npm 不理解的地方
Verifying ECDSA registry signatures
npm官网地址 docs.npmjs.com/verifying-r… ##内容## Troubleshooting Some packages are missing registry signatures The CLI will error if packages don't have signatures and if the package registry supports signatures. This could mean an attacker might be trying to circumvent signature verification. You can check if the registry supports signatures by requesting the public signing keys from registry-host.tld/-/npm/v1/keys.
Example response if some versions have missing registry signatures:
audited 1640 packages in 2s
1405 packages have verified registry signatures
235 packages have missing registry signatures but the registry is providing signing keys:
missing-dep@1.0.0 (https://registry.npmjs.org/)
npm ci
官网地址
内容
Description NOTE: If you create your package-lock.json file by running npm install with flags that can affect the shape of your dependency tree, such as --legacy-peer-deps or --install-links, you must provide the same flags to npm ci or you are likely to encounter errors. An easy way to do this is to run, for example, npm config set legacy-peer-deps=true --location=project and commit the .npmrc file to your repo.
Configuration
global-style Default: false Type: Boolean Causes npm to install the package into your local node_modules folder with the same layout it uses with the global node_modules folder. Only your direct dependencies will show in node_modules and everything they depend on will be flattened in their node_modules folders. This obviously will eliminate some deduping. If used with legacy-bundling, legacy-bundling will be preferred. legacy-bundling Default: false Type: Boolean Causes npm to install the package such that versions of npm prior to 1.4, such as the one included with node 0.8, can install the package. This eliminates all automatic deduping. If used with global-style this option will be preferred.
不懂的命令
npm-completion
npm hook
中文地址:www.npmrc.cn/commands/np…
难理解的命令
npx 与 npm exec 官方参考:docs.npmjs.com/cli/v8/comm… 中文参考:www.npmrc.cn/commands/np…
npm rebuild 不知道它到底构建啥了?
特别有用的命令
npm link 中文链接:www.npmrc.cn/commands/np… 可以创建软链接,可以将本地的包命令在全局node_modules创建命令软连接,也可以将全局安装的包软连接到本地node_moduels 中
