An introduction to the NPM package manager
Table of Contents
NPM. For a more in-depth guide, check out the NPM documentation.
npm is the standard package manager for Node.js.
In September 2022 over 2.1 million packages were reported being listed in the npm registry, making it the biggest single language code repository on Earth, and you can be sure there is a package for (almost!) everything.
npm manages downloads of dependencies of your project.
If a project has a
package.json file, by running
it will install everything the project needs, in the
node_modules folder, creating it if it's not existing already.
You can also install a specific package by running
Furthermore, since npm 5, this command adds
<package-name> to the
package.json file dependencies. Before version 5, you needed to add the flag
Often you'll see more flags added to this command:
--save-devinstalls and adds the entry to the
--no-saveinstalls but does not add the entry to the
--save-optionalinstalls and adds the entry to the
--no-optionalwill prevent optional dependencies from being installed
Shorthands of the flags can also be used:
The difference between devDependencies and dependencies is that the former contains development tools, like a testing library, while the latter is bundled with the app in production.
As for the optionalDependencies the difference is that build failure of the dependency will not cause installation to fail. But it is your program's responsibility to handle the lack of the dependency. Read more about optional dependencies.
Updating is also made easy, by running
npm will check all packages for a newer version that satisfies your versioning constraints.
You can specify a single package to update as well:
In addition to plain downloads,
npm also manages versioning, so you can specify any specific version of a package, or require a version higher or lower than what you need.
Many times you'll find that a library is only compatible with a major release of another library.
Or a bug in the latest release of a lib, still unfixed, is causing an issue.
Specifying an explicit version of a library also helps to keep everyone on the same exact version of a package, so that the whole team runs the same version until the
package.json file is updated.
In all those cases, versioning helps a lot, and
npm follows the semantic versioning (semver) standard.
You can install a specific version of a package, by running
The package.json file supports a format for specifying command line tasks that can be run by using
It's very common to use this feature to run Webpack:
So instead of typing those long commands, which are easy to forget or mistype, you can run