Node.js NPM
npm stands for Node Package Manager. It is the default package manager for Node.js and is automatically installed alongside it. npm serves two primary purposes: it is a tool for installing reusable code packages, and it is an online registry — a vast library — containing over two million open-source packages that developers around the world have created and shared.
Think of npm as an app store for code. Just like apps are downloaded from a store to add features to a phone, npm packages are downloaded to add ready-made features to a Node.js project — without writing everything from scratch.
What Is a Package?
A package is a collection of JavaScript files bundled together to perform a specific task. For example:
express— a framework for building web servers and APIs.mongoose— a tool for connecting to MongoDB databases.lodash— a utility library with helpful functions for arrays, objects, and strings.dotenv— a package for loading environment variables from a file.nodemon— a development tool that automatically restarts the server when code changes.
Understanding package.json
The package.json file is the most important configuration file in a Node.js project. It stores information about the project and keeps track of all the packages the project depends on.
Creating a package.json File
Navigate to the project folder in the terminal and run:
npm init
This command asks a series of questions (project name, version, description, entry point, etc.) and creates the package.json file based on the answers.
To skip the questions and use default values, run:
npm init -y
Example package.json File
{
"name": "my-node-app",
"version": "1.0.0",
"description": "A simple Node.js project",
"main": "app.js",
"scripts": {
"start": "node app.js",
"dev": "nodemon app.js"
},
"dependencies": {
"express": "^4.18.2"
},
"devDependencies": {
"nodemon": "^3.0.1"
},
"author": "Your Name",
"license": "ISC"
}
Key Fields in package.json
| Field | Description |
|---|---|
name | The name of the project. |
version | The current version of the project. |
main | The entry point file (usually app.js or index.js). |
scripts | Custom commands that can be run with npm run <name>. |
dependencies | Packages required for the application to run in production. |
devDependencies | Packages needed only during development (like testing tools). |
Installing Packages
Installing a Package as a Dependency
To install a package that the application needs to run:
npm install express
This installs the express package and adds it to the dependencies section of package.json. A node_modules folder is also created in the project, containing the installed package and all its own dependencies.
Installing a Package as a Dev Dependency
To install a package that is only needed during development (not in production):
npm install nodemon --save-dev
This adds the package to the devDependencies section.
Installing a Package Globally
Some tools are installed globally so they can be used from anywhere on the computer:
npm install -g nodemon
Installing All Dependencies from package.json
When working with a project that already has a package.json file (for example, after cloning from GitHub), install all required packages using:
npm install
Uninstalling Packages
npm uninstall express
This removes the package from node_modules and from package.json.
Updating Packages
npm update express
This updates the specified package to the latest compatible version based on the version range in package.json.
npm Scripts
The scripts field in package.json allows custom commands to be defined and run easily. For example, if the following is in package.json:
"scripts": {
"start": "node app.js",
"dev": "nodemon app.js",
"test": "echo Running tests..."
}
These commands can be run as:
npm start
npm run dev
npm test
Note: start and test are special keywords in npm — they can be run without the run keyword. All other custom scripts need npm run <name>.
The node_modules Folder
When packages are installed, npm creates a node_modules folder in the project directory. This folder contains all installed packages and their internal dependencies. It can grow very large.
Important: The node_modules folder should never be uploaded to GitHub or shared manually. Instead, the package.json and package-lock.json files are shared. Anyone who clones the project can run npm install to recreate the node_modules folder automatically.
To exclude it from version control, create a .gitignore file and add:
node_modules/
package-lock.json
When packages are installed, npm also creates a package-lock.json file. This file records the exact version of every package installed (including nested dependencies). It ensures that every developer working on the project has the exact same versions — avoiding the "works on my machine" problem.
Viewing Installed Packages
npm list
To view only top-level packages (without deep dependency tree):
npm list --depth=0
Checking for Outdated Packages
npm outdated
This shows a list of packages that have newer versions available.
Key Points
- npm is the default package manager for Node.js and comes pre-installed with it.
- The npm registry hosts millions of reusable open-source packages.
package.jsonis the project's configuration file — always created before installing packages.- Use
npm install <package>for regular dependencies and--save-devfor development-only tools. - The
node_modulesfolder stores installed packages and should not be shared via version control. package-lock.jsonensures consistent installations across all environments.- npm scripts allow custom commands to be defined and run with
npm run <name>.