Amey
Use of NPM (Node Package Manager)

Use of NPM (Node Package Manager)

Amey Sanyal's photo
Amey Sanyal
·

4 min read

Table of contents

  • NPM (Node Package Manager) is a software Package Manager and Installer for the JavaScript runtime environment Node.js.

  • As a command-line interface (CLI) tool, NPM is primarily used through the terminal or command prompt

  • We need to install node.js as NPM comes by default with it.

  • NPM maintains a public registry of packages that developers can use to find and download packages for their projects. This makes it easier for developers to share and reuse open source code by enabling them to be installed as modules.

  • Every programming language has its package manager. for example, python has pip.

  • Here is a list of some commonly used npm commands along with their brief description:

    1. npm init: Initializes a new package.json file for the project.

    2. npm install: Installs all the dependencies listed in the package.json file.

    3. npm install <package-name>: Installs a specific package.

    4. npm install --save <package-name>: Installs and saves the package as a dependency in the package.json file.

    5. npm install --save-dev <package-name>: Installs and saves the package as a development dependency in the package.json file.

    6. npm uninstall <package-name>: Uninstalls a specific package.

    7. npm update: Updates all the installed packages to their latest version.

    8. npm update <package-name>: Updates a specific package to its latest version.

    9. npm outdated: Checks which installed packages are outdated.

    10. npm start: Runs the project, typically used for starting a server.

    11. npm test: Runs the tests defined in the package.

    12. npm run <script-name>: Runs a custom script defined in the package.json file.

    13. npm search <package-name>: Searches the npm registry for a package.

    14. npm info <package-name>: Displays information about a package.

    15. npm publish: Publishes a package to the npm registry.

    16. npm version: Updates the version number of the package and creates a new git commit and tag.

    17. npm login: Logs in to the npm registry.

    18. npm logout: Logs out of the npm registry.

    19. npm whoami: Displays the username of the currently logged-in user.

    20. npm init <starter-package>: Initializes a new package.json file based on a specific starter package.

package.json file

  • The package.json file is the center of any Node.js project or npm package. It stores information about your project, similar to how the <head> section of an HTML document describes the content of a webpage.

  • If node_modules folder gets deleted by mistake, we can again install all the packages using command 'npm install' command as all the details are saved in package.json file.

  • Do not push node_modules folder on github because its size is large(for this include /node_modules in .gitignore folder).

package-lock.json

  • package-lock.json was introduced in version 5 of npm. it is required when we put our app in the production stage. it provides a detailed and exact version of all the dependencies.

  • Package lock files serve as a rich manifest of dependencies for projects that specify the exact version of dependencies to be installed, as well as the dependencies of those dependencies, and so on—to encompass the full dependency tree.

  • A package lock file is first introduced into a project when a fresh dependencies install is performed in that project. At the time of the installation, the entire dependency tree is calculated and saved to the lock file, along with metadata about each dependency such as:
    - The version of the package that should be installed
    - An integrity hash used to assure that the package hasn’t been tampered with
    - The resolved registry location indicating from where this package was retrieved and from where it should be retrieved for future installs.

Semantic Versioning (SemVer)

  • Versions of the npm packages in the dependencies section of your package.json file follow what’s called Semantic Versioning (SemVer), an industry standard for software versioning aiming to make it easier to manage dependencies.

  • "package": "MAJOR.MINOR.PATCH"

  • Use the Tilde-Character to Always Use the Latest Patch Version of a Dependency for example
    - "express": "~1.2.2" will install 1.2.4

  • Use the Caret-Character to Use the Latest Minor Version of a Dependency
    for example
    - "express": "^1.2.2" will install 1.3.4
    - caret prefix will allow both MINOR updates and PATCHes

  • Use the Asterisk-Character to Use the Latest Major Version of a Dependency

    for example

    - "express": "*1.2.2" will install latest version 2.0.0

  • "express": "1.2.2" will install exact version

NPX

  • NPX is an NPM package executor. Initially, NPX was launched in July 2017. NPX was just an NPM package that could be installed like other NPM packages. Currently, NPX is bundled with NPM when you install the NPM version 5.2.0 or higher.

  • With NPX, you can run and execute packages without having to install them locally or globally.

  • When you install an npm package using npx, the package will not be permanently installed in your node_modules folder. Instead, npx will download and temporarily store the package in a cache directory managed by npm, and then execute the package from that location.

  • The cache directory used by npm is located in the user's home directory and is called .npm/_npx. The directory contains a cache of all the packages downloaded by npx.

  • This means that if you want to use the same package again later, you will need to use npx to download it again.

JavaScriptNode.jsWeb DevelopmentReactnpm