54

I'm adding dependencies to a package.json that will be used as part of a provisioning process for a virtual machine. As such, I don't actually need to install the modules locally since the provisioner will do that for me inside the VM. So is there any way to do the following:

npm install --save <module>

So that it only creates a dependency for the latest version of the module in package.json without actually downloading the module or creating a node_modules folder?

The --dry-run option is close, as it doesn't create a node_modules folder but it also doesn't write to package.json either.

For now, I'm manually doing the following each time I need to update packages before re-provisioning the VM:

rm -rf node_modules

Other reasons for this might include being able to easily build a package.json file in low-bandwidth situations such as tethering, where you know you'll need the module eventually but don't want to spare the bandwidth.

Improve this question
3
  • 1
    Did you ever find a solution to this? Commented Apr 7, 2018 at 3:56
  • @GeigeV So far I've continued to use the "install and remove node_modules" approach. The low bandwidth solution seems to be very carefully checking the npm website for the current versions and manually adding them to your package.json file. Commented Apr 7, 2018 at 8:07
  • Combining the commands, whilst not an npm solution, does the trick as a one-liner: npm i <package> <package> <package> && rm -r node_modules Commented Jun 21, 2021 at 9:01

6 Answers 6

Reset to default
16

Was searching for the solution. Haven't found, then made a script which adds dependencies (latest or specified versions) to the package.json file skipping the installation process.

https://www.npmjs.com/package/add-dependencies

Installation

If not using with npx (see below):

$ npm install add-dependencies [-g]

Usage

Run:

$ add-dependencies [package_file] <dependencies> [target] [--no-overwrite]

or with npx:

$ npx add-dependencies [package_file] <dependencies> [target] [--no-overwrite]

where dependencies is the list of dependencies divided by space, and target is one of the following:

  • --dev / --save-dev / -D for devDependencies
  • --peer / --save-peer / -P for peerDependencies
  • --optional / --save-optional / -O for optionalDependencies

If no target argument passed, dependencies are written to dependencies.

If no package_file argument passed, the script searches for a package.json file within the current working directory.

Use --no-overwrite flag to prevent already existing packages in package.json from being overwritten.

Example:

$ add-dependencies /home/user/project/package.json [email protected] [email protected] redux eslint --dev

or with npx:

$ npx add-dependencies /home/user/project/package.json [email protected] [email protected] redux eslint --dev

Hope this could help someone else.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

15

Interestingly combining --package-lock-only with --no-package-lock seems to do this

npm install --package-lock-only --no-package-lock PACKAGE

This does not create or update the package-lock.json file. Only adds an entry to the package.json

UPDATE

This was actually a bug and is now fixed in npm 6.9.0

https://github.com/npm/cli/pull/146

https://npm.community/t/release-npm-6-9-0/5911

Improve this answer

5 Comments

This was a bug and is now fixed in npm 6.9.0... github.com/npm/cli/pull/146
uhm too bad... I've hardly ever seen a more blatant case of "it's not a bug... it's a feature"
Is it really a bug? When I run npm install --package-lock-only --no-package-lock PACKAGE, I don't get any node_modules directory. Using npm 6.9.0
Is it confirmed if its a bug or not?? I'm using the same on 6.7.0 and its working fine
npm version 7.7.6 - Works! Thanks!
8

There is no way to do that with npm that I'm aware of.

There are two npm packages for doing this; I've never used either of them, but they might be worth a try:

Hope this helps!

Improve this answer

5 Comments

Note that both packages npm-add and adddep depend on the npm package which is enormous.
@AlexanderMills npm v6.9.0 is ~30MB on my machine
It's not really about the size for me. I use Docker to run NPM and NodeJS, but edit files on the host system. I don't want to install anything through NPM on my host system.
Unfortunately neither of these packages work with the latest version of npm. npm-add is locked to npm v1.2.18 and adddep (which was forked from npm-add) doesn't work with npm v8.0.0 and above.
Answer is outdated stackoverflow.com/a/73518727/2950649 should be accepted correct answer.
5

As of NPM > 8 the correct answer is

npm pkg set devDependencies.rollup="*" devDependencies.typescript="4.5"

Explaination npm pkg set can change your current package.json

See: https://docs.npmjs.com/cli/v7/commands/npm-pkg

Improve this answer

1 Comment

But where does the version number come from? If I would like to save the dependency for eg. npm install tmp (which currently is "tmp": "^0.2.3"), how would I do that using the npm pkg set command? I don't know that "^0.2.3" string.
0

I made a very simple way to do this.

Add this to the scripts section of your package.json:

 "scripts": { "no-dl": "npm install --package-lock-only --no-package-lock" }

Then use it like this:

npm run no-dl <package-name>

I've called it no-dl — pick your own name as needed.

Improve this answer

Comments

-2

npm install --save packagename then npm uninstall packagename (without --save flag) accomplishes this, though an empty node_modules folder is created

Improve this answer

2 Comments

This doesn't work in Node 5+ because the --save flag is implicit.
--save is only implicit for install, not for uninstall. Using --no-save is also an option. This isn't a solution for your low-bandwidth scenario either way, as it unnecessarily downloads the package contents

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.