# NPM and External Packages

<img src="https://www.callicoder.com/static/8c3251c5df11cddc54bdcedada7d730f/npm-package-manager-for-node-js.png" width="480"/>

NPM (Node Package Manager) is a widely used tool that has revolutionized the way developers manage external packages and dependencies in their Node.js projects. By providing a vast repository of pre-built, reusable code that can be easily installed and managed, NPM has become an essential tool for modern web development.

In this lesson, we will cover the basics of using NPM, including how to install, update, and remove packages, as well as how to create and publish your own packages. We will also explore some of the most popular JavaScript libraries and frameworks that can help you to further streamline your development process. Libraries like React, Vue, Angular, and more provide developers with ready-made solutions for building complex user interfaces and applications.

Finally, we will delve into the process of creating and publishing your own NPM packages, including how to create a package.json file, add a README.md file, and publish your package to the public registry. By the end of this lesson, you will have a solid understanding of how to use NPM and external packages to make your Node.js projects more efficient and powerful, as well as how to create and share your own packages with the wider developer community.


The follow topics are covered in this tutorial:
- Introduction to NPM (Node Package Manager)
- Installing, updating and removing NPM packages
- Survey of popular JavaScript libraries
- Creating and publishing NPM pacakges

## Problem Statement

## Introduction to NPM

NPM (short for Node Package Manager) is a package manager for the JavaScript programming language. It allows developers to easily install, manage, and share reusable packages of code, including libraries, frameworks, tools, and other dependencies, that can be used in their own projects. NPM is built on top of the Node.js runtime environment, and it is widely used in both front-end and back-end development, as well as in other areas such as build systems, task runners, and automation tools.

### Benefits of using NPM 
- Easy installation and management of packages: NPM provides a simple and standardized way to install, update, and remove packages, as well as to manage their dependencies and versions.
- Large and diverse package ecosystem: NPM has a vast and constantly growing repository of packages that can be used in various types of projects, including frontend, backend, mobile, desktop, and IoT applications, as well as tools and utilities for development, testing, and deployment.
- Reusability and modularity: NPM packages are designed to be modular and reusable, which means that developers can leverage existing code to speed up their development process and avoid reinventing the wheel.
- Collaboration and community: NPM provides a platform for developers to share their packages with others, as well as to contribute to existing packages by submitting bug reports, feature requests, and code changes. This fosters a culture of open-source collaboration and knowledge sharing.
- Automation and scripting: NPM can be used to automate various tasks and workflows, such as building, testing, linting, and deploying projects, as well as to create custom scripts and CLI commands that can be shared and reused across different projects.

## Installing NPM Packages

When installing packages with NPM, you have the option to install them either locally or globally, depending on your needs.

Local installation: When you install a package locally, it is installed in the node_modules directory of your project, which is located in the same directory as your package.json file. Local packages are specific to the project they are installed in and cannot be used in other projects unless they are installed separately. To install a package locally, you can use the npm install command followed by the package name:

```
npm install <package-name>
```

Global installation: When you install a package globally, it is installed in a global directory that is shared by all your projects. Global packages can be used in any project without the need for separate installation. However, it's important to note that not all packages can be installed globally, as some packages require specific dependencies or configurations that are specific to the project they are installed in. To install a package globally, you can use the -g or --global flag:
```
npm install -g <package-name>
```

It's generally recommended to install packages locally in most cases, as this allows you to easily manage and track your project's dependencies, and ensures that each project has its own set of dependencies that can be customized as needed. Global packages should be used sparingly and only for packages that are truly needed across multiple projects.

In addition to local and global installations, you can also install packages as development dependencies, which are only needed during the development or testing phase of a project. To install a package as a development dependency, you can use the --save-dev flag:
```
npm install --save-dev <package-name>
```

This will add the package to the devDependencies section of your package.json file, which ensures that it is only installed when running npm install in development mode (npm install --production will not install devDependencies).

### node_modules directory

`node_modules` is a directory that is automatically created in a Node.js project when you install dependencies using npm. This directory contains all of the packages and modules that your project depends on, including their dependencies, and allows you to easily manage and reuse code across multiple projects.

<img src="https://i.imgur.com/czCFBFn.png" width="480"/>

When you install a package using npm, the package and all of its dependencies are downloaded and stored in the node_modules directory. This directory can become quite large if your project has many dependencies, but it is generally recommended to add it to your `.gitignore` file to avoid committing it to your version control system, as it can be easily regenerated by running `npm install`.

To use a package or module from node_modules in your project, you can simply import or require it in your code. Node.js will automatically look for the package in the `node_modules` directory and load it into your project. If you need to access a specific version of a package or module, you can use the `package.json` file to specify the version number or range that you want to use.

Overall, the `node_modules` directory is a fundamental part of the Node.js ecosystem and allows developers to easily manage and share code dependencies across projects.

### Explanation of package.json file 

The package.json file is a JSON (JavaScript Object Notation) file that serves as the metadata for an NPM package. It contains various properties that describe the package, such as its name, version, author, license, dependencies, scripts, and other relevant information. 

<img src="https://i.imgur.com/SZ6TGcy.png" width="480" />

Here's a brief overview of some of the key properties of a package.json file:

- `name`: The name of the package, which must be unique within the NPM registry.
- `version`: The version number of the package, which follows the semantic versioning format (major.minor.patch).
- `description`: A brief description of the package, which should explain what it does and how it can be used.
- `keywords`: A list of keywords that describe the package, which can be used to help users discover it.
- `homepage`: The URL of the package's website or documentation.
- `repository`: The URL of the package's source code repository, which can be used to contribute to the package or report issues.
- `license`: The license under which the package is distributed, which determines how it can be used and shared.
- `dependencies`: A list of other NPM packages that the package depends on, which will be automatically installed when the package is installed.
- `devDependencies`: A list of NPM packages that are only needed during development or testing, which will not be installed when the package is used in production.
- `scripts`: A list of custom scripts that can be executed with the "npm run" command, which can be used for various tasks such as building, testing, and deploying the package.

The package.json file is typically located at the root of the package's directory, and it is required for publishing a package to the NPM registry.

### Using `package-lock.json` to ensure package versions

When you install packages using NPM, a `package-lock.json` file is generated that ensures that the same package versions are installed across different machines or environments. This file is automatically generated by NPM when you run `npm install`, and is updated whenever you install or update packages.

The `package-lock.json` file contains information about the exact version of each package that was installed, including its dependencies and their versions. This ensures that the same packages and versions are installed across different machines or environments, preventing any unexpected behavior that might result from different package versions being installed.

To ensure that your project uses the correct package versions specified in the `package-lock.json` file, you should commit both the `package.json` and `package-lock.json` files to your version control system, such as Git. This ensures that anyone who clones your project will get the same versions of the packages you used.

It's also important to note that when you install or update packages, NPM will use the version ranges specified in your `package.json` file to determine which version to install. If you want to update to a new major version or a specific version of a package, you should update the version range in your `package.json` file and then run `npm install` to generate a new `package-lock.json` file with the updated versions.

## Update NPM Packages

To update an NPM package to its latest version, you can use the npm update command followed by the package name. Here's the basic syntax:
```
npm update <package-name>
```
This command will update the specified package to the latest version available that is compatible with the version range specified in your package.json file. If no version range is specified, it will update to the latest version available.

If you want to update all packages to their latest versions, you can use the following command instead:
```
npm update
```

This will update all packages listed in your package.json file to their latest versions. However, it's important to note that updating packages can sometimes introduce breaking changes or compatibility issues with other packages or parts of your code, so it's recommended to test your code thoroughly after updating packages.

If you want to update a package to a specific version, you can use the npm install command with the @ symbol followed by the version number. For example:
```
npm install <package-name>@<version-number>
```

This will install the specified version of the package, overriding the version range specified in your package.json file.

## Removing NPM Packages

To remove an NPM package from your project, you can use the npm uninstall command followed by the package name. Here's the basic syntax:

```
npm uninstall <package-name>
```

This command will remove the specified package and its dependencies from your project, as well as update the package.json file to reflect the changes.

If you want to remove a package but keep it listed as a dependency in your package.json file, you can use the `--save` flag:
```
npm uninstall <package-name> --save
```

This will remove the package from your project but keep it listed as a dependency in your package.json file, so that it can be easily re-installed later if needed.

If you want to remove a package and its dependencies completely from your project, including from the package.json file, you can use the --save-dev flag to remove it from the devDependencies section of your package.json file:
```
npm uninstall <package-name> --save-dev
```

Finally, if you want to remove a global package, you can use the -g or --global flag:
```
npm uninstall -g <package-name>
```
This command will remove the package from the global directory, so that it is no longer available for use in any project.

## Common NPM commands

Here are some basic NPM commands that you can use to manage packages in your project:
- `npm install`: Installs all the dependencies listed in the package.json file, either locally or globally, depending on the options used. You can also specify the name of a specific package to install.
- `npm update`: Updates the packages listed in the package.json file to their latest versions, if available.
- `npm uninstall`: Removes a package and its dependencies from the project, and updates the package.json file accordingly.
- `npm init`: Initializes a new NPM package by creating a package.json file and prompting you to fill in the required fields.
- `npm search`: Searches the NPM registry for packages that match a given keyword.
- `npm publish`: Publishes a package to the NPM registry, making it available for others to install and use.
- `npm version`: Updates the version number of the package according to the semantic versioning format (major.minor.patch).
- `npm run`: Executes a custom script defined in the package.json file, such as a build, test, or deploy script.
- `npm audit`: Checks the project's dependencies for known security vulnerabilities and suggests updates.

These are just a few of the many NPM commands available. You can use the npm help command or refer to the NPM documentation for more information on each command and its options.

## Popular JavaScript Libraries 

There are numerous JavaScript libraries available that can help you to build web applications quickly and efficiently. 


Here's an overview of some of the most popular ones:

### Express

Express is a popular Node.js package for building web applications and APIs. It provides a minimalist and flexible framework that allows developers to create powerful applications with minimal code. Express supports a wide range of HTTP verbs, making it easy to create RESTful APIs that can handle various requests.

To get started with Express, you first need to install it as a dependency in your Node.js project. Here's how to install it using npm:

```
npm install express
```

Once you've installed Express, you can start using it in your project. Here's an example of how to use Express to create a simple web server that responds with "Hello, world!" to all requests:
```js
const express = require('express');
const app = express();

app.get('/', (req, res) => {
  res.send('Hello, world!');
});

app.listen(3000, () => {
  console.log('Server started on port 3000');
});
```

In this example, we define an Express app and add a route that responds to `GET` requests to the root URL (`/`) by sending a simple string response (`Hello, world!`). We then start the server and listen for incoming requests on port 3000.



Here are some helpful links to get started with Express:
- [Official Express website](https://expressjs.com/)

- [Express documentation](https://expressjs.com/en/4x/api.html)

- [Express on npm](https://www.npmjs.com/package/express)

- [Express on GitHub](https://github.com/expressjs/express)

### Day.js

Day.js is a lightweight and modern JavaScript library for parsing, validating, manipulating, and formatting dates and times. It provides an easy-to-use API that mimics the popular Moment.js library while using a fraction of the bundle size. Day.js is designed to be modular, so you can pick and choose the features you need to keep your bundle size small.

To start using Day.js in your project, you first need to install it as a dependency using npm:
```
npm install dayjs
```

Once you've installed Day.js, you can start using it in your project. Here's an example of how to use Day.js to parse a date string and format it in a specific way:

```js
const dayjs = require('dayjs');

const date = dayjs('2023-03-30');
const formattedDate = date.format('dddd, MMMM D, YYYY');

console.log(formattedDate); // Output: Thursday, March 30, 2023
```

In this example, we use Day.js to parse a date string (`'2023-03-30'`) and format it as a long date string (`'dddd, MMMM D, YYYY'`). We then log the formatted date to the console.

Here are some helpful links to get started with Day.js:

- [Official Day.js website](https://day.js.org/)
- [Day.js documentation](https://day.js.org/docs/en/installation/installation)
- [Day.js on npm](https://www.npmjs.com/package/dayjs)
- [Day.js on GitHub](https://github.com/iamkun/dayjs/)

### Passport
Passport is a popular authentication middleware for Node.js. It provides a simple and flexible framework for implementing authentication strategies, such as OAuth, JWT, and local authentication. Passport can be easily integrated with any Node.js web framework, including Express, Koa, and Hapi.

To start using Passport in your project, you first need to install it as a dependency using npm:
```
npm install passport
```


Once you've installed Passport, you can start using it in your project. Here's an example of how to use Passport with the local authentication strategy:
```js
const passport = require('passport');
const LocalStrategy = require('passport-local').Strategy;

passport.use(new LocalStrategy(
  function(username, password, done) {
    User.findOne({ username: username }, function (err, user) {
      if (err) { return done(err); }
      if (!user) { return done(null, false); }
      if (!user.verifyPassword(password)) { return done(null, false); }
      return done(null, user);
    });
  }
));
```

In this example, we use Passport to define a local authentication strategy that checks if a user with the specified username exists in the database and if the provided password matches the user's password. We then call the `done` function with the authenticated user if the authentication is successful.

Here are some helpful links to get started with Passport:

- [Official Passport website](https://www.passportjs.org/)
- [Passport documentation](https://www.passportjs.org/docs/)
- [Passport on npm](https://www.npmjs.com/package/passport)
- [Passport on GitHub](https://github.com/jaredhanson/passport)

### Nodemailer

Nodemailer is a popular email sending library for Node.js. It allows you to send emails using various transport methods, such as SMTP, sendmail, and Amazon SES. Nodemailer also supports HTML content, file attachments, and other advanced email features.

To start using Nodemailer in your project, you first need to install it as a dependency using npm:
```
npm install nodemailer
```

Once you've installed Nodemailer, you can start using it in your project. Here's an example of how to use Nodemailer to send an email using Gmail as the SMTP transport:

```js
const nodemailer = require('nodemailer');

// Create a transporter object
const transporter = nodemailer.createTransport({
  service: 'gmail',
  auth: {
    user: 'your-gmail-username',
    pass: 'your-gmail-password'
  }
});

// Define the email message
const mailOptions = {
  from: 'your-email-address',
  to: 'recipient-email-address',
  subject: 'Test email from Nodemailer',
  text: 'This is a test email sent using Nodemailer'
};

// Send the email
transporter.sendMail(mailOptions, function(error, info){
  if (error) {
    console.error(error);
  } else {
    console.log('Email sent: ' + info.response);
  }
});
```

In this example, we create a Nodemailer transporter object using the Gmail SMTP service and authentication credentials. We then define the email message using the `mailOptions` object and send the email using the `sendMail` method of the transporter object.

Here are some helpful links to get started with Nodemailer:

- [Official Nodemailer website](https://nodemailer.com/about/)
- [Nodemailer documentation](https://nodemailer.com/about/)
- [Nodemailer on npm](https://www.npmjs.com/package/nodemailer)
- [Nodemailer on GitHub](https://github.com/nodemailer/nodemailer)

## Creating and Publishing NPM Packages

### Setting up an NPM account

<img src="https://i.imgur.com/SoYw3VJ.png" width="480" />

To set up an NPM account, follow these steps:
1. Go to the NPM website at https://www.npmjs.com/ and click the "Sign up" button in the top right corner of the page.

2. Fill out the registration form with your details, including your email address and a password.

3. Verify your email address by clicking the link in the confirmation email sent to you by NPM.

4. Once your email address is verified, you can log in to your NPM account by clicking the "Log in" button in the top right corner of the page.

That's it! With your NPM account set up, you can now publish your own packages and manage your dependencies using NPM.

### Creating a package.json file

To create a package.json file for your project, follow these steps:

1. Open a command prompt or terminal window in the root directory of your project.

2. Run the command `npm init`. This will start a wizard that will guide you through the process of creating a package.json file.

3. The first prompt will ask you for the package name. This should be a **unique name** that identifies your package.

4. The next prompt will ask you for the version number of your package. You can use any valid version number, such as 1.0.0.

5. The third prompt will ask you for a brief description of your package. This description will be shown on the NPM registry and can help others find and understand your package.

6. The next prompt will ask you for the entry point of your package. This is the main JavaScript file that will be loaded when your package is used. The default value is `index.js`.

7. The next prompt will ask you for the test command for your package. This is the command that will be run when you execute `npm test`.

8. The next prompt will ask you for the repository type and URL of your package. This is optional, but can be useful if you want to make your source code available on a public repository such as GitHub.

9. The next prompt will ask you for the keywords for your package. These are used to help others find your package when searching the NPM registry.

10. The final prompt will ask you to review your `package.json` file and confirm that the information is correct.

Once you've completed the wizard, a `package.json` file will be created in the root directory of your project with the information you provided. You can then add your package dependencies and scripts to the file, as well as publish your package to the NPM registry using the npm publish command.

### Creating a package README.md file

Creating a `README.md` file for your NPM package is an important step to help others understand your package and how to use it. The `README.md` file should be placed in the root directory of your package alongside the package.json file.

To create a `README.md` file, follow these steps:

1. Open a text editor or IDE and create a new file named `README.md` in the root directory of your package.

2. In the `README.md` file, start by providing a brief description of your package, its purpose, and its features.

3. Next, include instructions on how to install and use your package. This can include code snippets, examples, and links to documentation.

4. It's also a good idea to include information on how to contribute to your package or report issues.

5. Finally, consider including a license section that specifies the license of your package and any limitations or restrictions on its use.

### Publishing a package to NPM

To publish your NPM package to the public registry, follow these steps:

1. First, create an account on the NPM website by signing up at https://www.npmjs.com/signup.

2. In the root directory of your package, run the command `npm login` and enter your NPM username, email address, and password when prompted.

4. Once you are logged in, update your `package.json` file with the correct information for your package, including the name, version, description, and keywords.

5. Make sure your package has a main file or an `index.js` file that exports the functionality of your package.

6. In the root directory of your package, run the command `npm publish` to publish your package to the public registry.

8. Wait for the package to be published to the registry. You can verify that it was published successfully by searching for it on the NPM website or by running the command `npm search <package-name>`.

### Updating packages

Once you have published a package on NPM, you may need to update it to fix bugs, add new features, or make other improvements. Updating your published package on NPM is a straightforward process that can be done in a few simple steps:

1. First, make the necessary changes to your package code or configuration.
2. Update the version number of your package in the `package.json` file using [semantic versioning](https://docs.npmjs.com/about-semantic-versioning). For example, if your current version is 1.0.0, you might update it to 1.0.1 for a bug fix or 1.1.0 for a new feature.
3. Commit your changes to your code repository.
4. Run the command `npm publish` to update your package on the NPM registry with the new version.

It's important to note that updating your package may break compatibility with existing users who have installed an older version of your package. To prevent this, it's recommended to follow semantic versioning and to clearly communicate any breaking changes in your package documentation. Additionally, you can use the `npm deprecate` command to mark older versions of your package as deprecated, which will alert users to switch to a newer version.

### Unpublishing packages

In some cases, you may need to remove a package that you have published on NPM. This can be done using the npm unpublish command.

Here are the steps to unpublish a package from NPM:

1. Open a terminal or command prompt and navigate to your package directory.
2. Run the command `npm unpublish <package-name>@<version>` to remove the package from the NPM registry. Replace `<package-name>` with the name of your package and `<version>` with the version you want to remove. If you want to remove all versions of your package, omit the version number.
3. If you have published the package with a public access level, other users may have already downloaded and installed the package. In this case, removing the package can cause issues for those users. To prevent this, you can use the `npm deprecate` command to mark the package as deprecated instead of removing it entirely.

    
It's important to use caution when removing packages from NPM, especially if they are widely used by other developers. Removing a package without proper consideration can cause disruptions to other users and may damage your reputation as a package author. Always consider alternative options before deciding to remove a package, such as marking it as deprecated or transferring ownership to another maintainer.

## Summary & References

The follow topics were covered in this tutorial:
- Introduction to NPM (Node Package Manager)
- Installing, updating and removing NPM packages
- Survey of popular JavaScript libraries
- Creating and publishing NPM pacakges