Understanding npm
npm (Node Package Manager) is the world's largest software registry with over 2 million packages. It comes bundled with Node.js and is essential for managing dependencies in any Node.js project.
What is npm?
npm serves three purposes:
- Package Registry: A massive collection of open-source packages
- CLI Tool: Commands to install, update, and manage packages
- Website: npmjs.com to browse and search packages
# Check npm version
npm --version
# Get help
npm help
# Search for packages
npm search express
Initializing a Project
Every Node.js project starts with npm init:
# Interactive initialization
npm init
# Quick initialization with defaults
npm init -y
This creates a package.json file—the heart of your project:
{
"name": "my-project",
"version": "1.0.0",
"description": "A sample Node.js project",
"main": "index.js",
"scripts": {
"start": "node index.js",
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [],
"author": "",
"license": "ISC"
}
Loading JavaScript Playground...
Installing Packages
Install a Package
# Install and add to dependencies
npm install express
npm i express # shorthand
# Install specific version
npm install express@4.18.2
# Install and add to devDependencies
npm install --save-dev jest
npm install -D jest # shorthand
# Install globally (available everywhere)
npm install -g nodemon
What Happens During Install
- npm downloads the package from the registry
- Saves it to
node_modules/folder - Updates
package.json(dependencies or devDependencies) - Updates
package-lock.json(exact versions)
The node_modules Folder
This folder contains all installed packages:
node_modules/
├── express/
│ ├── package.json
│ ├── index.js
│ └── lib/
├── lodash/
└── ... (thousands of files!)
Important points:
- Never commit
node_modulesto git (add to.gitignore) - Can always recreate with
npm install - May contain nested dependencies
package-lock.json
This file locks exact versions of all dependencies:
{
"name": "my-project",
"lockfileVersion": 3,
"packages": {
"node_modules/express": {
"version": "4.18.2",
"resolved": "https://registry.npmjs.org/express/-/express-4.18.2.tgz",
"integrity": "sha512-..."
}
}
}
Why it matters:
- Ensures everyone gets the same versions
- Speeds up installations
- Always commit this file to git
Managing Dependencies
View Installed Packages
# List all packages
npm list
# List only top-level packages
npm list --depth=0
# List outdated packages
npm outdated
Update Packages
# Update all packages (within semver range)
npm update
# Update specific package
npm update express
# Update to latest (ignoring semver)
npm install express@latest
Remove Packages
# Uninstall package
npm uninstall lodash
npm rm lodash # shorthand
# Uninstall dev dependency
npm uninstall -D jest
Loading JavaScript Playground...
Running npm Scripts
Define and run custom scripts in package.json:
{
"scripts": {
"start": "node src/index.js",
"dev": "nodemon src/index.js",
"test": "jest",
"test:watch": "jest --watch",
"build": "tsc",
"lint": "eslint src/",
"lint:fix": "eslint src/ --fix"
}
}
# Run scripts
npm run start
npm run dev
npm run test
# Special scripts (don't need 'run')
npm start
npm test
npm stop
npm restart
dependencies vs devDependencies
| Type | Purpose | Installed in Production |
|---|---|---|
| dependencies | Required to run your app | Yes |
| devDependencies | Only for development/testing | No |
{
"dependencies": {
"express": "^4.18.2", // Web framework - needed in production
"mongoose": "^8.0.0" // Database - needed in production
},
"devDependencies": {
"jest": "^29.7.0", // Testing - only for development
"nodemon": "^3.0.2", // Auto-restart - only for development
"eslint": "^8.55.0" // Linting - only for development
}
}
# Install only production dependencies
npm install --production
# or
NODE_ENV=production npm install
Finding Packages
Before writing code, check if a package exists:
- npmjs.com: Browse and search
- npm search: Command line search
- GitHub: Check stars, issues, activity
Evaluating Packages
Look for:
- Weekly downloads (popularity)
- Last publish date (maintenance)
- Open issues and PRs
- Documentation quality
- Bundle size (for frontend)
Loading JavaScript Exercise...
Common npm Commands Reference
| Command | Description |
|---|---|
npm init | Create package.json |
npm install | Install all dependencies |
npm install <pkg> | Install and save package |
npm install -D <pkg> | Install as dev dependency |
npm install -g <pkg> | Install globally |
npm uninstall <pkg> | Remove package |
npm update | Update packages |
npm outdated | Check for outdated packages |
npm list | List installed packages |
npm run <script> | Run script from package.json |
npm publish | Publish package to registry |
npm audit | Check for vulnerabilities |
npm audit fix | Fix vulnerabilities |
Key Takeaways
- npm is the package manager for Node.js
npm initcreates package.json for your project- Use
npm installto add packages dependenciesare for production,devDependenciesfor developmentpackage-lock.jsonlocks exact versions (commit it!)- Never commit
node_modules(add to .gitignore) - Use
npm run <script>to run scripts from package.json
Summary
npm is an essential tool for Node.js development. You've learned how to initialize projects, install packages, manage dependencies, and run scripts. Understanding npm is crucial because almost every Node.js project relies on third-party packages from the npm registry.
Next, you'll explore the package.json file in more detail and learn advanced configuration options.