DEV Community 👩‍💻👨‍💻

Cover image for NPM

Posted on • Updated on


npm is the world's largest software registry. Open source developers from every continent use npm to share and borrow packages, and many organizations use npm to manage private development as well.

npm consists of three distinct components:

  1. the website 2.the Command Line Interface (CLI) 3.the registry

Yarn and pnpm are alternatives to npm cli. You can check them out as well.

npm manages downloads of dependencies of your project.

Installing all dependencies
If a project has a package.json file, by running

npm install
Enter fullscreen mode Exit fullscreen mode

Installing a single package
npm install <package-name>

Furthermore, since npm 5, this command adds to the package.json file dependencies. Before version 5, you needed to add the flag --save. installs and adds the entry to the package.json file devDependencies installs but does not add the entry to the package.json file dependencies installs and adds the entry to the package.json file optionalDependencies will prevent optional dependencies from being installed

Shorthands of the flags can also be used:

  • S: --save
  • D: --save-dev
  • O: --save-optional

The difference between devDependencies and dependencies is that the former contains development tools, like a testing library, while the latter is bundled with the app in production.

Where does npm install the packages?
When you install a package using npm you can perform 2 types of installation:

  • a local install
  • a global install By default, when you type an npm install command, like
npm install lodash

Enter fullscreen mode Exit fullscreen mode

the package is installed in the current file tree, under the node_modules subfolder.
As this happens, npm also adds the lodash entry in the dependencies property of the package.json file present in the current folder.

A global installation is performed using the -g flag

npm install -g lodash

When this happens, npm won't install the package under the local folder, but instead, it will use a global location.

Where, exactly?

The npm root -g command will tell you where that exact location is on your machine.

The package.json guide

Sets a list of npm packages installed as dependencies.


Sets a list of npm packages installed as development dependencies.

They differ from dependencies because they are meant to be installed only on a development machine, not needed to run the code in production.

The package-lock.json file
The goal of package-lock.json file is to keep track of the exact version of every package that is installed so that a product is 100% reproducible in the same way even if packages are updated by their maintainers.

This solves a very specific problem that package.json left unsolved. In package.json you can set which versions you ca

We installed express, which depends on accepts,"array-flatten","body-parser","content-disposition and these packages require some other packages

So, In a nutshell if we install an package and that package in turn, require other packages, so those packages are stored in package-lock.json.

Top comments (0)

🌱 DEV runs on 100% open source code known as Forem.

Contribute to the codebase or learn how to host your own.