NPM and dependencies

npm installing

One of the things I love about is the NPM packagemanager. I is really easy to install new applications for when you have Node Package Manager. You simply open a terminal window and type in say “npm install -g bower”, it is as simple as that!

Often things goes just perfect and a some seconds or minutes your computer have just gotten wiser, allowing you to do more stuff for you. I used to just ignore all the information written out by NPM in the console, as most of the time everything went fine. However I have experienced that sometimes things do not always go perfectly, and the installed package will not work.

Warnings “WARN” – what is that?

That was my first question: Should I just ignore the warnings? This morning I tried to install a package which promised to convert MD to . I fired away:

npm install -pdf —g

and watched the console write a lot of warnings. For instance:

npm WARN unmet dependency /usr/local/lib/node_modules/cordova requires underscore@‘1.7.0’ but will load

npm WARN unmet dependency /usr/local/lib/node_modules/underscore,

npm WARN unmet dependency which is version 1.6.0

So Node you tell me that I have a deprecated version of underscore?

Guess so, guess that somewhere inside the “markdown-pdf” package a line states that it is dependent on at least version 1.7.0 of underscore? Lets try to see if that is the case…

First of all which place should I expect to find that information? My guess in the package.json is inside the folder of markdown-pdf. I find that here: /usr/local/lib/node_modules/markdown-pdf/, so in my terminal I type this: cd /usr/local/lib/node_modules/markdown-pdf/ and voila there is a package.json. I then type open package.json which on my Mac opens the file in Adobe Brackets.

Now in the dependencies section it states:

“dependencies”: {

"commander": "^2.2.0",

"duplexer": "^0.1.1",

"extend": "^2.0.0",

"highlight.js": "^8.4.0",

"phantomjs": "^1.9.13",

"remarkable": "^1.6.0",

"stream-from-to": "^1.4.0",

"through2": "^0.6.3",

"tmp": "0.0.24"



No “underscore” dependency there…? Oh, guess that one of those packages is dependent on version 1.7.0 of underscore. The search could continue and at some point I would find such a dependency, but that is not so important here.

Should I do something about outdated packages?

I choose to react on the warning from NPM, and updating a NPM package is (of cause) a piece of cake in the NPM world.

sudo npm update -g underscore

First I tried without the sudo part, but I was informed that administrator rights were required for the action I tried to run. I felt proud – I took the warning serious and was a good guy for following rules. But again looking at the terminal a lot of warning were issued as I updated!

There got to exist a smarter way of doing updates on packages!? Yes, of cause NPM had a solution for that too. Simply run an update command without specifying which package I wanted to update. That will make NPM update to latest versions of any installed package. Sounds like a potential lot of downloads, but having an up-to-date library of packages sounds great. So here I go:

sudo npm update -g

Started at 09.03 28/02/2015 and ended at 09.04 28/02/2015 in an error..

A package with some invalid data in its package.json had an error, so I guess that I will simply remove that bad package. To remove a package you need to uninstall it. In my example it was grunt-cli, so here I go:

sudo npm uninstall grunt-cli -g

That went fine, so I try to redo the update command seen above…

Started at 09.09 28/02/2015 and here I got more errors like the one, so I will simply repeat the uninstall command for the packages which fail.. …hoping all these uninstall will not break too much code on my mac… Ended at 09.33 28/02/2015, so some 24 minutes (!) was the duration to upgrade all my installed NPM packages.

A smarter approach – check-dependencies

I got to think: “How can I check if all my dependencies are up-to-date?” This smart NPM system ought to have a smart way of handling that, and it does:

npm install check-dependencies —save-dev

When you are in terminal inside the installed package you can simply run that command. You will get information about the state of dependencies of that package. In my case I got no warnings, so that package should be ready to go.


I am happy and feel safe about the NPM system. I keep feeling impressed with the ease of use, and the out-of-th-box understanding you get when using it. Should you feel like you also want to try out the markdown-pdf I mention here you can by the way find information about it here .


Leave a Reply