Comments (7)
Please fill out Steps To Reproduce
otherwise we have no way of reproducing this.
from cli.
I am using the latest npm
You are using npm 9 and node 18. Neither of those are the latest.
from cli.
There's a few things to note:
- npm should come with node, and not be installed with apt (node also should not be installed with apt)
- you're installing from a URL, instead of from a registry - for this one, you want
npm i hallmark
npm i
installs something locally. local things are not available on your PATH. if you want that, usenpm i -g
- but global installs are an antipattern, and instead, trynpx hallmark
from cli.
- npm should come with node, and not be installed with apt (node also should not be installed with apt)
As upstream you really recommend not to install from the GNU/Linux distros package repository? This confuses me. Then why doing the Debian maintainers investing resources to bring your package into their repo. Installing from upstream (if available via apt) is not the way it goes at Debian.
- you're installing from a URL, instead of from a registry - for this one, you want
npm i hallmark
That is correct and on purpose. Not using 3rd party repositories for security reasons. I do use upstream (if not in Debian) or the Debian repo.
npm i
installs something locally. local things are not available on your PATH. if you want that, usenpm i -g
- but global installs are an antipattern, and instead, trynpx hallmark
Isn't there an "entry point" for npm packages like python (pip(x)) create them? npx is the npm-shell/-interpreter like python3?
from cli.
I understand the way Debian wants to do things; in practice, it doesn't work out very well. Software should only be installed from distribution mechanisms endorsed by the software's maintainers. Virtually no upstreams in the JS ecosystem will recommend, support, or endorse installing from anything but the npm registry.
If you're using github, you're getting much less security than using the npm registry.
npx $package
will install the package in a temp dir, and then invoke its binary if it contains one.
from cli.
First problem is that this command did create a new folder (node_modules) and two files (package-lock.json and package.json) direct in my current working folder. This is behavior I do not expect from a package manager. From my users perspective this is a bug
Based on this it seems this is not a bug, but a general issue w/ your expectations of npm versus reality. npm install
in an empty directory will create a manifest and lockfile by default. This is the package.json and package-lock.json. You told it to install that package in the local folder, not globally.
As Jordan suggested, npx
may be what you need, or you can install the package globally with npm i -g
You are highly encouraged to install the package from the npm registry too and not from a git repo.
Closing this as it does not seem there's a bug. If you would like more general discussion around npm and what it does you can check out https://github.com/npm/feedback/discussions
from cli.
The issue is less about the behavior of npm but about its verbosity.
If you modify somehow the current working dir you should warn the users about it. Not every user expect it.
About Microsoft GitHub / upstream install vs. 3rd party repository install: Do you have evidence about it? Just for learning.
from cli.
Related Issues (20)
- Runtinme Error loading
- [BUG] npm audit consistently not finding any vulnerabilities HOT 6
- [BUG] npm audit stopped audit packages HOT 1
- [BUG] Npm Search is failing on version 10.6.0 - Cannot read properties of undefined (reading 'username') HOT 3
- [BUG NPM] Error when installing npm modules HOT 2
- [BUG] Scoped packages attempted to download from http and not https url as defined in npmrc file HOT 5
- [BUG] `npm.ps1` introduced two regressions
- [BUG] Running `npm ci` doesn't fail when package.json#version has changed HOT 2
- [BUG] `install` and `cache add` disagrees on accept header
- [BUG] Windows npx looking in node_modules/node_modules HOT 3
- Typo in install-clean command HOT 2
- [BUG] npm install failing with ECONNRESET error HOT 4
- [BUG] running npm install without a package.json shouldn't create a package-lock.json if it errors HOT 2
- [BUG] <title>npm EXIT handler never called HOT 1
- [BUG] npm v6.14.xx : 'npm install' generate different node_modules which made my project not responding HOT 1
- [BUG] npx does not respect version range if a compatible version is found inside any package installed globally HOT 7
- [BUG] Npm incorrectly reads parameters in Powershell terminal (Node 20.13.0) HOT 1
- [DOCS] npm removal using make, no Makefile in project directory HOT 5
- [BUG] `npm update` hangs for some dependencies for `npm>=10.4.0`
- [BUG] Invalid package name ".DS_Store" HOT 16
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cli.