NPM Basics
NPM = Node Package Manager for JavaScript
What is NPM?
"Package manager + registry"
NPM (Node Package Manager) is:
- Package manager for JavaScript
- Registry of open-source packages
- Command-line tool
- Part of Node.js ecosystem
"NPM is the package manager for JavaScript that manages dependencies and provides access to a vast registry of open-source packages."
Core Concepts
package.json = manifest, node_modules = packages
- package.json: Project manifest with dependencies
- node_modules: Installed packages folder
- npm registry: Public package repository
- Semantic versioning: Version numbering (major.minor.patch)
"NPM uses package.json to define dependencies and installs packages into node_modules."
Common Commands
install · init · run · publish
| Command | Purpose |
|---|---|
npm install | Install dependencies |
npm init | Create package.json |
npm install <package> | Install package |
npm run <script> | Run npm script |
npm publish | Publish package |
npm update | Update packages |
package.json
Project configuration file
{
"name": "my-app",
"version": "1.0.0",
"scripts": {
"start": "node index.js",
"test": "jest"
},
"dependencies": {
"react": "^18.0.0"
},
"devDependencies": {
"jest": "^29.0.0"
}
}
"package.json defines project metadata, scripts, and dependencies (production and development)."
Dependencies vs DevDependencies
dependencies = production, devDependencies = development
- dependencies: Needed in production
- devDependencies: Only needed during development
npm install --save-devfor dev dependencies
"Dependencies are required in production, while devDependencies are only needed during development."
Version Ranges
^ = compatible, ~ = patch, exact = specific
^18.0.0: Compatible versions (18.x.x)~18.0.0: Patch versions (18.0.x)18.0.0: Exact version*: Latest version
"Version ranges control which package versions can be installed, with ^ allowing compatible updates."
npm scripts
Custom commands in package.json
{
"scripts": {
"start": "react-scripts start",
"build": "react-scripts build",
"test": "jest"
}
}
Run with: npm run <script>
"npm scripts define custom commands that can be run with npm run, automating common tasks."
package-lock.json
Locks exact versions
- Records exact versions installed
- Ensures consistent installs
- Should be committed to version control
- Generated automatically
"package-lock.json locks exact dependency versions to ensure consistent installations across environments."
9️⃣ npm vs yarn vs pnpm
Different package managers, similar goals
| Manager | Speed | Features |
|---|---|---|
| npm | Standard | Built into Node.js |
| yarn | Faster | Better caching |
| pnpm | Fastest | Disk efficient |
"Yarn and pnpm are alternative package managers with improved performance and features compared to npm."
Best Practices
✅ Commit package-lock.json
✅ Use exact versions for critical packages
✅ Regular security audits (npm audit)
✅ Keep dependencies updated
✅ Use .npmrc for configuration
❌ Don't commit node_modules
"NPM is the package manager for JavaScript that manages project dependencies. It uses package.json to define dependencies and scripts, installs packages to node_modules, and supports semantic versioning. package-lock.json ensures consistent installs, and npm scripts automate common tasks. Alternatives like Yarn and pnpm offer improved performance."
🧠 Ultra-Short Cheat Sheet
Package manager for JS
package.json = manifest
node_modules = packages
npm install
npm run scripts
dependencies vs devDependencies
Version ranges (^, ~)
package-lock.json