm registries, etc)
- npm-compatible for all relevant operations
- github, gitlab, and bitbucket-aware
- version/tag aware when fetching from git repositories.
- caches git repositories
Guide
Introduction
API
> pacote.manifest(spec, [opts], cb)
Fetches the manifest for a package, aka package.json
.
Note that depending on the spec type, some additional fields might be present.
For example, packages from registry.npmjs.org
have additional metadata
appended by the registry.
Manifests returned will additionally include the npm-shrinkwrap.json
associated with the published package, if any.
Example
pacote.manifest('pacote@1.0.0', function (err, pkgJson) {
})
Extracts package data identified by <spec>
into a directory named
<destination>
, which will be created if it does not already exist.
If opts.digest
is provided and the data it identifies is present in the cache,
extract
will bypass most of its operations and go straight to extracting the
tarball.
Example
pacote.extract('pacote@1.0.0', './woot', {
digest: 'deadbeef'
}, function (err) {
})
> options
opts.digest
If provided, pacote will confirm that the relevant shasum
for each operation's
results matches the given digest. The call will return EBADCHECKSUM
if the
check fails.
Additionally, pacote.extract
will check the cache before performing any other
operations.
opts.cache
opts.cacheUid
/opts.cacheGid
opts.uid
/opts.gid
opts.scope
opts.registry
opts.@somescope:registry
opts.auth
opts.log
Default: silentNpmLog
An npmlog
-compatible logger. Will be used to log
various events at the levels specified by npmlog
.