- What is npm?
- npm (Node Pakage Manager) is a package manager for the Javascript programming lamguage.
- npm is the world's largest Software Registry.
- NPM consists of three main parts:
- Website (npmjs.com)
- The official npm website allows users to discover, browse, and search for packages.
- lets users create and manage accounts, as well as publish and manage packages
- CLI (Command Line Interface)
- The npm CLI is a tool used to interact with npm directly from the command line.
- Registry
- The npm registry is a massive public database(online repository) of JavaScript packages
- Installation
- NPM comes pre-installed with Node.js.
| Command | Alias | Description |
|---|---|---|
| npm init | - | Initializes a new package.json file interactively. --force, --scope, --yes |
| npm init -y | - | Creates package.json with default values. --scope, --yes |
| npm start | - | Runs the start script defined in package.json. --silent |
| npm install | npm i | Installs all dependencies listed in package.json. --save, --save-dev, --no-save, --global, --force |
| npm install | npm i | Installs a specific package locally to the project. --save, --save-dev, --global, --no-save, --force |
| npm uninstall | npm rm | Uninstalls a specific package from the project. --save, --global, --force, --dry-run |
| npm update | - | Updates all packages to the latest version. --global, --force, --dry-run, --depth |
| npm outdated | - | Lists outdated packages in the project. --global, --depth, --json, --long |
| npm run <script> | - | Runs a script defined in package.json. --if-present, --verbose, --silent |
| npm test | - | Runs the test script defined in package.json. --silent, --verbose |
| npm link | - | Links a global package to the current local project. --global |
| Command | Alias | Description | Common Flags |
|---|---|---|---|
| npm list | npm ls | Lists installed packages. | --global, --depth, --json, --long |
| npm list -g | npm ls -g | Lists globally installed packages. | --depth, --json, --long |
| npm install --global | npm i -g | Installs a package globally. | --force, --no-save, --dry-run |
| npm uninstall --global | npm rm -g | Uninstalls a global package. | --force, --dry-run |
| npm prune | - | Removes extraneous packages not listed in package.json. | --production |
| npm cache clean --force | - | Clears npmβs cache. | --force, --global, --offline |
| npm rebuild | - | Rebuilds native addons of installed packages. | --global, --build-from-source |
| Command | Alias | Description | Common Flags |
|---|---|---|---|
| npm version | - | Bumps the package version (patch, minor, major). | --force, --no-git-tag-version, --preid |
| npm publish | - | Publishes the package to the npm registry. | --tag, --access, --dry-run, --otp |
| npm deprecate | - | Marks a package or version as deprecated. | --otp |
| npm unpublish | - | Removes a package from the npm registry (within 72 hours). | --force, --otp |
| npm login | - | Authenticates a user with npm registry credentials. | --registry, --scope, --auth-type |
| npm logout | - | Logs out a user from the npm registry. | --registry, --scope |
| Command | Alias | Description | Common Flags |
|---|---|---|---|
| npm audit | - | Audits project for security vulnerabilities. | --json, --production, --audit-level |
| npm audit fix | - | Automatically fixes security vulnerabilities. | --force, --only, --dry-run |
| npm audit fix --force | - | Forces npm to fix vulnerabilities even if it results in breaking changes. | --only, --dry-run |
| Command | Alias | Description | Common Flags |
|---|---|---|---|
| npm config set | - | Sets an npm configuration option. | --global, --location |
| npm config get | - | Gets an npm configuration option. | --global, --location |
| npm config list | - | Lists all npm configuration options. | --json, --global |
| npm info | - | Displays metadata and information about a package. | --json, --registry, --silent |
| npm view | - | Another command for displaying package metadata, similar to npm info. | --json, --registry, --silent |
| Command | Alias | Description | Common Flags |
|---|---|---|---|
| npm help | - | Displays help information about npm or a specific command. | --json, --long, --silent |
| npm help | - | Displays help information for a specific npm command. | --json, --silent |
| npm doctor | - | Checks the environment for common issues with npm. | --json, --silent |
| npm dedupe | - | Dedupe dependencies by optimizing the package tree. | --global, --production, --dry-run |
| Command | Description |
|---|---|
| --save | Adds the package to dependencies in package.json (default in npm 5+). |
| --save-dev | Adds the package to devDependencies in package.json. |
| --save-optional | Adds the package to optionalDependencies in package.json. |
| --global or -g | Installs or manages packages globally. |
| --no-save | Installs the package without adding it to package.json. |
| --force or -f | Forces npm to proceed with an action, ignoring potential conflicts. |
| --dry-run | Tests the command without actually making any changes. |
| --production | Only installs dependencies, excluding devDependencies. |
| --silent | Suppresses all output except errors. |
| --verbose | Provides more detailed output for debugging purposes. |
| --depth= | Limits the depth of package trees when listing or updating. |
| --json | Outputs results in JSON format. |
| --otp | Provides a one-time password for 2FA actions (publishing, deprecating). |
| --registry= | Specifies the npm registry to use. |
| --tag= | Publishes a package under a specific tag (e.g., beta, next). |
| `--access=<public | restricted>` |
| --audit-level= | Sets minimum vulnerability level for audit failures (low, moderate, high, critical). |
A complete roadmap to go from beginner to pro with npm (Node Package Manager).
- Install Node.js (npm comes with it)
- Check versions:
node -v,npm -v - Initialize project:
npm initornpm init -y - Install a package:
npm install axios - Understand
dependenciesvsdevDependencies - Remove a package:
npm uninstall axios - Install a dev-only tool:
npm install eslint --save-dev - Understand
package.jsonandpackage-lock.json
- Add custom scripts to
package.json - Run scripts:
npm run start,npm run build, etc. - Use
preandpostscript hooks (e.g.,prebuild) - Understand lifecycle scripts (prepare, install)
- Install CLI tools globally:
npm install -g typescript - Use
npm auditandnpm audit fixfor security - Explore
npm list,npm outdated
- Understand semantic versioning:
^,~,*, exact - Lock versions with
package-lock.json - Use
.npmrcfor custom config (registry, token, proxy) - Learn
peerDependenciesfor shared runtime packages - Use
optionalDependenciesfor non-critical packages - Link local packages with
npm link
- Create a public/private npm package
- Add
"main","types","files"inpackage.json - Publish:
npm publish - Unpublish:
npm unpublish - Bump version:
npm version patch/minor/major - Use
.npmignoreto exclude files - Create scoped packages:
@your-scope/package
- Use
"workspaces"inpackage.json - Manage multiple packages in one repo
- Install dependencies in workspace folders
- Build shared code with
npm link
Git hooks
- Use
npxto run tools without global install - Use
npm cifor faster clean installs in CI - Analyze bundle size:
webpack-bundle-analyzer - Use
husky+lint-stagedfor Git hooks - Automate tasks with
npm-run-allorconcurrently - Use
npm-checkto update interactively
- Whatβs the difference between
npm,npx, andyarn? - Explore the
node_modulesfolder structure - Learn about ESModules vs CommonJS in packages
- Understand npm registries (default and custom)
- Set up
.npmrcauth tokens for private packages
my-app/
βββ node_modules/
βββ package.json
βββ package-lock.json
βββ .npmrc
βββ src/
βββ README.md
| Tool | Purpose |
|---|---|
| Husky | Git hooks |
| ESLint | Code linting |
| Prettier | Code formatting |
| Commitlint | Commit message rules (optional) |