Package Managers

Packages

A package is published code with the intention it be useful in the development of another project. Packages are normally open source and prepared by and for the open source community. The use of packages is encouraged because it allows one to reuse other peoples' code to solve difficult problems without having to reinvent solutions.

Package Managers: Why?

Package Managers provide two large advantages:

  • Ready Made Code: as mentioned above, packages provide you with ready made code that allows one to immediately apply a general purpose solution to an otherwise difficult or tedious problem
  • Automatic Dependency Management: suppose you need package A which needs packages B and C. In turn, C requires D, E, and F, ad naseum. This dependency hell is automatically resolved by the package manager.

Package managers are available for many languages and are also the basis for Linux software installation (e.g., apt, yum)

composer Package Manager

composer (currently version 1.6.5) is a PHP package manager. It needs to be installed on the web host you're deploying on. The latest version of composer is always maintained on Bootcamp Coders. Most hosts such as A Small Orange have composer preinstalled on their shared web servers.

composer is configured using the composer.json file. In its most basic form, all we need to do is require the package we want to use and specifiy the version. There are different way to specify versions, detailed in the table below.

VersionMeaning
2.0.3 only version 2.0.3
2.0.* latest version in the 2.0 series
1.0 - 2.1 minimum version 1.0, up to and excluding 2.2 (versions 2.1.* included)
^2.0.3 minimum version 2.0.3, up to and excluding 3.0
~2.0.3 minimum version 2.0.3, up to and excluding 2.1
@stable symbolic link to latest stable version

All the version numbers in the table above are modeled after semantic versioning. Both composer and npm use these conventions EXCEPT npm does not support the @stable version. Armed with this information, the package can now be added to composer.json:

{
	"require": {
		"google/recaptcha": "@stable",
		"mailgun/mailgun-php": "^2.1.2"
	}
}

This will require version 2.1.2 or better of the mailgun-php package and the latest stable version of the recaptcha package. The available packages for composer can be found at Packagist.

Once the composer.json is created, composer will need to be executed. To execute it:

  1. On you localhost command line, in your project directory, execute composer install. This will generate a composer.lock file, a vendor directory and install the requested dependencies.
  2. Add the composer.json and composer.lock files to git.
  3. Commit and push the composer.json and composer.lock files.
  4. Have all group members rebase.
  5. Have all group members execute composer install on their localhost command line. This will generate a composer.lock file and install the requested dependencies.
  6. All group members, including yourself, will SSH into the server and execute composer install.

Every time there is a change made to the composer.json file after installing composer, you must execute composer update in your local and in your deployed project

npm Package Manager

npm (currently version 6.4.1, based on node version 10.11.0) is a JavaScript package manager. It works in the same principle as composer, but for JavaScript/TypeScript based front end packages. The package.json also serves the additional purpose of describing the project itself. So, in addition to the packages npm will load, it also contains data on the author(s) and repository. Additionally, it also has a section for scripts to automate repetitive development tasks.

{
	"name": "example-angular2-project",
	"version": "1.0.0",
	"license": "Apache-2.0",
	"author": {
		"name": "Dylan McDonald",
		"email": "dmcdonald21@cnm.edu",
		"url": "https://www.example-angular2-project.com/"
	},
	"scripts": {
		"build": "rimraf public_html/dist && tsc && webpack --config webpack/webpack.live.js --progress --profile --bail",
		"postinstall": "typings install"
	},
	"repository": {
		"type": "git",
		"url": "https://github.com/dylan-mcdonald/example-angular2-project.git"
	},
	"dependencies": {
		"@angular/common": "^5.2.1",
		"@angular/compiler": "^5.2.1"
	},
	"devDependencies": {
		"@types/node": "^8.5.9",
		"awesome-typescript-loader": "^3.4.1",
		"bootstrap": "^4.0.0"
	}
}
FieldDescription
name Project name
version Project version, using semantic versioning
license License under which the project is released
author Author's information
scripts Commands to automate
repository URL of the repository for the codebase
devDependencies Which packages are required for development

Once the package.json is created, npm will need to be executed. To execute it:

  1. On you localhost command line, execute npm install. This will generate a package-lock.json file, a node_modules directory and install the requested dependencies.
  2. Add the package.json and package-lock.json files to git.
  3. Commit and push the package.json and package-lock.json files.
  4. Have all group members rebase.
  5. Have all group members execute npm install on their localhost command line. This will generate a package-lock.json file and install the requested dependencies.
  6. All group members, including yourself, will SSH into the server and execute npm install and npm run build.

Every time there is a change made to the package.json file after installing npm, you must execute npm update in your local and in your deployed project