npm

Website: https://www.npmjs.com CLI Tool: npm Authentication: npm login

Description

npm (Node Package Manager) is the default package manager for Node.js. It manages project dependencies, runs scripts, publishes packages to the npm registry, and provides tools for JavaScript development. Essential for Node.js and frontend development workflows.

Commands

Package Installation

Install Dependencies

npm install
npm install <package>
npm install <package>@<version>
npm install <package> --save
npm install <package> --save-dev
npm install <package> --global
npm install <package> --save-exact
npm install <package>@latest

Install packages. Use --save-dev for dev dependencies, --global for global install, --save-exact for exact version pinning.

Install from Package.json

npm install
npm ci

Install all dependencies from package.json. Use ci for clean install (removes node_modules first, respects lock file).

Uninstall Packages

npm uninstall <package>
npm uninstall <package> --save
npm uninstall <package> --save-dev
npm uninstall <package> --global

Remove packages from node_modules and package.json.

Update Packages

npm update
npm update <package>
npm update --global
npm update --save

Update packages to latest versions within semver constraints.

List Packages

npm list
npm list --depth=0
npm list <package>
npm list --global
npm list --global --depth=0

List installed packages. Use --depth=0 for top-level only.

Package Information

View Package Info

npm view <package>
npm view <package> version
npm view <package> versions
npm view <package> dependencies
npm show <package>

View package details from registry.

Search Packages

npm search <term>
npm search react hooks

Search npm registry for packages.

Check Outdated

npm outdated
npm outdated --global

Check for outdated packages.

Audit Security

npm audit
npm audit fix
npm audit fix --force

Check for security vulnerabilities and apply fixes.

Project Initialization

Initialize Project

npm init
npm init -y
npm init --scope=@myorg

Create package.json interactively. Use -y for defaults.

Create with Template

npm create vite@latest
npm create react-app my-app
npm init vite@latest

Create project using package initializer.

Scripts

Run Script

npm run <script-name>
npm run build
npm run test
npm run start
npm run dev

Execute script defined in package.json scripts field.

Special Scripts

npm start
npm test
npm stop
npm restart

Run predefined lifecycle scripts (don't need run keyword).

List Scripts

npm run

List all available scripts in package.json.

Publishing

npm login
npm login --registry=https://registry.npmjs.org
npm login --scope=@myorg

Authenticate with npm registry.

Publish Package

npm publish
npm publish --access=public
npm publish --tag=beta
npm publish --dry-run

Publish package to registry. Use --access=public for scoped packages.

Unpublish Package

npm unpublish <package>@<version>
npm unpublish <package> --force

Remove package from registry (within 72 hours of publish).

Deprecate Package

npm deprecate <package>@<version> "<message>"
npm deprecate mypackage@1.0.0 "This version has bugs"

Mark package version as deprecated.

Version Management

npm version patch
npm version minor
npm version major
npm version 1.2.3

Bump package version in package.json.

Registry and Configuration

Set Registry

npm config set registry <url>
npm config set registry https://registry.npmjs.org
npm config set @myorg:registry https://npm.myorg.com

Configure package registry.

Get Config

npm config get <key>
npm config get registry
npm config list
npm config list --json

View configuration values.

Set Config

npm config set <key> <value>
npm config set save-exact true
npm config delete <key>

Set or delete configuration.

Cache Management

Cache Operations

npm cache verify
npm cache clean --force

Manage npm cache. Use clean --force to clear cache.

Package Links

Link Package

npm link
npm link <package>

Create symlink for local development. Run in package dir, then link in consuming project.

Unlink Package

npm unlink
npm unlink <package>

Remove symlinks.

Workspaces (Monorepo)

Workspace Commands

npm install --workspace=<workspace>
npm run test --workspace=<workspace>
npm run build --workspaces
npm install <package> --workspace=<workspace>

Manage packages in monorepo workspace.

Advanced

Execute Package Binary

npx <package>
npx create-react-app my-app
npx -p <package> <command>

Execute package binary without installing globally.

Package Info

npm info <package>
npm dist-tag ls <package>
npm owner ls <package>

View package metadata, dist-tags, and owners.

Doctor

npm doctor

Check environment for common issues.

Examples

New Project Setup

# Initialize project
npm init -y

# Install dependencies
npm install express
npm install --save-dev jest nodemon

# Add scripts to package.json
# Then run
npm run dev

Install Specific Versions

# Install exact version
npm install react@18.2.0 --save-exact

# Install latest
npm install react@latest

# Install from git
npm install github:user/repo
npm install git+https://github.com/user/repo.git

Development Workflow

# Clean install
rm -rf node_modules package-lock.json
npm ci

# Run tests
npm test

# Build for production
npm run build

# Check for issues
npm audit
npm outdated

Global Package Management

# Install global package
npm install -g typescript

# List global packages
npm list -g --depth=0

# Update global package
npm update -g typescript

# Uninstall global package
npm uninstall -g typescript

Publishing Workflow

# Login
npm login

# Bump version
npm version patch

# Test publish
npm publish --dry-run

# Publish
npm publish --access=public

# Add tag
npm dist-tag add mypackage@1.0.1 latest

Workspace Monorepo

# Install all workspace dependencies
npm install

# Run script in specific workspace
npm run build --workspace=packages/app

# Run script in all workspaces
npm run test --workspaces

# Install package to workspace
npm install lodash --workspace=packages/utils

Local Package Development

# In package directory
cd ~/projects/my-package
npm link

# In project using the package
cd ~/projects/my-app
npm link my-package

# Unlink when done
npm unlink my-package
cd ~/projects/my-package
npm unlink

Security and Maintenance

# Check for vulnerabilities
npm audit

# Fix automatically
npm audit fix

# Force fix (may break changes)
npm audit fix --force

# Update all packages
npm update

# Check outdated
npm outdated

Notes

package.json: Defines project metadata, dependencies, and scripts
package-lock.json: Locks exact dependency versions for reproducible installs
node_modules: Directory where packages are installed
Semantic Versioning: npm uses semver (^, ~, exact versions)
^1.2.3: Compatible with 1.x.x (>=1.2.3 <2.0.0)
~1.2.3: Approximately equivalent (>=1.2.3 <1.3.0)
1.2.3: Exact version
Scripts: Define in package.json under "scripts" field
devDependencies: Only needed for development (testing, building)
dependencies: Required for production runtime
Global vs Local: Prefer local install for project dependencies
npx: Runs package binaries without global install
Registry: Default is npmjs.com, can configure private registries
Scoped Packages: Format @scope/package-name (e.g., @react/core)
Cache: npm caches packages in ~/.npm directory
npm ci: Faster, stricter install for CI/CD (requires package-lock.json)
Workspaces: Manage monorepos with multiple packages
Configuration: User config in ~/.npmrc, project config in .npmrc
Environment Variables: Use npm_config_* prefix (e.g., npm_config_registry)
Pre/Post Scripts: Define pretest, posttest for script hooks
Publishing: Package must have unique name, follow semver

npm

npm