The Ultimate NPM Guide for IBM i Developers in 2025

javascript

// Add Swagger documentation to your Express API

const express = require(‘express’);

const swaggerJsdoc = require(‘swagger-jsdoc’);

const swaggerUi = require(‘swagger-ui-express’);

const app = express();

const swaggerOptions = {

  definition: {

    openapi: ‘3.0.0’,

    info: {

      title: ‘Customer API’,

      version: ‘1.0.0’,

      description: ‘API for accessing customer data from IBM i’

    },

  },

  apis: [‘./routes/*.js’], // Path to the API routes

};

const swaggerDocs = swaggerJsdoc(swaggerOptions);

app.use(‘/api-docs’, swaggerUi.serve, swaggerUi.setup(swaggerDocs));

// Your API routes

// …

With just these few lines, you’ve added professional API documentation that follows industry standards — something that would take weeks to build from scratch.

Getting Started with NPM for IBM i

Using NPM on IBM i is straightforward, especially if you’ve already set up Node.js following our previous article:

1. Node.js Installation: NPM comes bundled with Node.js, so if you’ve installed Node.js on your IBM i, you already have NPM.

Basic Commands: Familiarize yourself with these essential NPM commands:
npm init         # Start a new project

npm install      # Install dependencies

npm install <package-name>  # Install a specific package

npm update       # Update packages

1. npm run <script> # Run a script defined in package.json
   
   
2. Understanding package.json: This file is the heart of any Node.js project. It defines:
   • Project Metadata
   • Dependencies
   • Scripts for automating tasks
   • Configuration information

Here’s a basic example:

json

{

  “name”: “ibmi-customer-api”,

  “version”: “1.0.0”,

  “description”: “REST API for customer data on IBM i”,

  “main”: “index.js”,

  “scripts”: {

    “start”: “node index.js”,

    “dev”: “nodemon index.js”,

    “test”: “jest”

  },

  “dependencies”: {

    “express”: “^4.17.1”,

    “idb-connector”: “^1.2.3”,

    “jsonwebtoken”: “^8.5.1”

  },

  “devDependencies”: {

    “nodemon”: “^2.0.7”,

    “jest”: “^27.0.6”

  }

}

This simple file tells NPM everything it needs to know about your project and its requirements.

Essential NPM Packages for IBM i Development

While there are millions of packages available, here are some particularly valuable for IBM i developers:

For API Development

• express: The most popular Node.js web framework
• body-parser: Middleware for processing request bodies
• axios: For making HTTP requests to other services
• cors: For handling Cross-Origin Resource Sharing
• helmet: Security middleware for Express

For IBM i Integration

• idb-connector: Official IBM package for connecting to DB2 on IBM i
• itoolkit: Access IBM i resources via program calls

For Security

• jsonwebtoken: Implementation of JSON Web Tokens
• passport: Authentication middleware for Node.js
• bcrypt: Password hashing library

For Development

• nodemon: Automatically restart your server during development
• jest: Testing framework
• eslint: Code linting for quality and consistency

Best Practices for Using NPM in Enterprise Environments

With great power comes great responsibility. Here are some best practices for using NPM in enterprise IBM i environments:

1. Security First

NPM packages are third-party code running on your system. Implement these security measures:

• Audit regularly: Run npm audit to check for vulnerabilities
• Use package-lock.json: Ensure dependency versions are locked
• Consider a private registry: For sensitive enterprise environments
• Vet packages carefully: Check GitHub stars, download counts, and maintenance status

2. Version Control

Always use semantic versioning in your package.json to avoid unexpected breaking changes:

“dependencies”: {

  “express”: “^4.17.1”  // ^ means accept minor updates but not major

}

The caret (^) accepts minor and patch updates, while a tilde (~) accepts only patch updates:

• ^4.17.1: Accepts 4.17.2, 4.18.0, but not 5.0.0
• ~4.17.1: Accepts 4.17.2, but not 4.18.0

3. Dependency Management

• Keep dependencies up to date but stable
• Regularly run npm update
• Consider using tools like Dependabot or Renovate to automate updates
• Document why specific packages were chosen

4. Performance Considerations

• Minimize the number of dependencies
• Use production flag when deploying: npm install –production
• Consider bundling for production applications

Real-World Example: Building a Customer API with NPM

Let’s put it all together with a practical example. Here’s how NPM packages can help build a secure, high-performance customer API for IBM i:

javascript

// Install required packages:

// npm install express idb-connector jsonwebtoken helmet cors winston

const express = require(‘express’);

const { dbconn, dbstmt } = require(‘idb-connector’);

const jwt = require(‘jsonwebtoken’);

const helmet = require(‘helmet’);

const cors = require(‘cors’);

const winston = require(‘winston’);

// Create Express application

const app = express();

// Apply middleware

app.use(helmet()); // Security headers

app.use(cors());   // Handle CORS

app.use(express.json()); // Parse JSON bodies

// Set up logging

const logger = winston.createLogger({

  level: ‘info’,

  format: winston.format.json(),

  transports: [

    new winston.transports.File({ filename: ‘/tmp/api-error.log’, level: ‘error’ }),

    new winston.transports.File({ filename: ‘/tmp/api-combined.log’ })

  ]

});

// Authentication middleware

const authenticateToken = (req, res, next) => {

  const authHeader = req.headers[‘authorization’];

  const token = authHeader && authHeader.split(‘ ‘)[1];

  if (!token) return res.sendStatus(401);

  jwt.verify(token, process.env.TOKEN_SECRET, (err, user) => {

    if (err) return res.sendStatus(403);

    req.user = user;

    next();

  });

};

// Routes

app.get(‘/api/customers/:id’, authenticateToken, (req, res) => {

  const connection = new dbconn();

  connection.conn(‘*LOCAL’);

  const stmt = new dbstmt(connection);

  const sql = ‘SELECT CUSNUM, CUSNAM, CITY FROM QIWS.QCUSTCDT WHERE CUSNUM = ?’;

  stmt.prepare(sql, (err) => {

    if (err) {

      logger.error(‘SQL prepare error’, { error: err, customerID: req.params.id });

      return res.status(500).json({ error: ‘Database error’ });

    }

    stmt.bindParameters([req.params.id], (bindErr) => {

      if (bindErr) {

        logger.error(‘Parameter binding error’, { error: bindErr });

        return res.status(500).json({ error: ‘Database error’ });

      }

      stmt.execute((result, execErr) => {

        if (execErr) {

          logger.error(‘SQL execution error’, { error: execErr });

          return res.status(500).json({ error: ‘Database error’ });

        }

        stmt.fetchAll((rows, fetchErr) => {

          if (fetchErr) {

            logger.error(‘Fetch error’, { error: fetchErr });

            return res.status(500).json({ error: ‘Database error’ });

          }

          res.json(rows[0] || { error: ‘Customer not found’ });

          // Clean up

          stmt.close();

          connection.disconn();

          connection.close();

        });

      });

    });

  });

});

// Start server

app.listen(3000, () => {

  logger.info(‘Server running on port 3000’);

  console.log(‘Server running on port 3000’);

});

This example uses six NPM packages to create a secure, well-logged, production-ready API that would take weeks to build from scratch. With NPM, you can focus on the business logic specific to your application rather than reinventing foundational components.

Integration with Eradani Connect

While learning to use NPM directly is valuable, platforms like Eradani Connect can help streamline integrating Node.js and NPM packages with your IBM i systems. Based on the latest industry research, here are key reasons developers should consider using Eradani Connect:

1. Simplified Integration Without Specialized Knowledge

Eradani Connect allows developers to access IBM i resources using standard open systems techniques, writing regular REST calls for functions and data. At the same time, the framework translates these calls into IBM i-compatible operations like RPG program calls, procedure calls, and database functions. This means your web developers don’t need to become IBM i experts.

2. Dramatically Shortened Learning Curve

For teams new to IBM i, the learning curve can be steep and time-consuming. Eradani Connect significantly flattens this curve by providing familiar interfaces for modern developers. As demonstrated in real-world implementations, developers can be productive with IBM i systems in days rather than months because they work with technologies and patterns they already understand. A JavaScript developer can interact with IBM i resources without even realizing they’re accessing an IBM i system.

3. Reduced Development Time

Building integrations from scratch requires handling numerous technical challenges, including data format translations, authentication mechanisms, error handling, and performance optimization. Eradani Connect provides pre-built solutions for these common challenges, allowing your team to focus on business logic rather than infrastructure plumbing. What might take weeks to develop manually can be implemented in days or even hours using Eradani Connect’s framework.

4. Enterprise-Grade Integration Every Time

When creating integrations between systems, factors like security, performance, monitoring, and error handling are critical for production environments. Eradani Connect incorporates enterprise best practices for all these aspects:

• Robust Security: Built-in support for industry-standard authentication protocols and secure communication
• Performance Optimization: High-throughput, low-latency connections optimized for IBM i
• Comprehensive Monitoring: Detailed logging and observability for production systems
• Error Handling and Recovery: Sophisticated error management to ensure reliable operations
• Scalability: Designed to handle enterprise workloads without performance degradation

These enterprise capabilities would require substantial time and expertise to implement manually but come standard with Eradani Connect.

5. Bi-directional Communication

Eradani Connect provides bi-directional connectors that allow IBM i users to call Open Source functions directly from RPG, COBOL, and CL, while also enabling Open Source developers to access IBM i programs and data securely. This two-way bridge eliminates silos between your traditional and modern development teams.

6. Millisecond-level Performance

The integration delivers response times measured in single-digit milliseconds, allowing you to integrate new functions into IBM i apps using JavaScript or other modern languages without performance degradation. This high-performance connectivity is crucial for enterprise applications.

7. Automatic Data Translation

Data format conversion is one of the most tedious aspects of IBM i integration. Eradani Connect automatically handles the translation between modern formats like JSON and traditional IBM i structured data and parameters, eliminating complex manual conversion code.

8. Incremental Modernization Approach

Eradani Connect enables a phased approach to modernizing IBM i environments, allowing you to build net-new applications using up-to-date languages, frameworks, and architectures rather than undertaking risky “big bang” rewrites. This gradual transition preserves your existing investments while enabling innovation.

9. Simplified Talent Acquisition

By making IBM i look and function like a standard Linux environment, Eradani Connect helps address the common concern about IBM i programmer retirement and skills gaps, allowing you to hire developers who are skilled in technologies like Node.js, React, Python, .Net, Java, and PHP to extend the capabilities of your core applications.

Moving Forward with NPM in Your IBM i Development

Start with small, focused projects as you begin incorporating NPM into your IBM i development workflow. Consider:

1. Creating utility APIs for specific business functions
2. Adding modern authentication to existing applications
3. Building dashboard interfaces for monitoring systems
4. Implementing scheduled jobs using Node.js and NPM packages

Remember that NPM is both a tool and a community. Beyond the technical aspects, it represents a collaborative approach to software development, transforming how enterprises build applications.

Coming Next: TypeScript for IBM i Developers

In our next post, we’ll explore TypeScript, the fifth essential skill for modern IBM i development. TypeScript builds on JavaScript by adding strong typing and advanced tooling, making it particularly valuable for large enterprise applications. We’ll look at how TypeScript can make your IBM i integrations more maintainable and less error-prone, especially as your projects grow in complexity. Stay tuned!