npm stands for Node Package Manager.
npm is a software registry, a package manager, and a package installer.
Open-source developers use npm to share software.
You can share packages at https://ww.npmjs.com.
npm is run from the command line.
npm is installed as part of Node.js.
npm was first created for Node.js and has since expanded to other uses.
To check if npm is installed (from command line):
npm
which will pull up the basic help text.
To see what version of npm you are running:
npm -v
will output the version number.
Any registry website that implements the CommonJS Package Registry specification.
Used to resolve name/version ids.
npm defaults to using https://registry.npmjs.org.
A package can be any of the following:
(a) a folder containing "package.json" and a program
(b) a gzipped tarball containing (a)
(c) a url that resolves to (b)
(d) a name@version published on the registry with (c)
(e) a name@tag that points to (d)
(f) a name that has a "latest" tag satisfying (e)
(g) a git url that resolves to (a)
"package.json" must contain at least:
{
"name": "package name",
"version": "1.0.0"
}
@name/version forms a unique id for your package.
name cannot be longer than 214 characters (including scope).
name cannot start with a period (.) or underscore (_).
name must be all lowercase.
name should use hyphens (-) to delimit words. Ex: more-than-one-word.
name must be url-safe, as it will become a file name, a folder name, and a url.
name should not include "node" or "js" as this is assumed.
version must be parseable by node-semver.
Good examples:
1.2.3
v1.2.3
1.2.3-alpha
Bad examples:
a.b.c
Any dependencies must also be defined in "package.json".
{
"name": "package name",
"version": "1.0.0",
"dependencies": {
"@other-package-name/build-scripts": "^1.0.443",
"@pie/components": "1.0.849"
}
}
"package-lock.json" is an optional file in the same directory as "package.json".
This file will be automatically generated if npm modifies the node_modules tree or your "package.json".
This file ensures that everyone's dependency trees remain synced, regardless of intermediate changes.
This file is not published, and will be ignored anywhere except in the package root directory.
Same format and purpose as "package-lock.json", but can be published.
Takes precedence over "package-lock.json" if both are present.
To check if you are logged in:
npm whoami
To login:
npm login
To publish a package to the global registry:
npm publish
Installs a package, plus any package that it depends on.
If the package has a package-lock or shrinkwrap file, that will direct dependency installation.
If both exist, npm-shrinkwrap.json will take precedence.
Install the current project (from the root folder):
npm install
Installs dependencies into the local node_modules folder.
Global mode:
npm install -g
npm install --global
Installs dependencies into the current package context (i.e. working directory) as a global package.
Ignore "devDependencies" in "package.json":
npm install --production
Install a specificed package:
npm install <package name>
npm install <url>
npm install <tarball file>
npm install <folder>
Install a project with a clean slate. Ensures clean install of dependencies.
Intended for automated environments - skips certain user-oriented features that "npm install" would have included.
More strict than "npm install" - can catch errors that incrementally-installed environments would not.
From the project's root folder:
npm ci
Run a script named in "package.json":
npm run script-name