← Back to package-management tools

npm

package-managerNode.jsJavaScriptCLIregistrydependency-management

Package Manager

npm

Overview

npm (Node Package Manager) is the world's largest package manager that comes standard with Node.js. Through the npm registry, which hosts over 2 million packages, it efficiently manages, installs, and distributes JavaScript/Node.js libraries. As of 2025, it serves 16 billion downloads weekly and forms the backbone of the JavaScript ecosystem.

Details

Key Features

  • Standard Installation: Automatically installed with Node.js
  • Rich Ecosystem: Over 2 million packages available
  • Semantic Versioning: Reliable version management following SemVer rules
  • Script Execution: Define and execute custom scripts in package.json
  • Security Auditing: Vulnerability checking with npm audit
  • Lock Files: Dependency pinning with package-lock.json

Architecture

npm consists of three main components:

  1. npm Registry: Central database where packages are stored
  2. npm Client: Command-line interface (CLI)
  3. package.json: Project configuration file

Package Management Mechanism

  • Dependency Resolution: Automatically installs dependent packages
  • Flat Structure: Flat dependency management within node_modules
  • Caching: Local caching of downloaded packages
  • Version Range Specification: Flexible specification using semantic versioning

Advantages and Disadvantages

Advantages

  • Low Learning Curve: Simple and intuitive command structure
  • Extensive Support: Largest community and rich documentation
  • Standard Installation: Installed with Node.js, no separate installation required
  • Rich Package Ecosystem: World's largest package ecosystem
  • Official Support: Long-term support by the official Node.js team
  • Security Features: Vulnerability detection with npm audit

Disadvantages

  • Performance: Processing speed issues in large-scale projects
  • Disk Usage: Storage consumption due to duplicate packages
  • Installation Time: Can be slower compared to yarn or pnpm
  • Lock File Conflicts: package-lock.json conflicts in team development
  • Flattening Issues: Unexpected behavior due to complex dependencies

Reference Pages

Usage Examples

Package Installation

# Install project dependencies
npm install

# Add a new package (production dependency)
npm install express

# Add as development dependency
npm install --save-dev jest

# Global installation
npm install -g nodemon

# Install specific version
npm install [email protected]

# Install multiple packages simultaneously
npm install express morgan cors

Package.json Management

# Initialize new project
npm init

# Initialize without interactive prompts
npm init -y

# Example package.json content

{
  "name": "my-project",
  "version": "1.0.0",
  "description": "My awesome project",
  "main": "index.js",
  "scripts": {
    "start": "node index.js",
    "dev": "nodemon index.js",
    "test": "jest",
    "build": "webpack --mode production"
  },
  "dependencies": {
    "express": "^4.18.2"
  },
  "devDependencies": {
    "jest": "^29.5.0",
    "nodemon": "^2.0.22"
  }
}

Script Execution

# Run scripts defined in package.json
npm start

# Run development script
npm run dev

# Run tests
npm test
npm run test

# Run build script
npm run build

# Run custom script
npm run custom-script

# Run multiple scripts in parallel (using npm-run-all)
npm run start & npm run watch

Global Installation

# Install global packages
npm install -g typescript
npm install -g @angular/cli
npm install -g create-react-app

# List global packages
npm list -g --depth=0

# Update global packages
npm update -g typescript

# Uninstall global packages
npm uninstall -g create-react-app

# Use npx for temporary execution (no global installation needed)
npx create-react-app my-app
npx typescript --version

Version Management

# Show package details
npm info express

# List installed packages
npm list

# Display dependency tree
npm list --depth=2

# Check for updatable packages
npm outdated

# Update packages
npm update express

# Update all packages
npm update

# Uninstall packages
npm uninstall express
npm uninstall --save-dev jest

Security Auditing

# Check for security vulnerabilities
npm audit

# Automatically fix fixable vulnerabilities
npm audit fix

# Force fix including breaking changes
npm audit fix --force

# Detailed security report
npm audit --json

# Show only specific severity levels and above
npm audit --audit-level=moderate

# Manually update vulnerable packages
npm install package-name@latest