Home

NPM

Basic Commands

Installation & Initialization

npm init                    # Create package.json interactively
npm init -y                 # Create package.json with defaults
npm install                 # Install all dependencies from package.json
npm install < package >       # Install package locally
npm install -g < package >    # Install package globally

Dependency Types

npm install < package >                  # Adds to "dependencies"
npm install < package >-D                # Adds to "devDependencies"
#or
npm install < package > --save-dev       # Adds to "devDependencies"
npm install < package > --save-optional  # Adds to "optionalDependencies"

Semantic Versioning (SemVer)

Version Format: MAJOR.MINOR.PATCH (e.g., 1.4.2)

  • MAJOR - Breaking changes (incompatible API changes)
  • MINOR - New features (backward-compatible)
  • PATCH - Bug fixes (backward-compatible)

Version Ranges in package.json

{
  "dependencies": {
    "exact": "1.2.3",           // Exact version only
    "patch": "~1.2.3",          // >=1.2.3 <1.3.0 (patch updates)
    "minor": "^1.2.3",          // >=1.2.3 <2.0.0 (minor + patch, DEFAULT)
    "range": ">=1.2.3 <2.1.0",  // Custom range
    "latest": "*",              // Any version (dangerous!)
    "major": "1.x",             // >=1.0.0 <2.0.0
  }
}

Common Version Symbols

  • ^1.2.3 - Caret (most common): Compatible minor/patch updates
  • ~1.2.3 - Tilde : Compatible patch updates only
  • 1.2.x - Wildcard : Any patch version
  • >1.2.3 - Greater than specific version
  • latest - Latest published version

Package Management

Update & Outdated

npm outdated                  # Show outdated packages
npm update                    # Update packages (respecting semver)
npm update < package >        # Update specific package
npm update -g                 # Update global packages

View & Search

npm view < package >          # Show package info
npm view < package > versions # Show all available versions
npm search < package >        # Search npm registry
npm list                      # List installed packages (tree)
npm list --depth=0            # List top-level packages only
npm list -g --depth=0         # List global packages

Remove

npm uninstall < package >     # Remove package
npm uninstall -g < package >  # Remove global package
npm prune                     # Remove unused packages

Publishing & Versioning

npm login                       # Login to npm registry
npm publish                     # Publish package
npm version patch               # Bump patch version (1.2.3 → 1.2.4)
npm version minor               # Bump minor version (1.2.3 → 1.3.0)
npm version major               # Bump major version (1.2.3 → 2.0.0)
npm version 1.4.0               # Set specific version
npm deprecate < pkg >@< ver >   # Deprecate a version

Cache & Troubleshooting

npm cache clean --force     # Clear npm cache
npm audit                   # Check for vulnerabilities
npm audit fix               # Fix vulnerabilities automatically
npm doctor                  # Check npm environment
npm ci                      # Clean install (uses package-lock.json)

Configuration

npm config list             # Show all config
npm config get < key >        # Get config value
npm config set < key > < val >  # Set config value
npm config delete < key >     # Delete config value

Best Practices

  1. Always commit package-lock.json - Ensures consistent installs
  2. Use npm ci in CI/CD pipelines instead of npm install
  3. Use ^ for dependencies - Allows safe updates
  4. Use exact versions for critical/breaking packages
  5. Run npm audit regularly for security
  6. Keep packages updated but test thoroughly
  7. Use .npmrc for project-specific configs