Back to Home
NPM logoNPM INTERMEDIATE

NPM Package Manager

Complete guide to NPM including package.json configuration, dependency management, CLI commands, publishing, and workspaces

10 min read
npmpackage-managernodejspublishingworkspacesdependenciescli
Official Docs

Project Setup & Initialization

Initialize and configure new NPM projects

Initialize Project

Create a new package.json file

bash
🟢 Essential - Every project starts with npm init
💡 Use -y flag to skip questions and use defaults
📌 npm init <pkg> runs npm exec create-<pkg>
⚡ Set config defaults to save time
🔗 Related: npm config for default settings
initsetup

Package.json Structure

Essential fields in package.json

json
🟢 Essential - package.json is the project manifest
💡 Use "type": "module" for ES modules
📌 Scripts are shortcuts for common commands
⚡ "files" field controls what gets published
⚠️ Name must be lowercase and URL-safe
package.jsonconfig

NPX - Package Execution

Execute packages without installing globally

bash
🟢 Essential - Run packages without global install
💡 Great for one-time use tools
⚡ Always uses latest version unless specified
📌 Packages are temporarily downloaded and cached
🔗 Related: npm exec is the same as npx
npxexecution

Package Management

Install, update, and remove packages

Installing Packages

Add dependencies to your project

bash
🟢 Essential - Most common NPM operation
💡 npm ci is faster for automated environments
📌 Use -D for dev-only tools (testing, building)
⚠️ Global installs can cause version conflicts
⚡ --production skips devDependencies
installpackages

Updating Packages

Keep dependencies up to date

bash
💡 npm update respects semver ranges in package.json
⚠️ audit fix --force may introduce breaking changes
📌 Use npm-check-updates for major version updates
🟢 Essential - Keep dependencies secure and updated
⚡ npm dedupe reduces duplication in node_modules
updatemaintenance

Removing Packages

Uninstall and clean up packages

bash
💡 npm prune removes packages not in package.json
📌 Cache clean might be needed for stubborn issues
⚠️ Removing node_modules is the nuclear option
🟢 Essential - Keep project clean and lean
🔗 Related: npx depcheck finds unused packages
uninstallcleanup

Scripts & Task Running

Define and run npm scripts

Running Scripts

Execute scripts defined in package.json

bash
🟢 Essential - Scripts automate common tasks
💡 Use -- to pass flags to the underlying command
📌 pre/post scripts run automatically
⚡ Special scripts (start, test) don't need "run"
🔗 Related: concurrently, npm-run-all for parallel
scriptsrun

Environment & Config

Configure NPM behavior and environment

bash
💡 Project .npmrc overrides user config
📌 Use npm config for persistent settings
⚠️ Don't commit auth tokens to .npmrc
🟢 Essential for CI/CD and private registries
🔗 Related: dotenv for environment variables
configenvironment

Publishing & Versioning

Publish packages and manage versions

Version Management

Semantic versioning and releases

bash
🟢 Essential - Follow semantic versioning
💡 Major: breaking, Minor: features, Patch: fixes
📌 Version command creates git tag automatically
⚡ Use preversion script to run tests first
🔗 Related: standard-version, semantic-release
versionsemver

Publishing Packages

Publish to NPM registry

bash
🟢 Essential for package authors
💡 Use --dry-run to preview before publishing
⚠️ Unpublish only works within 72 hours
📌 Use "files" field to control published files
🔗 Related: np package for easier publishing
publishregistry

Security & Maintenance

Keep projects secure and well-maintained

Security Auditing

Find and fix security vulnerabilities

bash
🟢 Essential - Security is critical
💡 Run audit regularly in CI/CD
⚠️ --force may introduce breaking changes
📌 Set audit-level to fail CI appropriately
🔗 Related: snyk, socket for advanced scanning
securityaudit

Package Information

Inspect and analyze packages

bash
💡 Use npm explain to understand dependencies
📌 npm fund shows open-source funding info
⚡ npm dedupe reduces duplicate packages
🟢 Essential for dependency management
🔗 Related: npm-check, npm-check-updates
infoanalysis

Workspaces & Advanced

Monorepo management with NPM workspaces

NPM Workspaces

Manage multiple packages in monorepo

bash
🔴 Advanced - Great for monorepos
💡 Workspaces share dependencies (hoisting)
📌 Use workspace: protocol for internal deps
⚡ Reduces duplication and install time
🔗 Related: lerna, nx for advanced monorepos
workspacesmonorepo

NPM Link & Local Dev

Link local packages for development

bash
💡 npm link creates symlinks for local dev
📌 Great for testing packages before publishing
⚠️ Remember to unlink when done
⚡ file: protocol copies, link: symlinks
🟢 Essential for package development
linkdevelopment

Cache & Performance

Manage NPM cache and improve performance

bash
💡 Cache speeds up repeated installs
⚡ npm ci is much faster for CI/CD
📌 --prefer-offline uses cache when possible
🟢 Essential for CI/CD optimization
🔗 Related: yarn, pnpm for faster installs
cacheperformance