The operating system, by default, has its own package managers that allow you to manage a single application environment. Access to trusted repositories, removal, installation - all this is part of the functionality of winget, apt, rpm and the like.
But it is not always possible to find the necessary application package for proxying, traffic tunneling, backup and other tasks with subsystems. For this, there are repositories of interpreters / compilers that allow you to use packages of the entire community.
In this article, we will consider one of these, the npm package manager!
What is NPM and how to install it?
NPM is a NodeJS framework package manager that allows you to manage the application environment for a given interpreter. Let's install and consider the basic functionality, for this you need NodeJS + npm itself. For deb-like systems we will use:
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash
\. "$HOME/.nvm/nvm.sh"
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"
nvm install 22
npm -v
The -s parameter checks the existence of a file at the specified path, and \. is a synonym for source, which will apply these paths to environment variables. For Windows, we can use a proprietary package manager:
winget install Schniz.fnm
fnm install 22
npm -v
When downloading data from third-party resources, it is advisable to check signatures or hashes that can verify that the packages have not been modified during transmission. But since we are downloading from trusted resources, SSL certificates ensure the confidentiality of the transmitted data.
To work with the utility, you can use the syntax of the npm type:
npm -h 
How to find npm packages in the repository?
The search command is used as a base, which allows you to find packages by index in the repo:
npm search nginx 
You can use various maxi and templates for searching if you are not sure about the correctness:
npm search gsocket* 
Alternatively, you can search through the web application, where you can also select packages for installation.
How to install/remove npm packages that we have already found?
We can use all the same intuitive commands:
npm install ngx 
After which it will be loaded into the library with instructions, which can be called directly from the command line. And with the second command we simply remove packages:
npm remove ngx -g To view information about what was previously installed and removed, we can use the view command:
npm view ngx 
Where we can view its hashes and dependencies, for example, to check if it contains vulnerable libraries. Npm itself also detects vulnerabilities by version:
npm audit 
How to publish your npm packages?
To register with npm (or log in as a different user), run:
npm adduser
The system will ask for a login, password, and email. Go to the folder with your package and publish it:
cd my-package/
npm publish
Make sure that package.json is filled in correctly. If you need to remove the package from the repository:
npm unpublish http-server Public packages may have restrictions on deletion. You can add or remove collaborators who can publish changes:
npm owner add marak http-server
# Remove user marak from collaborators
npm owner rm marak http-server
# View the list of package owners
npm owner ls http-server
This allows a team to collaborate on a package without sharing a single account. This will allow other users to download the package as well.
In this article, we looked at the basic functions for working with the npm package manager, which communicates with the repo and allows you to manage packages and their dependencies!
