What is npm

npm, short for Node.js Package Manager, is a fundamental tool in the world of JavaScript development. It was initially designed for managing Node.js libraries but has evolved to become the de facto standard for managing JavaScript projects.

npm serves dual roles. It is a command-line utility that assists developers in package installation, version management, and dependency management. Additionally, it functions as an online database, acting as a repository where JavaScript packages are stored and shared.

The use of npm simplifies the process of sharing and reusing code. It allows developers to assemble their projects like building blocks using reusable components. This, in turn, significantly accelerates development processes and enhances productivity.

Installing npm

npm is distributed with Node.js, which means that when you download and install Node.js, you automatically get npm installed on your computer.

How npm Works

When a package is installed using npm, it communicates with its registry, searches for the package in the database, fetches it, and saves it into the project. These packages are stored in a file known as the package.json, which acts as a manifest for the current project, tracking its dependencies and other metadata.

The node_modules directory is where npm installs your project's dependencies. When you run npm install, npm automatically creates this directory if it doesn't exist, and installs the packages there.

When you run npm install [package_name], npm connects to the npm registry, fetches the package, and places it in the node_modules folder.

Common npm Commands

npm provides a variety of commands to aid in package management. In this chapter, I will go over some of the most common and useful commands you will use in your day-to-day development.

• npm init
  This command is used to create a new package.json file in your project directory. It will prompt you to enter some information such as the project's name, version, description, etc. If you want to quickly generate a package.json file with default values, you can use the -y or --yes flag, like so: npm init -y.

• npm install (or npm i)
  This is perhaps the most frequently used npm command. It is used to install a package into your project. You can specify the package name like this: npm install <package-name>. Running npm install without any package name will install all the dependencies listed in your package.json file.

• npm uninstall
  This command removes a package from your project. It also updates your package.json and package-lock.json files. Usage: npm uninstall <package-name>.

• npm update
  This command updates your packages to the latest versions according to the semantic versioning ranges defined in your package.json file. If you want to update a specific package, you can specify the package name: npm update <package-name>.

• npm list
  This command will display the dependency tree of your project, showing all installed packages and their versions. If you want to see the dependencies of a specific package, use npm list <package-name>.

• npm run
  This command is used to run a script that is defined in your package.json file. For example, if you have a script named "test" in your package.json file, you can run it with npm run test.

• npm publish
  If you've created your own package and want to share it with the world, you can use npm publish to publish your package to the npm registry.

• npm version
  This command helps you to bump the version of your package, following the semantic versioning rules. You can use npm version patch to increase the patch version, npm version minor for the minor version, and npm version major for the major version.

package.json and package-lock.json

In this chapter, I will discuss two crucial files in any npm-based project: package.json and package-lock.json. These files serve important roles in defining your project and managing its dependencies.

package.json

The package.json file is a manifest file that contains metadata about your project. It's a roadmap to your application and includes information such as the project's name, version, description, author, license, and more. It also lists the project's dependencies, allowing anyone to install all required packages with a single npm install command.

Here's a simplified example of a package.json file:

{
  "name": "my-awesome-project",
  "version": "1.0.0",
  "description": "This is my awesome project",
  "main": "index.js",
  "scripts": {
    "start": "node index.js",
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "Your Name",
  "license": "ISC",
  "dependencies": {
    "express": "^4.17.1"
  }
}

In this example, the scripts section defines tasks that can be run with the npm run command. The dependencies section lists all the packages that your project depends on to run. In this case, our project has one dependency: the express package.

package-lock.json

The package-lock.json file is automatically generated for any operations where npm modifies either the node_modules tree or the package.json file. It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.

The package-lock.json file is essential for ensuring that your project's dependencies remain the same across all environments. It lists all your project's dependencies and their exact versions, along with the versions of their dependencies, and so on.

While the package.json file can be manually edited, you should never edit the package-lock.json file directly. It should always be generated and updated by npm.