npm
Manage JavaScript packages
TLDR
Create a package.json file with default values (omit --yes to do it interactively)
Download all the packages listed as dependencies in package.json
Download a specific version of a package and add it to the list of dependencies in package.json
Download the latest version of a package and add it to the list of dev dependencies in package.json
Download the latest version of a package and install it globally
Uninstall a package and remove it from the list of dependencies in package.json
List all locally installed dependencies
List all top-level globally installed packages
SYNOPSIS
npm [command] [options] [arguments]
Examples:
npm install [package-name]
npm run [script-name]
npm init
npm publish
npm help [command]
PARAMETERS
npm primarily operates via subcommands, each with its own specific set of options and arguments. The following are common global options that can often be applied to most npm commands:
--version
Prints the npm version and exits.
--help [command]
Displays help information for npm or a specific npm command.
--json
Outputs data in JSON format.
--global, -g
Operates in 'global' mode, installing packages into the npm installation directory rather than the current project.
--loglevel level
Sets the logging level (e.g., silent, error, warn, info, verbose, silly).
--dry-run
Shows what would happen without actually making any changes.
--force
Forces npm to do something it otherwise might not do.
--yes, -y
Automatically answers 'yes' to prompts.
--prefix path
The location to install global packages or to find configuration files.
--audit
Runs a security audit, typically when installing packages.
--save-dev
Package will appear in your devDependencies. Only relevant for npm install.
--save-optional
Package will appear in your optionalDependencies. Only relevant for npm install.
--no-save
Prevents saving the package to dependencies in package.json. Only relevant for npm install.
DESCRIPTION
npm, short for Node Package Manager, is the default package manager for the JavaScript runtime environment Node.js. It's a fundamental tool for developers working with Node.js, enabling them to install, manage, and publish reusable pieces of code known as "packages" or "modules."
At its core, npm facilitates interaction with the npm registry, a vast online database of open-source JavaScript projects. Developers use npm to download and install packages required by their projects, manage project dependencies defined in a package.json file, and execute scripts defined within that file. It also provides a way to publish new packages, contributing to the ever-growing JavaScript ecosystem.
npm plays a crucial role in modern web development, simplifying dependency management for front-end frameworks (like React, Angular, Vue), back-end services (with Express.js), and various developer tools. Its ability to handle complex dependency trees and automate common tasks makes it an indispensable tool for building scalable and maintainable JavaScript applications.
CAVEATS
Disk Space Usage: npm installations, especially with deep dependency trees, can consume significant disk space in the node_modules directory. This can be a concern for projects with many dependencies.
Dependency Conflicts: Resolving complex dependency graphs can sometimes lead to version conflicts or "dependency hell" where different packages require incompatible versions of the same dependency.
Security Concerns: While the npm registry is vast, vigilance is required. Malicious or poorly maintained packages can pose security risks, making it crucial to audit dependencies (e.g., using npm audit).
Network Dependence: Most npm operations require an internet connection to access the npm registry, though local caches can mitigate some offline usage.
<B>THE <I>PACKAGE.JSON</I> FILE</B>
This file is central to every npm project. It stores metadata about the project (name, version, description) and, critically, lists all project dependencies (dependencies, devDependencies, etc.) and defines scripts that can be run using npm run.
<B>THE <I>NODE_MODULES</I> DIRECTORY</B>
When you run npm install, all project dependencies are downloaded and placed into this directory within your project's root. This directory can become very large due to transitive dependencies.
<B><I>NPM</I> REGISTRY</B>
The official public npm registry is a vast online database of open-source JavaScript packages. It serves as the primary source for downloading packages and for publishing your own reusable modules to the community.
<B>COMMON <I>NPM</I> COMMANDS</B>
Beyond installing packages, npm offers numerous commands:
- install: Installs packages and dependencies.
- run: Executes predefined scripts from package.json.
- init: Creates a new package.json file.
- publish: Publishes a package to the npm registry.
- update: Updates packages to their latest compatible versions.
- test: Runs tests defined in package.json.
HISTORY
npm was initially created by Isaac Schlueter and first released in January 2010. It quickly became the de facto standard package manager for Node.js, growing alongside the Node.js ecosystem itself. Its development was driven by the need for a robust system to manage the reusable modules that were emerging in the burgeoning JavaScript server-side environment. In 2020, npm, Inc., the company behind npm, was acquired by GitHub (a subsidiary of Microsoft). This acquisition aimed to ensure the long-term viability and continued development of the npm registry and client, which are critical infrastructure for the global JavaScript community. The project has seen continuous improvements in performance, security, and features, including the introduction of workspaces and improved audit capabilities.