Block npm from running postinstall scripts

Every npm package when it install is capable of executing an arbitrary code (running on node) on you machine.
package.json
"scripts": { "postinstall: "virtus.js" }

This is a potential backdoor. I bet that sooner or later someone is going to take adventage of it. In order to block npm packages from doing it you can run this command on your machine.
npm config set ignore-scripts true

Not being able to login to npm -- npm adduser not working

In various organisations it is common to code in environment that requires you to connect to a organisation specific repository or to use a specific user. Sometimes you want to push your package to a global npm (https://registry.npmjs.org/) repository and the process doesn't work. What I enjoy doing is to setup a local .npmrc file inside a project structure. Inside it I specify the registry configuration like:

registry = "https://registry.npmjs.org/"

adduser command runs in a scope of a registry. Often when you try to use it it tells you that your username doesn't exist, or user was incorrect because you were verifying against a server that is specified by registry parameter. Without running adduser command often your environment will pickup user credentials that are specified by your systeadmins and are related to a registry that is specific for the organization. That's why when you run following command w/o running ever adduser it often displays username:



If you run adduser command in a directory that has registry set to a different location your result will be different:


It is worth noticing that adduser command doesn't add any lines to local .npmrc file. File will only contain registry entry.

JavaScript Exceptions vs. Errors

A JavaScript exception is a value that is thrown as a result of an invalid operation or as the target of a throw statement. While it is not required that these values are instances of Error or classes which inherit from Error, all exceptions thrown by Node.js or the JavaScript runtime will be instances of Error.

Some exceptions are unrecoverable at the JavaScript layer. Such exceptions will always cause the Node.js process to crash.

This is why you can write:
throw new Exception("foo bar");
throw "foo bar";

No versions found in startbootstrap-sb-admin-2.git

No versions found in https://github.com/IronSummitMedia/startbootstrap-sb-admin-2.git

The problem manifests itself because IronSummitMedia changed it's name to BlackrockDigital and you should go and install a different package from:

https://github.com/BlackrockDigital/startbootstrap-sb-admin-2

UNMET PEER DEPENDENCY kerberos@~0.0, while installing mongoose

I am not sure why it is not in a mongoose documentation, but when you run:

npm install --save mongoose

You receive a following error

UNMET PEER DEPENDENCY kerberos@~0.0

I had to install first kerberos in order for mongoose to success.

npm install --save kerberos mongoose

gulp-jshint@2.0.0 requires a peer of jshint@2.x but none was installed

Just like in title. When you try to run

npm install

In freshly created mean folder

cd  && npm install

You will probably first see

├── UNMET PEER DEPENDENCY jshint@2.x

Error and then at the very end

npm WARN EPEERINVALID gulp-jshint@2.0.0 requires a peer of jshint@2.x but none was installed.

In order to fix this issue you need to run

npm install --save-dev jshint gulp-jshint

It will show some invalid operations in a console

But at the end it will work.

node-gyp installation cl.exe missing

A common problem when you try to install karma, mean stack or other node modules that depend on gyp module. You see following message:

TRACKER : error TRK0005: Failed to locate: "CL.exe". The system cannot find the file specified. [d:\worek\gitHub\meanPlayground\play
ground\node_modules\bufferutil\build\bufferutil.vcxproj]

In many places you will see that you are missing VS2013 compiler, and you will be asked to install Microsoft Visual Studio Express 2012 for Windows Desktop. Do not do it if you are running VS2015, just add feature in VS: Common Tools For Visual C++ 2015.

Under the hood it will still install multiple 2013 components - ech, and the year is almost 2016.