npm - The Standard Node.js Package Manager
npm (Node Package Manager) is the package manager that comes with Node.js. It is available automatically after you install Node.js.
You can install useful libraries created by engineers around the world from npmjs.com with a single command. More than 2 million packages are published there, making it the center of the JavaScript ecosystem.
What npm Is
Section titled “What npm Is”With npm, you can do the following in one command:
- Install libraries - for example
expressfor building web servers ordayjsfor working with dates - Manage dependencies - keep the packages and versions needed by your project in
package.json - Run scripts - register frequently used commands as shortcuts, such as
npm run devto start a local server
How to Read package.json
Section titled “How to Read package.json”package.json is the project’s “configuration sheet.” It contains the project name, version, and the list of packages in use.
{
"name": "my-project",
"version": "1.0.0",
"scripts": {
"dev": "node index.js",
"build": "webpack --mode production"
},
"dependencies": {
"express": "^4.18.0"
},
"devDependencies": {
"prettier": "^3.0.0"
}
}What Each Field Means
Section titled “What Each Field Means”| Field | Description |
|---|---|
name | The project name |
version | The project version, using major.minor.patch format |
scripts | Shortcut definitions for frequently used commands |
dependencies | Packages needed in production |
devDependencies | Packages needed only during development |
The Difference Between dependencies and devDependencies
Section titled “The Difference Between dependencies and devDependencies”The difference is whether the package is needed in the production environment, where real users use the app.
- dependencies - Materials needed to run the app. For example,
expressused as a web server is needed in production, so it belongs independencies. - devDependencies - Tools used only while writing code. For example,
prettieris used only during development, so it belongs indevDependencies.
In cooking terms, dependencies are the ingredients in the dish, while devDependencies are the tools you use in the kitchen. The food served to customers needs only the ingredients, so production environments need only dependencies.
Version Rules and the Meaning of ^
Section titled “Version Rules and the Meaning of ^”In "express": "^4.18.0", the ^ means “compatible versions at or above this one.”
| Symbol | Example | Meaning |
|---|---|---|
^ | ^4.18.0 | At least 4.18.0 but less than 5.0.0 (minor and patch updates allowed) |
~ | ~4.18.0 | At least 4.18.0 but less than 4.19.0 (patch updates only) |
| none | 4.18.0 | Only the exact version 4.18.0 |
Common Commands
Section titled “Common Commands”| Command | Description | When to Use |
|---|---|---|
npm install | Install all dependencies from package.json | After cloning a project |
npm install <pkg> | Add a package to dependencies | When you want to use a new library |
npm install -D <pkg> | Add a development package to devDependencies | For linting or formatting tools |
npm uninstall <pkg> | Remove a package | When it is no longer needed |
npm run <script> | Run a command from the scripts section | For example, npm run dev to start a dev server |
npm list | Show installed packages | When you want to see what is installed |
npm update | Update packages | For regular maintenance |
npm outdated | Check for updateable packages | When you want to see whether packages are old |
Example Commands
Section titled “Example Commands”# Install React
npm install react react-dom
# Add ESLint as a development tool
npm install -D eslint
# Start the development server (runs scripts.dev in package.json)
npm run dev
# Check installed packages
npm list --depth=0Global Install vs Local Install
Section titled “Global Install vs Local Install”npm has two install locations for packages.
Local Install (Recommended)
Section titled “Local Install (Recommended)”npm install <pkg>Installs the package inside the project’s node_modules folder. It can be used only in that project. This is the option you should use in most cases.
Global Install
Section titled “Global Install”npm install -g <pkg>Installs the package in a location that can be used across the whole computer. You can run it as a command from any folder.
Global installs may look convenient, but they make it harder to manage versions per project. The recommended approach is to use local installs whenever possible. Global installs are mainly for tools that are not tied to a single project, such as project scaffolding tools like create-react-app.
What node_modules Is
Section titled “What node_modules Is”node_modules is the folder where packages installed by npm install are stored.
my-project/
├── node_modules/ ← Installed packages go here
│ ├── express/
│ ├── react/
│ └── ... (can become hundreds or thousands of folders)
├── package.json
└── index.jsWhy node_modules Should Not Be Committed to Git
Section titled “Why node_modules Should Not Be Committed to Git”It is a rule of thumb not to include node_modules in Git because:
- It becomes huge - Even a small project can grow to tens of thousands of files and hundreds of MB
- It can be recreated - If you have
package.json, you can recreate everything withnpm install - It differs by OS and version - Since it is generated for the current environment, sharing the files from another machine is not useful
Add this line to .gitignore to exclude it from Git tracking:
node_modules/When a new team member joins, they can clone the repository and run npm install to recreate the same environment automatically.
Common Problems and Fixes
Section titled “Common Problems and Fixes”command not found: xxx
Section titled “command not found: xxx”If a command you installed cannot be found, it may need a global install.
# Example: if create-react-app cannot be found
npm install -g create-react-appHowever, many tools can be run without global installation by using npx.
# Use npx to avoid a global install
npx create-react-app my-appnpm install Is Slow
Section titled “npm install Is Slow”npm installs can take longer as a project grows. If installation speed matters, consider moving to pnpm.
Version Mismatch Errors
Section titled “Version Mismatch Errors”# Check the Node.js version
node -v
# Check the npm version
npm -vIf the error says something like requires node >= 18, your Node.js version may be too old. Use nvm to switch versions.
EACCES: permission denied
Section titled “EACCES: permission denied”If you see a permission error during a global install, the recommended fix is to avoid sudo and change the npm global directory instead. See the npm official documentation for details.
Frequently Asked Questions
Section titled “Frequently Asked Questions”Q: Are npm i and npm install the same?
A: Yes. npm i is a shortcut for npm install. They behave the same way.
Q: What is package-lock.json?
A: It is a file created automatically when you run npm install. It records the exact package versions that were installed so the whole team can use the same versions. You should commit this file to Git.
Q: What is the difference between npm ci and npm install?
A: npm ci is a stricter install command designed for CI environments. It reproduces the exact contents of package-lock.json and fails if it does not match package.json. It is recommended for CI/CD pipelines.