npm-install

Install dependencies listed in package.json

$ npm [[i|install]]

$ npm [[i|install]] [package_name]@[version]

$ npm [[i|install]] [[-D|--save-dev]] [package_name]

$ npm [[i|install]] [[-g|--global]] [package_name]

npm install [<package-spec>] [<options>]

--save, -S
    (Default behavior since npm 5)
Saves the installed package as a production dependency in the dependencies field of package.json.

--save-dev, -D
    Saves the installed package as a development dependency in the devDependencies field of package.json.

--save-optional, -O
    Saves the installed package as an optional dependency in the optionalDependencies field of package.json.

--global, -g
    Installs the package globally, making its executables available in the system's PATH. Global packages are not project-specific dependencies.

--production
    Installs only production dependencies (i.e., those in dependencies and optionalDependencies), skipping devDependencies. This is commonly used in deployment environments.

--force
    Forces npm to fetch remote resources even if local caches exist, or to re-install packages. Can override certain checks or warnings.

--dry-run
    Performs a trial run, showing what would happen without actually making any changes to the file system or package.json.

--legacy-peer-deps
    Instructs npm to install peer dependencies using the legacy algorithm (pre-npm v7), which can help with older projects or complex dependency trees.

--no-package-lock
    Prevents npm from writing a package-lock.json file. This is generally discouraged for reproducible builds.

npm install is the fundamental command for managing project dependencies within the Node.js ecosystem. When executed without arguments in a directory containing a package.json file, it reads the dependencies and devDependencies listed within it and downloads them into the local node_modules directory.

If a package-lock.json (or npm-shrinkwrap.json) file is present, npm install strictly adheres to it, guaranteeing reproducible builds by installing exact versions of all direct and transitive dependencies. Alternatively, npm install can be used to add a specific package, optionally saving it to your package.json. It is an indispensable tool for setting up development environments and deploying Node.js applications efficiently.

Disk Space & node_modules size:
The node_modules directory can grow very large, consuming significant disk space, especially in projects with many dependencies.

package-lock.json Conflicts:
When collaborating, merge conflicts in package-lock.json are common and require careful resolution to maintain consistent builds.

Peer Dependency Warnings:
Npm may warn about unresolved peer dependencies. While often just warnings, they can sometimes indicate potential incompatibility issues.

Security Vulnerabilities:
Dependencies can contain security vulnerabilities. Regularly running npm audit after npm install is highly recommended to identify and mitigate risks.

package.json defines your project's direct dependencies with version ranges (e.g., ^1.0.0), while package-lock.json records the exact, immutable dependency tree, including transitive dependencies, used during the last npm install. This ensures consistent installs across different environments, preventing 'it works on my machine' scenarios.

While npm install is used for general package management (installing new packages, updating, or fresh installs), npm ci (clean install) is specifically designed for automated environments like CI/CD pipelines. npm ci *requires* a package-lock.json and installs dependencies by first deleting node_modules and then performing a fresh install based *only* on the lock file, without modifying it. This ensures much faster and more reproducible builds in a controlled environment.

Npm (Node Package Manager), created by Isaac Schlueter, was first released in January 2010 and quickly became the default package manager for Node.js. Its introduction was pivotal for the rapid growth of the Node.js ecosystem, standardizing how developers share and consume modules. The npm install command has been at the core of this, continually evolving to handle increasingly complex dependency graphs. Key milestones include the introduction of package-lock.json in npm v5 to ensure deterministic installs, and the shift in npm v7 to a new, stricter peer dependency resolution algorithm, significantly impacting how npm install behaves.

npm(1), npm update(1), npm uninstall(1), npm ci(1), npm audit(1), npm init(1)