npm 7+ introduced significant improvements including parallel installation, workspace support, and better dependency resolution. Understanding these new features is crucial for modern JavaScript development.
Major New Features in npm 7
1. Parallel Installation
npm 7 improved the dependency installation algorithm, supporting parallel downloading and installation of packages.
Performance Improvements:
- Installation speed 2-3 times faster than npm 6
- Better network resource utilization
- Reduced overall installation time
Configure Parallelism:
# Set maximum parallel connections npm config set maxsockets 50 # Set maximum network request concurrency npm config set network-concurrency 16
2. Workspaces
npm 7 natively supports monorepo workspaces without additional configuration.
Configure Workspaces:
{ "name": "my-monorepo", "version": "1.0.0", "private": true, "workspaces": [ "packages/*" ], "scripts": { "install": "npm install -ws", "build": "npm run build -ws", "test": "npm test -ws" } }
Directory Structure:
my-monorepo/ ├── package.json ├── packages/ │ ├── shared/ │ │ ├── package.json │ │ └── index.js │ ├── app/ │ │ ├── package.json │ │ └── index.js │ └── utils/ │ ├── package.json │ └── index.js
Workspace Commands:
# Run command in all workspaces npm run build -ws # Run command in specific workspace npm run build --workspace=packages/app # Install dependency to specific workspace npm install lodash --workspace=packages/app # Add workspace dependency npm install ../shared --workspace=packages/app
3. Improved Dependency Resolution
npm 7 uses a smarter dependency resolution algorithm, reducing duplicate installations.
Dependency Hoisting:
node_modules/ ├── lodash/ # hoisted to top level ├── package-a/ ├── package-b/ └── package-c/
Configure Resolution Strategy:
# Disable dependency hoisting npm config set legacy-bundling true # Use strict peer dependency resolution npm config set strict-peer-deps true
4. package-lock.json v2
npm 7 introduced a new lock file format, providing better readability and more detailed metadata.
New Features:
- Clearer JSON structure
- Includes package integrity information
- Supports workspaces
- Better version range handling
Example:
{ "name": "my-project", "version": "1.0.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "my-project", "version": "1.0.0", "dependencies": { "express": "^4.18.0" } }, "node_modules/express": { "version": "4.18.2", "resolved": "https://registry.npmjs.org/express/-/express-4.18.2.tgz", "integrity": "sha512-...", "dependencies": { "accepts": "~1.3.8" }, "engines": { "node": ">= 0.10.0" } } } }
5. npm exec and npx Improvements
npm 7 improved the implementation of npx and introduced the npm exec command.
npm exec:
# Execute binary from package npm exec create-react-app my-app # Equivalent to npx npx create-react-app my-app # Pass arguments npm exec --package=eslint -- eslint src/
Improved npx:
- Faster package resolution
- Better caching mechanism
- Support for multiple packages
6. Automatic Peer Dependency Installation
npm 7 automatically installs peer dependencies by default, simplifying dependency management.
Behavior Changes:
# npm 6: Need to manually install peer dependencies npm install <package> npm install <peer-dependency> # npm 7: Automatically install peer dependencies npm install <package>
Configuration:
# Disable automatic peer dependency installation npm config set auto-install-peers false # Use strict peer dependency resolution npm config set strict-peer-deps true
7. Improved Output Format
npm 7 provides clearer and more concise output format.
Example:
added 1423 packages, and audited 1424 packages in 32s 238 packages are looking for funding run `npm fund` for details found 0 vulnerabilities
8. npm fund Command
npm 7 introduced the npm fund command to display project funding information.
Usage:
npm fund
Output Example:
my-project@1.0.0 ├── express@4.18.2 │ └── https://opencollective.com/express ├── lodash@4.17.21 │ └── https://opencollective.com/lodash └── webpack@5.0.0 └── https://github.com/sponsors/webpack
9. Support for Overrides
npm 8+ supports the overrides field to force specific versions of dependencies.
Configure Overrides:
{ "overrides": { "vulnerable-package": "1.2.3", "package-a": { "package-b": "2.0.0" } } }
Use Cases:
- Fix security vulnerabilities
- Resolve version conflicts
- Force specific versions
10. Improved Error Handling
npm 7 provides more detailed error messages and better error recovery mechanisms.
Error Message Example:
npm ERR! code ERESOLVE npm ERR! ERESOLVE unable to resolve dependency tree npm ERR! npm ERR! While resolving: my-project@1.0.0 npm ERR! Found: react@18.0.0 npm ERR! node_modules/react npm ERR! react@"^18.0.0" from the root project npm ERR! npm ERR! Could not resolve dependency: npm ERR! peer react@"^16.0.0" from some-package@1.0.0 npm ERR! node_modules/some-package
npm 8 New Features
1. Improved Workspaces
npm 8 improved workspace functionality, supporting more complex monorepo structures.
2. npm diff Command
npm 8 introduced the npm diff command to compare dependency version differences.
# Compare current installation with package.json npm diff # Compare specific package npm diff <package-name> # Compare two versions npm diff <package-name>@1.0.0 <package-name>@2.0.0
3. Improved npm query
npm 8 improved the npm query command, supporting more powerful dependency queries.
# Find all outdated packages npm query ":outdated" # Find all dev dependencies npm query ":dev" # Find dependencies of specific package npm query "lodash > *"
4. Support for .npmrc Inheritance
npm 8 supports inheriting .npmrc configuration from parent directories.
npm 9 New Features
1. Improved Performance
npm 9 further optimized performance with faster installation speeds.
2. Improved Security
npm 9 enhanced security features, including better integrity verification.
3. Improved Error Reporting
npm 9 provides clearer error messages and better troubleshooting guidance.
Migrating to npm 7+
1. Upgrade npm
# Upgrade using npm itself npm install -g npm@latest # Use nvm nvm install node --latest-npm # Use n n latest
2. Check Compatibility
# Check project dependencies npm ls # Check peer dependencies npm ls --depth=0
3. Handle Peer Dependencies
# Automatically install peer dependencies npm install # Manually resolve conflicts npm install --force
4. Update package-lock.json
# Delete old lock file rm package-lock.json # Reinstall to generate new lock file npm install
Best Practices
1. Use Workspaces for Monorepo Management
{ "workspaces": [ "packages/*" ], "scripts": { "install": "npm install -ws", "build": "npm run build -ws", "test": "npm test -ws", "clean": "npm run clean -ws" } }
2. Use Overrides for Version Management
{ "overrides": { "vulnerable-package": "1.2.3" } }
3. Use npm ci Instead of npm install
# Use npm ci in CI environments npm ci
4. Configure Reasonable Parallelism
# Adjust based on network environment npm config set maxsockets 50 npm config set network-concurrency 16
5. Use npm fund to Support Open Source Projects
# View project funding sources npm fund # Support open source projects npm fund <package-name>
Common Issues
1. Peer Dependency Conflicts
# Use strict peer dependency resolution npm config set strict-peer-deps true # Manually resolve conflicts npm install --force
2. Workspace Dependency Issues
# Clean workspace cache npm cache clean --force # Reinstall npm install -ws
3. Performance Issues
# Check configuration npm config list # Adjust parallelism npm config set maxsockets 50 # Use cache npm install --prefer-offline
npm 7+ brings significant performance improvements and feature enhancements, making it an ideal choice for modern JavaScript development.