CLI for installing local packages 🦐 📦
A light wrapper around the technique described in "How to Work with NPM Packages Locally Using .tgz Files"
# Or use npx (see "Usage")
npm install -g shrimport
## npx shrimport LOCAL [DEST]
npx shrimport ./my-pkg /path/to/dest
Installs LOCAL in DEST where:
LOCAL - (required) path to a local package (should be in a publishable / testable state i.e. all desired changes made, build steps run, etc.)DEST - (optional) install destination; path to the package into which LOCAL will be installed. Defaults to process.cwd()If all goes well, no further changes to DEST should be needed to run that module. Concretely, you shouldn't have to make any of the following changes, some or all of which might be required using other, symlink-based techniques for installing local packages e.g. npm link:
node_modulesfile:../local-packageDEST back into LOCAL, as you might have to do with React projects (or other projects that assume only 1 instance of a given library)You might want to incorporate an unpublished package or an unpublished version of a package into a local environment. For example, running integration tests where you maintain both the local package and a project that depends on it; you want to make sure your project keeps working as expected with the package's new version integrated
You likely want your local dependencies to behave exactly like "normal" dependencies i.e. packages specified via semver ranges in the destination package's package.json dependencies. Concretely, this means:
node_modulesdevDependenciesThere are several methods that come close to checking these boxes:
npm linkpackage.json e.g. file:..packagenpm install ../pathWith these approaches, your destination project can require() your local package and might be able to start, but you're likely to eventually (if not immediately) see one or all of the following issues:
since the local package is symlinked, it will be resolved outside node_modules, breaking assumptions often encoded in build tools like webpack e.g. excluding files found in node_modules from certain processing steps, which might error when run on your local package
your local package will use its own dependencies (and likely devDependencies, which often include peerDependencies, given you're working on the project locally) if previously installed, an issue when working with frameworks that assume only 1 copy of the framework exists at runtime e.g. React. That is, both the local package and the destination would install a copy of the framework, triggering a conflict.
if you delete the local package's node_modules to address the prior issue and if the local package specifies peerDependencies, which it requires in code i.e. expects to be resolvable from the project in which it's installed, you'll see module not found errors, as the local package will try to resolve its peers (and any required modules) from within itself, not the destination project (though this issue is potentially solvable by running the destionation via node --preserve symlinks; your local package will be resolved within destination's node_modules, the location specified by the symlink)
The root of all of these issues is that the local package lives outside the destination; node's module resolution (as far as I can tell; woof, dependency management and resolution is hard! :) ) assumes a hierarchical relationship between dependents and dependencies.
shrimport solves these issues by installing your local package in the destination's node_modules as if by running npm install <pkg>
-v, --version output version and exit
-h, --help output usage information and exit
Because shrimport doesn't modify the destination's package.json, a fresh install of the destination project will overwrite your shrimport and will therefore necessitate re-shrimporting
shrimport is a small-scale crustacean. If you're working with an abundance of local packages, tools like yalc or lerna are almost certainly far better fits. Though assume your mileage will vary!
FAQs
🦐 📦 — Install local packages
The npm package shrimport receives a total of 1 weekly downloads. As such, shrimport popularity was classified as not popular.
We found that shrimport demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."