Reproducible Node Builds With npm ci

1 Year Subscription

Less famous than its sibling, npm install, with npm clean-install (npm ci for short), your CI/CD process becomes more robust. Here’s how to use it.

What Is npm?

Every developer who has worked with anything related to the web has used or heard about Node Package Manager: npm. npm is a command-line utility that ships with Node.js. Its primary function is to install JavaScript modules from the Node official repository.

The typical install invocation is:

$ npm install -s MODULE_NAME

This does a number of things:

  1. Searches for the module by name.
  2. Downloads and installs the module and its dependencies.
  3. Updates (or creates) package-lock.json. This file is called the lockfile, and it lists the URL and checksum of every module installed.
  4. Adds the module name and version to package.json. This file is known as the manifest.

The key to reproducibility lies in the lockfile, package-lock.json. The next time we run npm install, the package manager will compare it with the…


Continue reading on source link

Leave a Comment

Your email address will not be published. Required fields are marked *

39 − 32 =