As anyone who’s had to operate a legacy node application will tell you, step one is being able to install the damn thing.
Let’s go over some of the steps that we can take in our projects to make installations reproducible for years to come.
If you’re not familiar with the node version manager, I recommend installing it and using on all your applications new and old.
Contributors should be responsible for installing nvm on their systems, similar to git or their preferred IDE.
Once present we can take a snapshot of our current node version like
node --version > .nvmrc. This will create a
.nvmrc file which records the node version the application is known to work with, similar to how
package-lock.json records the exact version of each node dependancy.
Then when working with the application, before running
npm install, we can run
nvm install which will install the correct version of node if we don’t have it already, and ensure that our local environemnt is set up to use that version.
Unfortunately there’s no way to do anything similar with your
npm version, so the best approach I’ve found is to use
nvm install --lastest-npm which will ensure you always have the latest version.
The standard install command
npm install will try to be smart by only installing the node modules that are missing, and updating your
package-lock.json file for you if it’s out of sync with your
package.json. This is useful as part of regular development, but not when you want to install exactly what worked last time.
npm gives us
npm ci (“clean install”). You can read the documentation for the full picture, but essentially don’t use
npm install unless you’re intending to update the application in some way, and have time for the necessary testing.
Once you’ve gone to the trouble to set this up, ensure you add installtion instructions to your read-me and/or other documents.
nvm install --latest-npm && npm ci