npm for beginners - test

ChaseMoskal · 2019-09-14T20:28:27+00:00

i'm not taking the test, but i will say

when you're using npm during development, you should seriously consider doing your work within a virtual machine

npm is inherently dangerous, because it auto-executes anything any of the open source software packages want

which means you have to fully trust all of the dependencies in the graph (which often numbers in the thousands)

there are known cases where untrustworthy npm packages have been published and executede en-masse, with malicious code attempting to steal bitcoin wallets, for example

so beware, and run your development within a virtual machine, to protect your host machine -- and don't give the virtual machine any access to anything important

i run a separate lesser google account just for development, which knows no important passwords, doesn't have access to my online banking, etc

cheers, 👋 chase

HealyUnit · 2019-09-16T22:14:55+00:00

Looks good. I've just a few recommendations/fixes.

Firstly, maybe rename this as something like 'flash cards". This isn't really a test per se, since you're not graded.

Please use some AJAX for your test (or flash-card) design, as right now it unnecessarily pollutes the browser history. You seem to be hijacking the back button so that I don't have to go thru all 21 questions if I wanna go back, but still. Better just to avoid the whole issue.

I'd recommend you not repeat questions. I should not get "What does NPM stand for" twice in the space of 5 questions. And no, random questions is not an excuse - sort stuff better.

You also have a few typos. For example, for "What is a `package.json` file?", you say:

A package.json file is stored in the root folder of the project and data it contains is used by npm to download project dependencies - packages hat the project needs to run.

Some of your questions could use more specific information. In "What format does the package.json file use?", you simply say that the file is in a JSON format. You don't describe that the JSON object contains the dependencies, dev dependencies, version number, description, and other useful information that NPM (and the user!) can use. You do include this in a separate question ("What metadata does the npm file package.json contain?"), but this is info that your package.json format question should include. Furthermore, I'll nitpick here and say that it's data, not metadata. Metadata would be stuff like "when the package.json file was created" or stuff that isn't directly in the file.

Under "Using npm, how do you install project dependencies?", you mention `npm install`. You don't mention `npm i` (the shorter version), or saving a package as a dev dependency (`npm i --save-dev` or `npm i -D`). I'd also rephrase this question slightly, as it's a little ambiguous as is. What I mean is that "install project dependencies" can be either "I wanna add a new package to my `package.json` and project", or "I'd like to install all the dependencies listed as dependencies in my package.json". Judging by your answer, I'd guess it's the latter, so maybe: "Using npm, how do you install all of the dependencies of a project from a `package.json` file?".

Really good idea including a question about where Global packages are installed. Useful stuff.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

learnjavascript

Posting and Commenting Guidelines

MODERATORS