知识库

Appearance

Return to top
On this page

npm 团队协作

npm在团队协作中的使用涉及多个方面,包括工作流程、依赖管理、安全策略和标准化配置等。本章将详细介绍如何在团队环境中有效使用npm。

团队工作流程

标准化开发环境

json
{
  "name": "team-project",
  "scripts": {
    "setup": "npm install && npm run postinstall",
    "dev": "concurrently \"npm run dev:client\" \"npm run dev:server\"",
    "postinstall": "husky install && node scripts/check-env.js"
  },
  "engines": {
    "node": ">=16.14.0",
    "npm": ">=8.0.0"
  },
  "volta": {
    "node": "18.12.1",
    "npm": "8.19.2"
  }
}

环境验证脚本

javascript
// scripts/check-env.js
const fs = require('fs');
const path = require('path');

function checkEnvironment() {
  // 检查Node.js版本
  const requiredNodeVersion = require('../package.json').engines.node;
  const currentVersion = process.version;
  
  if (!require('semver').satisfies(currentVersion, requiredNodeVersion)) {
    console.error(`Node.js version ${currentVersion} does not satisfy ${requiredNodeVersion}`);
    process.exit(1);
  }
  
  // 检查npm版本
  const npmVersion = process.env.npm_package_engines_npm;
  if (npmVersion && !require('semver').satisfies(process.env.npm_config_user_agent?.split('/')[1], npmVersion)) {
    console.error(`npm version does not match required version`);
    process.exit(1);
  }
  
  console.log('Environment check passed');
}

checkEnvironment();

代码质量与规范

代码规范配置

json
{
  "scripts": {
    "lint": "eslint src/ --ext .js,.jsx,.ts,.tsx",
    "lint:fix": "eslint src/ --ext .js,.jsx,.ts,.tsx --fix",
    "format": "prettier --write \"src/**/*.{js,jsx,ts,tsx,json,css,md}\"",
    "format:check": "prettier --check \"src/**/*.{js,jsx,ts,tsx,json,css,md}\"",
    "type-check": "tsc --noEmit",
    "validate": "npm run type-check && npm run lint && npm run test"
  },
  "devDependencies": {
    "eslint": "^8.0.0",
    "prettier": "^2.0.0",
    "typescript": "^4.0.0"
  }
}

ESLint配置

json
// .eslintrc.json
{
  "extends": [
    "eslint:recommended",
    "@typescript-eslint/recommended"
  ],
  "parser": "@typescript-eslint/parser",
  "plugins": [
    "@typescript-eslint"
  ],
  "rules": {
    "no-console": "warn",
    "no-debugger": "error",
    "semi": ["error", "always"],
    "quotes": ["error", "single"]
  }
}

Prettier配置

json
// .prettierrc
{
  "semi": true,
  "trailingComma": "es5",
  "singleQuote": true,
  "printWidth": 80,
  "tabWidth": 2,
  "useTabs": false,
  "bracketSpacing": true,
  "arrowParens": "avoid"
}

Git工作流集成

Git Hooks配置

json
{
  "devDependencies": {
    "husky": "^8.0.0",
    "lint-staged": "^13.0.0"
  },
  "scripts": {
    "prepare": "husky install",
    "pre-commit": "lint-staged"
  },
  "lint-staged": {
    "*.{js,jsx,ts,tsx}": [
      "eslint --fix",
      "prettier --write",
      "git add"
    ],
    "*.{json,md}": [
      "prettier --write",
      "git add"
    ]
  }
}

Husky配置

bash
# .husky/pre-commit
#!/usr/bin/env sh
. "$(dirname -- "$0")/_/husky.sh"

npm run pre-commit
bash
# .husky/commit-msg
#!/usr/bin/env sh
. "$(dirname -- "$0")/_/husky.sh"

npx commitlint --edit "$1"

Commit规范

json
{
  "devDependencies": {
    "@commitlint/cli": "^17.0.0",
    "@commitlint/config-conventional": "^17.0.0"
  }
}
javascript
// commitlint.config.js
module.exports = {
  extends: ['@commitlint/config-conventional'],
  rules: {
    'type-enum': [
      2,
      'always',
      [
        'feat', // 新功能
        'fix', // 修复
        'docs', // 文档
        'style', // 格式
        'refactor', // 重构
        'perf', // 性能优化
        'test', // 测试
        'chore' // 构建过程或辅助工具的变动
      ]
    ],
    'subject-case': [
      2,
      'never',
      ['sentence-case', 'start-case', 'pascal-case', 'upper-case']
    ]
  }
};

依赖管理策略

依赖审查流程

json
{
  "scripts": {
    "security:check": "npm audit --audit-level moderate",
    "deps:check": "npx npm-check --skip-unused false",
    "deps:outdated": "npm outdated",
    "deps:audit": "npm audit && npx npm-check"
  }
}

依赖更新策略

json
{
  "scripts": {
    "deps:update": "npx npm-check-updates -u && npm install",
    "deps:update:minor": "npx npm-check-updates -u --target minor && npm install",
    "deps:update:patch": "npx npm-check-updates -u --target patch && npm install"
  }
}

依赖锁定和验证

json
{
  "scripts": {
    "deps:lock": "npm install --package-lock-only",
    "deps:verify": "npm ls && npm audit",
    "deps:clean": "rm -rf node_modules package-lock.json && npm install"
  }
}

团队配置管理

共享配置文件

bash
# .npmrc - 共享npm配置
audit=false
fund=false
progress=true
loglevel=warn
save-exact=true
bash
# .nvmrc - Node.js版本管理
18.12.1
json
// .editorconfig - 编辑器配置
root = true

[*.js]
indent_style = space
indent_size = 2
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true

[*.json]
indent_size = 2

团队标准化脚本

json
{
  "scripts": {
    "team:setup": "node scripts/team-setup.js",
    "team:verify": "node scripts/verify-environment.js",
    "team:update": "node scripts/update-team-config.js"
  }
}
javascript
// scripts/team-setup.js
const fs = require('fs');
const path = require('path');

function setupTeamEnvironment() {
  // 确保husky hooks被安装
  if (fs.existsSync('.git')) {
    require('child_process').execSync('npx husky install', { stdio: 'inherit' });
  }
  
  // 创建必要的目录
  const dirs = ['.vscode', '.github', 'scripts'];
  dirs.forEach(dir => {
    if (!fs.existsSync(dir)) {
      fs.mkdirSync(dir, { recursive: true });
    }
  });
  
  console.log('Team environment setup complete');
}

setupTeamEnvironment();

工作区协作

Monorepo工作区配置

json
{
  "name": "team-monorepo",
  "private": true,
  "workspaces": [
    "packages/*",
    "apps/*",
    "shared/*"
  ],
  "scripts": {
    "build": "npm run build --workspaces --if-present",
    "test": "npm run test --workspaces --if-present",
    "dev": "concurrently \"npm run dev --workspace=app-frontend\" \"npm run dev --workspace=app-backend\"",
    "lint": "npm run lint --workspaces --if-present",
    "format": "prettier --write . && npm run format --workspaces --if-present"
  }
}

工作区依赖管理

json
// packages/shared/package.json
{
  "name": "@team/shared",
  "version": "1.0.0",
  "scripts": {
    "build": "tsc",
    "dev": "tsc --watch"
  }
}
json
// apps/frontend/package.json
{
  "name": "frontend",
  "version": "1.0.0",
  "dependencies": {
    "@team/shared": "workspace:*"
  },
  "scripts": {
    "dev": "vite",
    "build": "vite build"
  }
}

安全协作策略

安全审计流程

json
{
  "scripts": {
    "security:audit": "npm audit --audit-level moderate",
    "security:audit:ci": "npm audit --audit-level low --json | npx @npmcli/audit-report",
    "security:check": "snyk test",
    "security:monitor": "snyk monitor"
  }
}

权限管理

bash
# 设置团队npm组织
npm access grant read-write @team:developers package-name
npm team create @team:developers
npm team add @team:developers username

发布流程

json
{
  "scripts": {
    "release:check": "npm run test && npm run security:audit",
    "release:patch": "npm version patch && npm publish",
    "release:minor": "npm version minor && npm publish",
    "release:major": "npm version major && npm publish",
    "release:prerelease": "npm version prerelease --preid=beta && npm publish --tag beta"
  }
}

CI/CD协作

GitHub Actions配置

yaml
# .github/workflows/ci.yml
name: CI/CD Pipeline

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]

jobs:
  test:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [16.x, 18.x]
        
    steps:
      - uses: actions/checkout@v3
      
      - name: Setup Node.js
        uses: actions/setup-node@v3
        with:
          node-version: ${{ matrix.node-version }}
          cache: 'npm'
          
      - name: Install dependencies
        run: npm ci
        
      - name: Run tests
        run: npm test
        env:
          CI: true
          
      - name: Run linting
        run: npm run lint
        
      - name: Run security audit
        run: npm audit --audit-level moderate
yaml
# .github/workflows/release.yml
name: Release

on:
  push:
    tags:
      - 'v*'

jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      
      - name: Setup Node.js
        uses: actions/setup-node@v3
        with:
          node-version: '18'
          registry-url: 'https://registry.npmjs.org/'
          
      - name: Install dependencies
        run: npm ci
        
      - name: Build
        run: npm run build
        
      - name: Publish
        run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

团队文档和知识共享

脚本文档

json
{
  "name": "team-project",
  "scripts": {
    "dev": "启动开发服务器",
    "build": "构建生产版本",
    "test": "运行所有测试",
    "lint": "检查代码质量",
    "format": "格式化代码",
    "security": "运行安全审计",
    "clean": "清理构建文件"
  },
  "description": "团队协作项目模板",
  "keywords": ["team", "npm", "collaboration"],
  "repository": {
    "type": "git",
    "url": "https://github.com/team/project.git"
  }
}

贡献指南

markdown
# 贡献指南

## 开发环境设置

```bash
# 克隆项目
git clone <repository-url>
cd project-name

# 安装依赖
npm install

# 验证环境
npm run team:verify

代码规范

  • 使用Prettier格式化代码
  • 遵循ESLint规则
  • 提交信息遵循Conventional Commits规范

分支策略

  • main: 生产就绪代码
  • develop: 开发主分支
  • feature/*: 功能分支
  • hotfix/*: 紧急修复分支

## 故障排除和常见问题

### 团队常见问题

```bash
# 问题:依赖冲突
# 解决:使用npm ls检查,清理并重新安装
npm ls
rm -rf node_modules package-lock.json
npm install

# 问题:环境不一致
# 解决:使用Volta或nvm管理Node.js版本
volta install node@18.12.1
volta pin node@18.12.1

# 问题:权限问题
# 解决:配置npm使用本地目录
mkdir ~/.npm-global
npm config set prefix '~/.npm-global'
export PATH=~/.npm-global/bin:$PATH

调试脚本

json
{
  "scripts": {
    "debug:env": "node -e \"console.log('Node:', process.version, 'NPM:', process.env.npm_config_user_agent)\"",
    "debug:deps": "npm ls --depth=0",
    "debug:cache": "npm config get cache && npm cache verify"
  }
}

最佳实践总结

团队协作检查清单

  • [ ] 所有成员使用相同Node.js版本
  • [ ] 配置了pre-commit hooks
  • [ ] 设置了CI/CD流水线
  • [ ] 定义了代码规范和审查流程
  • [ ] 实施了安全审计
  • [ ] 文档化了开发流程
  • [ ] 设置了依赖更新策略
  • [ ] 配置了共享的开发工具

通过实施这些团队协作最佳实践,可以确保团队成员在使用npm时保持一致的开发体验,提高开发效率和代码质量。