NPM is the most popular package manager for Node.js. It is often used for installing and uninstalling packages. but can also be used for running custom scripts and performing other operations to packages.
The most common operations for developers are installation, clean up, removing duplicates, and running scripts.
npm install
npm install , or npm i for short, is used to install packages. If you don’t put a package name after install, it downloads all the packages listed in package.json if the dependencies aren’t installed yet or the version installed is outdated. If you put a package name after npm install, it will install the package with that name as long as it finds the package. During the installation process, npm will run npm run link and npm run build to compile the packages. You can install packages globally by running npm install -g packageName
npm audit
npm audit is used for running a security audit of the npm packages you installed. It will display the results of the audit in various formats. You can also fix any security vulnerabilities with npm audit fix. To do a dry run, you can do npm audit fix --dry-run .
Both the audit and fix can be displayed in JSON by including --json to the command, such as npm audit --json and npm audit fix --json.
Example output:
=== npm audit security report ===
# Run npm update set-value --depth 12 to resolve 66 vulnerabilities
High Prototype Pollution
Package set-value
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > sass > chokidar > anymatch >
micromatch > braces > snapdragon > base > cache-base >
set-value
More info https://npmjs.com/advisories/1012
High Prototype Pollution
Package set-value
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > webpack > watchpack >
chokidar > anymatch > micromatch > braces > snapdragon >
base > cache-base > set-value
More info https://npmjs.com/advisories/1012
High Prototype Pollution
Package set-value
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > webpack-dev-server >
chokidar > anymatch > micromatch > braces > snapdragon >
base > cache-base > set-value
More info https://npmjs.com/advisories/1012
High Prototype Pollution
Package set-value
Dependency of @angular/compiler-cli [dev]
Path @angular/compiler-cli > chokidar > anymatch > micromatch >
braces > snapdragon > base > cache-base > set-value
More info https://npmjs.com/advisories/1012
...
npm bin
npm bin prints the folder where packages are installed.
Example output:
c:\math-calculator>npm bin
c:\math-calculator\node\_modules\.bin
npm ci
npm ci is used to install all packages from scratch from package-lock.json. If there are any discrepancies between package.json and package-lock.json, it will fail. node_modules will be deleted and everything will be installed from scratch.
You can tab completion to npm by including npm completion in your ~/.bashrc or ~/.zshrc.
npm-config
npm-config is used for saving configuration key-value pairs to npmrc . To set a key-value pair in npmrc, we put:
npm config set key value
To get a value from the key, we run:
npm config get key
We can list all values by running:
npm config list
We can delete the key-value pair by running:
npm config delete key
and we can edit the key-value pair by running:
npm config edit
You can append — global to the above commands to change global config.
npm dedupe
npm dedupe will remove duplicate dependencies from your node_modules folder by moving the dependencies up the dependency tree, allowing common dependencies for multiple packages to reference one dependency.
npm doctor
npm doctor runs checks to make sure your environment has everything to manage Git packages. It checks if Node.js and Git can be run. It also checks if the primary npm registry or an alternative is accessible. node_modules is checked if it can be accessed and is writable, and it checks if the npm cache exists and there are no corrupt packages:
Example output of npm doctor:
npm notice PING https://registry.npmjs.org/
npm WARN verifyCachedFiles Content garbage-collected: 1328 (139761056 bytes)
npm WARN verifyCachedFiles Missing content: 5
npm WARN verifyCachedFiles Cache issues have been fixed
Check Value Recommendation
npm ping OK
npm -v v6.9.0 Use npm v6.10.3
node -v v10.16.0 Use node v10.16.2
npm config get registry https://registry.npmjs.org/
which git C:\Program Files\Git\cmd\git.EXE
Perms check on cached files ok
Perms check on global node_modules ok
Perms check on local node_modules ok
Verify cache contents verified 8899 tarballs
npm explore
npm explore is used when you need to browse for an installed package. Once you’re in the package directory, you can run commands there.
npm help
npm help-search and npm help commands are used to find help with npm commands.
npm init
npm init is used for adding package.json to a project if it doesn’t already exist. npm init -y is used for skipping all the questions asked before creating the file.
npm outdated
npm outdated is used for checking for outdated packages.
Example output:
Package Current Wanted Latest Location
@angular-devkit/build-angular 0.800.3 0.800.6 0.802.1 math-calculator
@angular/animations 8.0.2 8.2.1 8.2.1 math-calculator
@angular/cdk 8.0.1 8.1.2 8.1.2 math-calculator
@angular/cli 8.0.3 8.0.6 8.2.1 math-calculator
@angular/common 8.0.2 8.0.3 8.2.1 math-calculator
@angular/compiler 8.0.2 8.0.3 8.2.1 math-calculator
@angular/compiler-cli 8.0.2 8.0.3 8.2.1 math-calculator
@angular/core 8.0.2 8.0.3 8.2.1 math-calculator
@angular/forms 8.0.2 8.0.3 8.2.1 math-calculator
@angular/language-service 8.0.2 8.0.3 8.2.1 math-calculator
@angular/material 8.0.1 8.1.2 8.1.2 math-calculator
@angular/platform-browser 8.0.2 8.0.3 8.2.1 math-calculator
@angular/platform-browser-dynamic 8.0.2 8.0.3 8.2.1 math-calculator
@angular/router 8.0.2 8.0.3 8.2.1 math-calculator
@ngrx/store 8.0.1 8.2.0 8.2.0 math-calculator
@types/jasmine 3.3.13 3.3.16 3.4.0 math-calculator
@types/node 8.9.5 8.9.5 12.7.1 math-calculator
karma 4.1.0 4.1.0 4.2.0 math-calculator
karma-chrome-launcher 2.2.0 2.2.0 3.0.0 math-calculator
karma-coverage-istanbul-reporter 2.0.5 2.0.6 2.1.0 math-calculator
mathjs 6.0.2 6.0.4 6.0.4 math-calculator
rxjs 6.4.0 6.4.0 6.5.2 math-calculator
ts-node 7.0.1 7.0.1 8.3.0 math-calculator
tslint 5.15.0 5.15.0 5.18.0 math-calculator
typescript 3.4.5 3.4.5 3.5.3 math-calculator
zone.js 0.9.1 0.9.1 0.10.1 math-calculator
npm ls
npm ls lists installed packages in the current project. npm list and npm la are aliases of this command.
npm prune
npm prune removes unused packages. npm run --production is used to delete packages from the devDependencies section. The --dry-run option is used for checking which packages will be deleted before the actual run. The --json option can be used to display results in JSON. With package-lock enabled, pruning is automatic.
npm root
npm root displays the root folder for Node packages in the project.
npm run
npm run-script lets you run custom scripts that you write. npm run is an alias of this command.
npm start
npm start starts a package by running the command you define.
npm search
npm search is used to search for packages by name.
npm shrinkwrap
npm shrinkwrap creates npm-shrinkwrap.json by repurposing package-lock.json or creating from scratch. npm-shrinkwrap.json takes precedence over package-lock.json .
npm stop
npm stop stops a package by running stop command that you define.
npm test
npm test allows you to run tests with a script that you define.
npm uninstall
npm uninstall is used for uninstalling packages. You can add -g at the end to remove global packages.
npm update
npm updateupdates packages in the project. npm update packageName updates only the package with the name packageName . It will record the latest version to package-lock.json .
To upgrade npm to the latest version, run npm install -g npm.
