DEV Community

Cover image for Do you know all the popular NPM commands?
Ankit Kumar
Ankit Kumar

Posted on

Do you know all the popular NPM commands?

We all have setup our node package manager application at least once. We hardly give importance to the npm because it is not a core part of our development. We perceive npm as a file which is just a dependency holder. But npm is much more than that, it is not difficult to have an average grip on npm.


Let's begin with all the popular commands 🛣

npm init

This is the first command which you will use when you are setting up your project.

This command asks for general information about the project name, description, version, author, github-link, homepage etc. It will generate a package.json file in your root folder.
You can edit the information anytime.

If you don't want to enter the information and want to go for defaults then run this npm init --yes

This will pick the data from your config setup.

npm config

You can update your config with this.

For example:

npm config set init-author-name "Ankit Kumar"
Enter fullscreen mode Exit fullscreen mode

Fetch the value

npm config get init-author-name
Enter fullscreen mode Exit fullscreen mode

npm install

Install the dependencies present in the package.json. Shorthand

npm i
Enter fullscreen mode Exit fullscreen mode

To install a package use:

npm i package-name
Enter fullscreen mode Exit fullscreen mode

To save in dependencies:

npm i package-name --save
Enter fullscreen mode Exit fullscreen mode

To save in dev dependencies:

npm i package-name --save-dev or npm i package-name -D
Enter fullscreen mode Exit fullscreen mode

Install a package globally:

npm i package-name --global
Enter fullscreen mode Exit fullscreen mode

or

npm i package-name -g
Enter fullscreen mode Exit fullscreen mode

npm uninstall

Shorthand

npm un
Enter fullscreen mode Exit fullscreen mode

To uninstall a package do:

npm un package-name -g or -D or --save
Enter fullscreen mode Exit fullscreen mode

-g - remove package from global list
--save - remove package from dependency list
-D - remove package from dev dependency list

npm ci

This command is similar to npm install except it is used in automated environment like test platforms, continuous integration and deployments.

  • To run npm ci, package-lock.json must be present
  • If there is any version mismatch between package.json and package-lock.json then it will exit with errors.
  • It is used to install entire projects and not individual package
  • It will never write to package.json or any of the package-locks: installs are essentially frozen.
  • If a node_modules is already present, it will be automatically removed before npm ci begins its install.

npm audit

Scan your project for vulnerabilities and automatically install any compatible updates to vulnerable dependencies:

npm audit fix
Enter fullscreen mode Exit fullscreen mode

npm cache

Add the specified package to the local cache. This command is primarily intended to be used internally by NPM, but it can provide a way to add data to the local installation cache explicitly.

npm cache add <tarball file>
npm cache add <folder>
npm cache add <tarball url>
npm cache add <name>@<version>
Enter fullscreen mode Exit fullscreen mode

Whenever we install any package it does not caches so to make it available offline, we can use this command.

Fortunately, yarn caches all the packages you install and is available offline.

npm ls

This command will print to stdout all the versions of packages that are installed, as well as their dependencies, in a tree-structure.

npm link

This is very common for dev who wants to test their component locally before publishing it on the npm registry. It will create a symbolic link in the global folder. {prefix}/lib/node_modules/<package> that links to the package where the npm link command was executed.

Next, in some other location, npm link package-name will create a symbolic link from globally-installed package-name to node_modules/ of the current folder. Now you can import your created component and it should be present in the node_modules

Note that package-name is taken from package.json, not from directory name.

npm publish

Publishes a package to the registry so that it can be installed by name. All files in the package directory are included if no local .gitignore or .npmignore file exists.

By default npm will publish to the public registry. This can be overridden by specifying a different default registry or using a scope in the name (see package.json).

npm pack

It creates a installable file with .tgz extension called tarball. This is a package file which can be install in any app.

For example :
example-component.tgz is tarball file. I will copy this in any node app. I will add this in my package.json like below

"dependency": {
 "example-component: "file: ./example-component.tgz"
}
Enter fullscreen mode Exit fullscreen mode

and run

npm i/install
Enter fullscreen mode Exit fullscreen mode

npm help

If supplied a topic, then show the appropriate documentation page.

If the topic does not exist, or if multiple terms are provided, then run the help-search command to find a match.

npm whoami

Print the username config to standard output.

npm login/logout

It just logins and logout

Please go through the full NPM docs as I have mentioned only those commands which I have seen others and used myself commonly.


Thanks for dropping by 🌟
Add a ❤️ if you liked it. Checkout my GitHub profile for cool projects. I have published many NPM packages.
Support me by following me on twitter

Discussion (5)

Collapse
daviddalbusco profile image
David Dal Busco

Thanks for the list, cool share 👍.

The --save flag of the install command has become the default (since npm v6 maybe?). Therefore it can be skipped has it has actually no particular effect as if it would not be provided.

Another install flag I began recently to use quite often is --package-lock-only. Useful to resolve security vulnerabilities without bumping a direct dependency.

npm i package-name --package-lock-only
Enter fullscreen mode Exit fullscreen mode
Collapse
devwhoruns profile image
devwhoruns

Another important one (just saw a YT video)

npm config set ignore-scripts true

Collapse
knowankit profile image
Ankit Kumar Author

Nice.

Collapse
ptrjsn profile image
Peter Johnson

Good overview! As a consumer, rather than a publisher, I've also used npm outdated and npm update a lot to stay ahead of dependency vulnerabilities. You can even run npm update to install dependencies in package.json the first time & get the latest matching those versions, instead of calling npm install first.

Collapse
opeolluwa profile image
ADEOYE ADEFEMI OPEOLUWA

Thanks for this