Article

Working with peer, scoped and private npm dependencies in RHMAP

June 13, 2017
Node.js
David Martin
Red Hat Mobile Application Platform

RHMAP Environments

An RHMAP Environment provides a Node.js runtime for Mobile Backends. There are 2 environment types: Dynofarm & OpenShift. The former is an LXC based PaaS, written in Node.js & bash. It is superseded by OpenShift environments. However, there are still many Dynofarm environments in use in the RHMAP SaaS offering.

fh-npm

Rationale

fh-npm is a wrapper for npm. It is only used in Dynofarm environments to install npm dependencies specified in a package.json file. It was developed by the RHMAP team to solve a few problems. Older versions of npm were relatively slow at installing dependencies & didn't make great use of the npm cache. Doing a lot of npm installs at the same time can be CPU intensive, so caching pre-built binaries was one of its goals. Also, the amount of disk usage would be relatively high (inodes usage) due to a large number of small files. Some of these problems have been addressed in later versions of npm, and fh-npm is becoming less necessary.
There are features of newer versions of npm that are not supported by fh-npm. This imposes restrictions on what developers can use in their Node.js application. However, it is possible to use these newer features by opting out of fh-npm and triggering the use of an npm version compatible with the version of Node.js being deployed to.

Opting out of fh-npm

Adding an npm-shrinkwrap.json file to the root of your application will tell Dynofarm to bypass fh-npm, and use npm instead. This will force you to have your dependencies locked down, as npm will only install the dependencies and versions in your npm-shrinkwrap.json file. The main caveat with doing this is the amount of time to install dependencies, in particular, anything that has to be compiled, as none of the caching that fh-npm providers will be used.
It is possible to bypass fh-npm and not have to maintain an npm-shrinkwrap.json file. This can be useful in the early stages of development where you may not want to lock down versions yet. To do this, add an empty npm-shrinkwrap.json file, and a .npmrc file to the root of your application. Add the following to the .npmrc file.
shrinkwrap=false
This combination of files will bypass fh-npm, and tell npm to ignore the npm-shrinkwrap.json file. Only modules in the package.json will be installed.

Peer Dependencies

Peer dependencies are not supported by fh-npm. However, if you bypass fh-npm, peer dependencies should work as normal for Node.js 4 environments. Peer dependencies are not supported by the version of npm used in Node.js 0.10 environments. Here is an example of a peer dependency that a grunt plugin might use.
"peerDependencies": {
  "grunt": ">=0.4.0"
}

Scoped & private dependencies

Scoped dependencies are not supported by fh-npm. However, like peer dependencies, if you bypass fh-npm, scoped dependencies should work as normal. They should work with the version of npm used in Node.js 4 environments, but not 0.10 environments. Here is an example of a scoped dependency. 

"dependencies":{
  "@namespace/mypackage":"~1.0.0"
}

The scoped package can be used by required it: 

var mypackage = require("@namespace/mypackage");

If a scoped module is also private, an extra step is required to allow that module to be downloaded. An authToken of a user that has accessed the private module can be added to the .npmrc file in the root of the repo. 

//registry.npmjs.org/:_authToken=SOME_AUTH_TOKEN

This token gets used by npm for any private modules in the specified registry. To generate an auth token, login to npm on any machine, then check the ~/.npmrc file for the token line. Tokens can be invalidated by changing your npm password or logging out on the same machine with npm logout.

Future Node.js versions in Dynofarm

From Node.js 6.x onwards, fh-npm will no longer be used in Dynofarm. This is due to various changes to npm since version 2, which fh-npm is based on. The layout of the node_modules folder has changed to a flatter structure. This, combined with various performance improvements, has lessened the reasons for fh-npm.

Red Hat Mobile Application Platform is available for download, and you can read more at Red Hat Mobile Application Platform.

Last updated: June 8, 2017

Comments