When working on a code, there are some tasks that are similar for everyone in every case. String parsing, date formatting, sliders, and many others. The simplest way is to use a ready library that can solve your problem. Sometimes the author of a library or code snippet wants to update their code. Naturally, you should update it too, but what if this library contains other libraries from some other author? Then it gets more complicated. So package managers allow you to control packages and update their history, keep all dependencies in order, and control their versions.
What is a package manager?
A package manager is a program or a system for installing and using packages (programs). In the context of Node.js, package managers allow you to install any package that can be used in your code for your needs in development. In the case of operating systems, the package manager allows users to install programs to use them as always or for development. Any package in the root contains the config file that describes the required packages to use the current one, and other information, like its name, author's contacts, version, etc. Packages create a dependency tree of related packages, so the main package (program) can require other packages to function.
First, you need to install any package, then you can see the result. With the installed package, you will see the dependency tree and the rest of the information about the package you've installed.
$ npm init -y && npm install expressWith npm init -y you'll create a new package with information, then after the && symbols that mean AND operator, npm install express will install the express package from the package registry.
To use npm, Node.js should be installed on your system.
For example, you can use an npm package manager, if you've already installed Node.js. Then initialize your package and install express this package. After installing, open package.json to see the information about the package. It should look something like this:
{
"name": "what-is-package-managers",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [],
"author": "",
"license": "ISC",
"dependencies": {
"express": "^4.18.2"
}
}So this file will contain the package name (what-is-package-managers), its version, and its description. There is also the dependencies object, which contains the list of all the dependencies for your package (in this case, it's express). To see all other dependencies, you can read the package-lock.json file, which contains the full dependencies list for the express package.
Types of package managers
NodeJS has several popular package managers:
npm – a standard JavaScript package manager included in Node.js (Node Package Manager);
Yarn – the second one, developed at Facebook;
PNPM – the new one, faster than others.
Every developer or team decides to use one of them for some reason based on their preference.
To decide which one is best for you and your project, explore the documentation and description of the target manager. The most popular is npm, so there are many guides and information about frequent problems, errors, tasks, and ready-to-use precepts for it.
Package managers allow the developers to come up with a name, description, and version for the current package. Also, it might be good to leave information about the author of the package or documentation.
Find and install
Most packages are stored in a special place on the Internet, a registry. But there isn't just one registry. Npm has its own registry, and GitHub also has one. When you want to install some package, it will be downloaded to your computer from the Internet. So if you have a project that doesn't have any installed packages, and you don't have Internet access, the package manager won't install any package.
With a package manager, you can install a package to your project. You can use npmjs.com and search there for the package you need.
For example, you need to send emails using Node.js. Simply type "mail" into the search section and see the results. There are a lot of packages, which you can sort by popularity (downloading count) and see when the packages were last updated. By these criteria, the best match is nodemailer. Dig into it, and discover all the information about how to install and use it.
With package manager you can safely install, delete, and update packages.
Dependencies
Dependencies are packages required for other packages. If you take a look at the package.json file in the nodemailer repository, you will see a list of its dependencies and their version in the devDependencies section. However, there are only packages that had to be installed to run this package. But any package on the devDependencies list has its dependencies. Package managers create the lock file to store information about all the dependency trees.
Lock-file
Any JavaScript package manager has a lock file. The lock file stores all information about all dependent packages and their versions. You can store the lock file in your repository to recreate the project on another machine as it was at the moment of development. If the lock file is deleted, the package manager will create a new one, to save all the dependencies at the moment. Take a look at the lock file of the React package.
While the lock file locks the versions, this begs the question, "Should I commit the lock file for my repository?" The answer is 'yes' if your repository is an application running on servers and local machines. It will give you control over the package versions from server to server. But if your repository is a library containing tools for anyone, you shouldn't store the lock files. This is not a rule, just a bit of advice. It depends on many other factors, and you need to make decisions depending on the project.
Conclusion
Before package managers, to install some packages you had to manually download the source code archive, then unpack them to your project directory, configure dependencies, and so on. Now, installing packages is a lot easier and quicker. Do you need the HTML template engine in your backend project? No problem, just find it, install it, study the docs on how to use it, and that's it! Anyone can create a package, anyone can download a package, and it's free to use and share your future packages.