A quick overview of npm
So, what is
npm is free package manager, which serves the purposes of creating, publishing and downloading packages. It also has a paid version for companies who want a private registry for their own software.
npm is both a command line tool (CLI) and a registry of software packages. Developers and enterprises create modules which other developers (or themselves if they use their private register) can download, install and eventually, use.
If you read these lines, chances are that you have npm installed on your machine.
If not, you can get it with Node.js. If you install Node, npm will also be on your machine as it’s bundled with Node.
As of writing these lines, the long term supported version of Node.js is 8.12.0 and the npm, which you get with Node, is of version 5.8.
You can upgrade to the latest version of npm (which is version 6.4.1 today) separately though:
npm install -g npm
So npm can update itself! You can read more detailed instructions on how to install npm here.
When you need a package for your project you can decide to install the package locally or globally.
Developers usually install CLI tools globally with the following command:
npm install -g PACKAGE_NAME
--global flag means that the package will be installed globally. This means that the packages will be installed in the folder where Node is installed.
Globally installed packages are not restricted to a certain project and they can be used anywhere. Some packages out there recommend that they should be installed globally but I personally don’t like it as I prefer local, project related installations.
Most projects are fine if packages installed locally.
A project is usually created by typing
npm init in the terminal after we navigated to the project folder. This command will create a
package.json file in the root.
npm init -y will save you some time because you don’t need to answer the questions one-by-one when npm sets up
package.json. Many times we keep pressing Enter anyway and accept the answers npm offers. With this command, the default answers will be used and the whole question-answer process will be skipped.
package.json will contain (among others) the dependencies (i.e. the packages that we need) for the project. These packages will be used in the code.
There are two main types of dependencies: normal and development.
When we install a package as a normal dependency, we do so by using the
npm install PACKAGE_NAME --save or
npm i PACKAGE_NAME -S commands. Both do the same but the second one is shorter.
A package installed this way will be listed in the
Development dependencies can be installed using the
npm install PACKAGE_NAME --save-dev or
npm i PACKAGE_NAME -D and appear in the
devDependencies section of
Both normal and development dependencies can be
required in the same way in any modules of the project.
Install all dependencies
When a repository is cloned to the local machine, the dependencies need to be installed. It would be tiresome to go over both the dependencies and development dependencies and install them one-by-one.
npm install command in the project folder installs all dependencies in the local
By default, npm prepends the
^ symbol to the package name when writes them into the dependencies (and development dependencies) section of
package.json. It means that the
npm install command might install a higher minor or patch version of the package (the second and the third numbers in the package version can be greater than originally) if available.
This might not be an issue when a team works on a feature in collaboration. But if one needs to work on a project which was modified months ago, it might happen that newer versions of some packages are available and some features relying on the exact version displayed in the
package.json might not work anymore.
npm install -E command installs the exact version of the package and ignores npm’s default behaviour. This way it can be ensured that features will work as it was intended (unless they contain a bug but that’s another story).
npm install PACKAGE_NAME command is run, npm will look for the latest version of the package in its registry. It happens though that we will need a lower or a specified version of that package.
When the need for this arise, we can use the
npm install PACKAGRE_NAME@VERSION command. For example,
npm install firstname.lastname@example.org -S will install version 4.13.17 of Mongoose to the dependencies of the project folder.
This command is useful if it’s known that major changes occured in higher versions and our app is not compatible with it, or if we follow an older tutorial. This way we can ensure that the feature will work as expected.
Useful npm commands
npm comes with a bunch of great and useful commands. The list is long, so I only mention a few below.
npm update PACKAGE_NAME command will update a package to the latest version with respecting npm’s default behaviour (like the
^ in the example above). If no package name is used, it will update all packages both in dependencies and development dependencies.
If you don’t need a package anymore or accidentally installed it (it happens!), they can be uninstalled with the
npm uninstall PACKAGE_NAME command. The same works for global packages and this time we need to add the
-g flag to the command.
We can quickly go to the website of the given package by typing
npm home PACKAGE_NAME. For example,
npm home mongoose will open up the Mongoose website in a new window of your default browser. It’s a quick way to check out something because there’s no need to manually open a browser tab and type in the address.
npm docs PACKAGE_NAME command redirects you to the documentations of the given package (if it’s set). Often times this command will display the website and does the same as
Similarly, when you type
npm repo PACKAGE_NAME, the GitHub repository of the given package will be opened in the browser window.
You don’t have to have these packages installed in the folder from where you submit the above commands.
A popular alternative to npm is yarn. Yarn is a great alternative to npm; it’s fast, secure and reliable. More and more developers and companies use yarn instead of npm. For example, Angular CLI uses it when creating the source files for a new project.
Another package manager in the market is pnpm, which saves the dependencies to a central place on the computer and places a link to the project’s
node_modules folder. This way it doesn’t install the same package all over again in every project folder saving space on the hard disk.
There are other package managers out there but listing and comparing them to npm is beyond the scope of this post.
I provided a brief introduction to npm in this post, which is currently the most often used package manager.
It has many more features (including
npx, which will be the topic of the next post) but I think that it’s enough for a high-level view. If the reader is familiar with npm (which is very probable), I hope that this post could help them organize what they know about npm.
Thanks for reading and see you next time.