HVRDnpm and npm registry
A comprehensive guide to Node Package Manager (NPM) and the npm registry
Introduction to NPM
NPM (Node Package Manager) is the default package manager for Node.js. It helps developers:
- Install, update, and manage packages (libraries/modules).
- Manage dependencies for projects.
- Share code with the wider community via the npm registry.
Think of NPM as the central hub for Node.js development.
NPM vs Node.js
- Node.js: A JavaScript runtime built on the V8 engine.
- NPM: A tool to manage JavaScript code libraries for Node.js projects.
Without NPM, managing libraries manually would be tedious and error-prone.
Installing NPM
NPM comes preinstalled with Node.js. To check the installed version:
node -v # Check Node.js version
npm -v # Check NPM versionYou can also update NPM:
npm install -g npm@latestCore NPM Commands
npm init
Initializes a new Node.js project by creating a package.json:
npm init # Interactive mode
npm init -y # Default valuesnpm install
Installs dependencies:
npm install <package> # Install latest version
npm install <package>@<version> # Install specific version
npm install --save-dev <package> # Install as devDependency- Installs packages into
node_modules. - Updates
package.jsonandpackage-lock.json.
npm uninstall
Removes a package:
npm uninstall <package>npm update
Updates installed packages to latest versions based on semver rules:
npm updatenpm run
Runs scripts defined in package.json:
npm run start
npm run testUsing ES Modules in Node.js
Node.js traditionally used CommonJS modules (require / module.exports). To use ES modules (import / export), you have options:
Add "type": "module" in package.json:
{
"type": "module"
}Or, run Node.js with the experimental flag:
node --experimental-modules index.js- This allows
.jsfiles to use ES module syntax. - Required in older Node.js versions < 13 for native ES module support.
File extension matters:
- Use
.mjsfor ES module files if not using"type": "module".
NPM Package Structure
Every NPM package usually includes:
package.json: Metadata, scripts, and dependencies.README.md: Documentation.LICENSE: License information.index.jsormainentry point.- Optional:
binfor CLI tools.
Understanding the npm Registry
The npm registry is an online database of open-source Node.js packages. Developers can:
- Publish packages.
- Install packages.
- Search for modules via
npm searchor npmjs.com.
Key Features of the npm Registry
Global access: Packages are publicly available unless marked private.
Versioning: Follows Semantic Versioning (MAJOR.MINOR.PATCH).
Scoped packages: Namespaces for organizations (@scope/package).
Publishing Packages
To share a package with the world:
Login to npm:
npm loginPublish the package:
npm publish- By default, packages are public.
- For private packages:
npm publish --access=restricted- Use
package.jsonversionfield to increment versions before publishing updates.
Scoped Packages
Scoped packages allow namespacing to avoid conflicts:
{
"name": "@harsha/my-package",
"version": "1.0.0"
}- Published under your username or organization.
- Can be public or private.
Package Locking
package-lock.jsonensures deterministic installs.- Keeps the exact versions of all dependencies.
- Automatically created when you
npm install.
npm CLI vs npx
- npm CLI: Installs and manages packages.
- npx: Runs packages without globally installing them.
Example:
npx create-react-app my-appThis runs create-react-app once without globally installing it.
Useful NPM Configurations
Set default registry:
npm config set registry https://registry.npmjs.org/Check configuration:
npm config listUse proxy (if behind corporate firewall):
npm config set proxy http://proxy-server:8080
npm config set https-proxy http://proxy-server:8080Security and Auditing
npm auditscans for vulnerabilities in dependencies.npm audit fixattempts to automatically fix issues.- Important for production-ready applications.