npm is the world's largest software registry. Open source developers from every continent use npm to share and borrow packages, and many organizations use npm to manage private development as well.
npm consists of three distinct components:
- the website 2.the Command Line Interface (CLI) 3.the registry
npm manages downloads of dependencies of your project.
Installing all dependencies
If a project has a package.json file, by running
Installing a single package
npm install <package-name>
Furthermore, since npm 5, this command adds to the package.json file dependencies. Before version 5, you needed to add the flag --save.
1.save-dev installs and adds the entry to the package.json file devDependencies
2.no-save installs but does not add the entry to the package.json file dependencies
3.save-optional installs and adds the entry to the package.json file optionalDependencies
4.no-optional will prevent optional dependencies from being installed
Shorthands of the flags can also be used:
- S: --save
- D: --save-dev
- O: --save-optional
The difference between devDependencies and dependencies is that the former contains development tools, like a testing library, while the latter is bundled with the app in production.
Where does npm install the packages?
When you install a package using npm you can perform 2 types of installation:
- a local install
- a global install By default, when you type an npm install command, like
npm install lodash
the package is installed in the current file tree, under the node_modules subfolder.
As this happens, npm also adds the lodash entry in the dependencies property of the package.json file present in the current folder.
A global installation is performed using the -g flag
npm install -g lodash
When this happens, npm won't install the package under the local folder, but instead, it will use a global location.
The npm root -g command will tell you where that exact location is on your machine.
The package.json guide
Sets a list of npm packages installed as dependencies.
Sets a list of npm packages installed as development dependencies.
They differ from dependencies because they are meant to be installed only on a development machine, not needed to run the code in production.
The package-lock.json file
The goal of package-lock.json file is to keep track of the exact version of every package that is installed so that a product is 100% reproducible in the same way even if packages are updated by their maintainers.
This solves a very specific problem that package.json left unsolved. In package.json you can set which versions you ca
We installed express, which depends on accepts,"array-flatten","body-parser","content-disposition and these packages require some other packages
So, In a nutshell if we install an package and that package in turn, require other packages, so those packages are stored in package-lock.json.