Recently I had to develop and publish an NPM package, which I haven't done for a while. I was surprised I couldn't remember a half of the things, so I am doing a short recap now. Preparing a package is somewhat different from bundling a web application, so it inflicts a few changes.

# Structuring the code

TypeScript is the de-facto standard now, so I assume we all use it to make our NPM package. Create a package folder then, go there and generate tsconfig.json:

This will give you the initial tsconfig.json. It depends on specific case, but I usually then change:

• target to "esnext" or at least to "es6"
• module to
  • "esnext" when the package is intended to be used in Node environments only
  • "commonjs" otherwise, for Node and browsers

I'll also add:

• allowJs: true
• moduleResolution: "node"
• resolveJsonModule: true
• declaration: true
• sourceMap: true

If I need React, I will also add:

• jsx: "react"
• lib: ["dom", "dom.iterable", "esnext"]

I assume the source files will be placed to the src/ folder (this is the default). There is a tricky moment with the destination folder, where all the files go after the compilation. I see many modules having "./" as dist, this means that after installing your package imports like this:

will resolve foo to "./node_modules/mymodule/bar/foo", which means the "bar" folder is located in the root folder. I usually do it like this.

I also make sure the noEmit option is set to false, otherwise the tsc won't produce any files.

There is a way to have multiple config files, one extending another, and use them in different situations:

And then you can use it like this:

# Writing package.json

The next step is to init the package.json file. Here is how to do it non-interactively:

Then I do a few adjustments:

• prefix the name with the organization name, e.g: "@myorg/mypackage"
• set version to "0.0.0"
• fill up author, keywords and description with relevant stuff
• set the license to "MIT"
• set the repository to type:"git" and url to the repo url, same for the homepage
• if the package is not private, I set publishConfig.access to "public"

When building a CLI application, the bin parameter must be specified. It will allow the package manager to symlink the values listed there to the bin/ folder, which is added to the $PATH env variable.

Important: the entry must point to the compiled version of the package, not dev version. E.g:

The ./dist/index.js file is basically the entry point to your package upon calling the CLI command.

# Dependencies

Now, for the dependencies. There are three types:

• dev dependencies: packages only needed while developing your package: e.g. typescript
• dependencies: packages will be installed along when a user installs your package
• peer dependencies: packages that will not be installed, allowing the application owner to provide them for you

Peer dependencies are useful when working with massive packages such as React, and also with packages that produce side effects. Putting them to the peer deps helps avoiding situations when you end up with several versions of the library bundled up.

# Scripts

There are three scripts I normally add:

• to build the package: tsc
• to build and run the package in the development mode: ts-node ./src/index.ts
• to install peer packages for development: npx install-self-peers using @team-griffin/install-self-peers
• linting: eslint 'src/**/*.ts'
• format: prettier --write 'src/**/*.ts'

🚨 Never ever use ts-node to run production code, as ts-node is meant for development only! Also, feels like Node is going to support TypeScript natively soon.

# Default dependencies

There are several packages I typically include by default:

• lodash to get access to some array/object helpers
• debug to output the debugging info when needed
• some packages containing type definitions

For CLI applications I recommend:

• inquirer to create wizards and interactive modes
• commander to parse CLI options

So,

# Unit tests

Unit testing is an essential part of software development cycle. You can write unit tests using libraries such as Jest, which became sort of an industry standard. Of course, there are other projects available. Basically you want to have unit tests that make sure the contracts you package offers are not broken, and do so on every CI pass.

To enable jest, add jest.config.js:

And then add "include": ["src/**/*", "tests/**/*.ts"] to tsconfig.json, and

to package.json.

# Examples of package.json and tsconfig.json

Given all mentioned above, here goes a typical package.json:

And tsconfig.json:

# Other important files

There is a bunch of files that must be also created.

# .gitignore

Yes, we all know what .gitignore is. Typically, it looks like this:

# .npmignore

This file is important and is easily overlooked. The .npmignore serves the same purpose as .gitignore, but for NPM. Specify there all files you don't want to be included into the package upon publishing to NPM.

# .npmrc

This file isn't necessary to be committed as a static file. It can be created upon publishing the package to NPM in case you're publishing to a private NPM registry, such as Github registry. Here is the example:

The NPM_TOKEN env variable in this case contains the github access token and typically comes from the repository secrets on CICD. The token should have rights to read and publish NPM packages. If you company uses SSO, don't forget to enable the SSO for the token!

Again, you will only need this file in the repo if you intent to publish from your local machine, which I'm strongly against of.

# .eslintrc.json & .prettierrc

These two files are needed to configure linter:

... and prettier:

# CICD and versioning

A CICD pipeline should be used to publish new versions of the package. I go strongly against publishing from the local machine, as it can quickly turn into a mess.

I use Github Actions to build and publish packages, as for physical customers it's free unless abused.

Remember we've set "0.0.0" as the version number in package.json? Right, there are two ways to version packages that I use:

• Make a release on Github and take the version number from there.
• Auto-generate the next version at build time, and commit it back to the repository. This works better when a package is automatically built.

# Taking the version from the release

Here is the example of a workflow that takes the version. Note that the version is not committed back, so in the repository itself the package.json file holds the "0.0.0" value (and that's okay):

Also note, that .npmrc is generated only to publish the package, but is never committed.

# Choosing the version automatically

And here is another option of the workflow, where the version is determined based on the current version specified in the package.json, and then incremented. That's why the version change must be committed back to the repository.

This approach can be useful for automatic builds, as the workflow can be triggered manually via a webhook or through Github UI.

This is how to trigger a workflow within another workflow:

# Mono repositories

A few words on automating monorepos. Some projects can have functionality distributed between several packages, that depend on each other. For example, there could be packages @someproject/core, @someproject/cli, @someproject/web and so on.

Whenever there is a new update being pushed, you can either increment versions of all packages at once to keep them in sync, or you can have different versions per each package.

To manage all this, Lerna can help.

# README.md & LICENSE

The README.md file is crucial to on-boarding users of the package. The file can be a substitution for a website dedicated to the package, and should have at least brief explanation, some use-cases, a reference and some contacts.

The LICENSE file is sometimes required to be included, as a certain type of license may demand. License texts can be found here.

Well that's pretty much it! Cheers.