How npm handles the "scripts" field
npm supports the "scripts" property of the package.json file, for the following scripts:
npm
install
without any arguments. (See below)npm
install
without any arguments, and when installing git dependencies (See
below). This is run AFTER prepublish
, but BEFORE prepublishOnly
.npm publish
. (See
below.)npm pack
, npm publish
, and when
installing git dependencies)npm test
command.npm stop
command.npm start
command.npm restart
command. Note: npm restart
will run the
stop and start scripts if no restart
script is provided.npm shrinkwrap
command.Additionally, arbitrary scripts can be executed by running npm
run-script <stage>
. Pre and post commands with matching
names will be run for those as well (e.g. premyscript
, myscript
,
postmyscript
). Scripts from dependencies can be run with
npm explore <pkg> -- npm run <stage>
.
Since `npm@1.1.71, the npm CLI has run the
prepublishscript for both
npm
publishand
npm install, because it's a convenient way to prepare a package
for use (some common use cases are described in the section below). It has
also turned out to be, in practice, [very
confusing](https://github.com/npm/npm/issues/10074). As of
npm@4.0.0, a new
event has been introduced,
prepare, that preserves this existing behavior. A
_new_ event,
prepublishOnlyhas been added as a transitional strategy to
allow users to avoid the confusing behavior of existing npm versions and only
run on
npm publish` (for instance, running the tests one last time to ensure
they're in good shape).
See https://github.com/npm/npm/issues/10074 for a much lengthier justification, with further reading, for this change.
If you need to perform operations on your package before it is used, in a way
that is not dependent on the operating system or architecture of the
target system, use a prepublish
script. This includes
tasks such as:
The advantage of doing these things at prepublish
time is that they can be done once, in a
single place, thus reducing complexity and variability.
Additionally, this means that:
coffee-script
as a devDependency
, and thus
your users don't need to have it installed.curl
or wget
or
other system tools on the target machines.npm will default some script values based on package contents.
"start": "node server.js"
:
If there is a server.js
file in the root of your package, then npm
will default the start
command to node server.js
.
"install": "node-gyp rebuild"
:
If there is a binding.gyp
file in the root of your package and you
haven't defined your own install
or preinstall
scripts, npm will
default the install
command to compile using node-gyp.
If npm was invoked with root privileges, then it will change the uid
to the user account or uid specified by the user
config, which
defaults to nobody
. Set the unsafe-perm
flag to run scripts with
root privileges.
Package scripts run in an environment where many pieces of information are made available regarding the setup of npm and the current state of the process.
If you depend on modules that define executable scripts, like test
suites, then those executables will be added to the PATH
for
executing the scripts. So, if your package.json has this:
{ "name" : "foo"
, "dependencies" : { "bar" : "0.1.x" }
, "scripts": { "start" : "bar ./test" } }
then you could run npm start
to execute the bar
script, which is
exported into the node_modules/.bin
directory on npm install
.
The package.json fields are tacked onto the npm_package_
prefix. So,
for instance, if you had {"name":"foo", "version":"1.2.5"}
in your
package.json file, then your package scripts would have the
npm_package_name
environment variable set to "foo", and the
npm_package_version
set to "1.2.5". You can access these variables
in your code with process.env.npm_package_name
and
process.env.npm_package_version
, and so on for other fields.
Configuration parameters are put in the environment with the
npm_config_
prefix. For instance, you can view the effective root
config by checking the npm_config_root
environment variable.
The package.json "config" keys are overwritten in the environment if
there is a config param of <name>[@<version>]:<key>
. For example,
if the package.json has this:
{ "name" : "foo"
, "config" : { "port" : "8080" }
, "scripts" : { "start" : "node server.js" } }
and the server.js is this:
http.createServer(...).listen(process.env.npm_package_config_port)
then the user could change the behavior by doing:
npm config set foo:port 80
Lastly, the npm_lifecycle_event
environment variable is set to
whichever stage of the cycle is being executed. So, you could have a
single script used for different parts of the process which switches
based on what's currently happening.
Objects are flattened following this format, so if you had
{"scripts":{"install":"foo.js"}}
in your package.json, then you'd
see this in the script:
process.env.npm_package_scripts_install === "foo.js"
For example, if your package.json contains this:
{ "scripts" :
{ "install" : "scripts/install.js"
, "postinstall" : "scripts/install.js"
, "uninstall" : "scripts/uninstall.js"
}
}
then scripts/install.js
will be called for the install
and post-install stages of the lifecycle, and scripts/uninstall.js
will be called when the package is uninstalled. Since
scripts/install.js
is running for two different phases, it would
be wise in this case to look at the npm_lifecycle_event
environment
variable.
If you want to run a make command, you can do so. This works just fine:
{ "scripts" :
{ "preinstall" : "./configure"
, "install" : "make && make install"
, "test" : "make test"
}
}
Scripts are run by passing the line as a script argument to sh
.
If the script exits with a code other than 0, then this will abort the process.
Note that these script files don't have to be nodejs or even javascript programs. They just have to be some kind of executable file.
If you want to run a specific script at a specific lifecycle event for ALL packages, then you can use a hook script.
Place an executable file at node_modules/.hooks/{eventname}
, and
it'll get run for all packages when they are going through that point
in the package lifecycle for any packages installed in that root.
Hook scripts are run exactly the same way as package.json scripts. That is, they are in a separate child process, with the env described above.
package.json(5)
to see all the things that you can specify and enable
by simply describing your package appropriately. In general, this
will lead to a more robust and consistent state.npm_config_binroot
environment variable is set to /home/user/bin
, then
don't try to install executables into /usr/local/bin
. The user
probably set it up that way for a reason.install
. Use a .gyp
file for compilation, and prepublish
for anything else. You should almost never have to explicitly set a
preinstall or install script. If you are doing this, please consider if
there is another option. The only valid use of install
or preinstall
scripts is for compilation which must be done on the target architecture.