Understanding npm and package.json

npm = Node Package Manager. It's how you install and manage libraries.

Initialize a Project

mkdir my-project
cd my-project
npm init -y

This creates package.json:

{
  "name": "my-project",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  }
}

Installing Packages

# Install a package
npm install express

# Install as dev dependency
npm install jest --save-dev
# or
npm install jest -D

# Install globally
npm install -g nodemon

# Install specific version
npm install lodash@4.17.21

package.json Dependencies

{
  "dependencies": {
    "express": "^4.18.2"    // Production
  },
  "devDependencies": {
    "jest": "^29.7.0"       // Development only
  }
}

Version Numbers Explained

^4.18.2 = Compatible with 4.x.x (minor updates OK)
~4.18.2 = Patch updates only (4.18.x)
4.18.2  = Exact version
*       = Any version (dangerous!)

Common npm Commands

# Install all dependencies from package.json
npm install

# Update packages
npm update

# Remove package
npm uninstall lodash

# List installed packages
npm list

# Check outdated packages
npm outdated

# Run scripts
npm run test
npm start        # shortcut for npm run start

npm Scripts

{
  "scripts": {
    "start": "node server.js",
    "dev": "nodemon server.js",
    "test": "jest",
    "build": "webpack --mode production"
  }
}

Run with: npm run dev

package-lock.json

This file locks exact versions of all dependencies. Always commit it!

# Ensures everyone gets same versions
npm ci  # Clean install using lock file

.npmrc Configuration

# Create .npmrc in project root
registry=https://registry.npmjs.org/
save-exact=true

Key Takeaway

npm manages your project dependencies through package.json. Use npm install to add packages, commit package-lock.json for reproducible builds, and define scripts for common tasks. It's the backbone of Node.js development.