NPM is the most popular package manager for Node.js. It is often used for installing and uninstalling packages. but can also be used for running custom scripts and performing other operations to packages.
The most common operations for developers are installation, clean up, removing duplicates, and running scripts.
npm install , or
npm i for short, is used to install packages. If you don’t put a package name after
install, it downloads all the packages listed in
package.json if the dependencies aren’t installed yet or the version installed is outdated. If you put a package name after
npm install, it will install the package with that name as long as it finds the package. During the installation process,
npm will run
npm run link and
npm run build to compile the packages. You can install packages globally by running
npm install -g packageName
npm audit is used for running a security audit of the npm packages you installed. It will display the results of the audit in various formats. You can also fix any security vulnerabilities with
npm audit fix. To do a dry run, you can do
npm audit fix --dry-run .
Both the audit and fix can be displayed in JSON by including
--json to the command, such as
npm audit --json and
npm audit fix --json.
=== npm audit security report === # Run npm update set-value --depth 12 to resolve 66 vulnerabilities High Prototype Pollution Package set-value Dependency of @angular-devkit/build-angular [dev] Path @angular-devkit/build-angular > sass > chokidar > anymatch > micromatch > braces > snapdragon > base > cache-base > set-value More info https://npmjs.com/advisories/1012 High Prototype Pollution Package set-value Dependency of @angular-devkit/build-angular [dev] Path @angular-devkit/build-angular > webpack > watchpack > chokidar > anymatch > micromatch > braces > snapdragon > base > cache-base > set-value More info https://npmjs.com/advisories/1012 High Prototype Pollution Package set-value Dependency of @angular-devkit/build-angular [dev] Path @angular-devkit/build-angular > webpack-dev-server > chokidar > anymatch > micromatch > braces > snapdragon > base > cache-base > set-value More info https://npmjs.com/advisories/1012 High Prototype Pollution Package set-value Dependency of @angular/compiler-cli [dev] Path @angular/compiler-cli > chokidar > anymatch > micromatch > braces > snapdragon > base > cache-base > set-value More info https://npmjs.com/advisories/1012 ...
npm bin prints the folder where packages are installed.
c:\math-calculator>npm bin c:\math-calculator\node\_modules\.bin
npm ci is used to install all packages from scratch from
package-lock.json. If there are any discrepancies between
package-lock.json, it will fail.
node_modules will be deleted and everything will be installed from scratch.
You can tab completion to
npm by including
npm completion in your
npm-config is used for saving configuration key-value pairs to
npmrc . To set a key-value pair in
npmrc, we put:
npm config set key value
To get a value from the key, we run:
npm config get key
We can list all values by running:
npm config list
We can delete the key-value pair by running:
npm config delete key
and we can edit the key-value pair by running:
npm config edit
You can append
— global to the above commands to change global config.
npm dedupe will remove duplicate dependencies from your
node_modules folder by moving the dependencies up the dependency tree, allowing common dependencies for multiple packages to reference one dependency.
npm doctor runs checks to make sure your environment has everything to manage Git packages. It checks if Node.js and Git can be run. It also checks if the primary npm registry or an alternative is accessible.
node_modules is checked if it can be accessed and is writable, and it checks if the npm cache exists and there are no corrupt packages:
Example output of
npm notice PING https://registry.npmjs.org/ npm WARN verifyCachedFiles Content garbage-collected: 1328 (139761056 bytes) npm WARN verifyCachedFiles Missing content: 5 npm WARN verifyCachedFiles Cache issues have been fixed Check Value Recommendation npm ping OK npm -v v6.9.0 Use npm v6.10.3 node -v v10.16.0 Use node v10.16.2 npm config get registry https://registry.npmjs.org/ which git C:\Program Files\Git\cmd\git.EXE Perms check on cached files ok Perms check on global node_modules ok Perms check on local node_modules ok Verify cache contents verified 8899 tarballs
npm explore is used when you need to browse for an installed package. Once you’re in the package directory, you can run commands there.
npm help-search and
npm help commands are used to find help with npm commands.
npm init is used for adding
package.json to a project if it doesn’t already exist.
npm init -y is used for skipping all the questions asked before creating the file.
npm outdated is used for checking for outdated packages.
Package Current Wanted Latest Location @angular-devkit/build-angular 0.800.3 0.800.6 0.802.1 math-calculator @angular/animations 8.0.2 8.2.1 8.2.1 math-calculator @angular/cdk 8.0.1 8.1.2 8.1.2 math-calculator @angular/cli 8.0.3 8.0.6 8.2.1 math-calculator @angular/common 8.0.2 8.0.3 8.2.1 math-calculator @angular/compiler 8.0.2 8.0.3 8.2.1 math-calculator @angular/compiler-cli 8.0.2 8.0.3 8.2.1 math-calculator @angular/core 8.0.2 8.0.3 8.2.1 math-calculator @angular/forms 8.0.2 8.0.3 8.2.1 math-calculator @angular/language-service 8.0.2 8.0.3 8.2.1 math-calculator @angular/material 8.0.1 8.1.2 8.1.2 math-calculator @angular/platform-browser 8.0.2 8.0.3 8.2.1 math-calculator @angular/platform-browser-dynamic 8.0.2 8.0.3 8.2.1 math-calculator @angular/router 8.0.2 8.0.3 8.2.1 math-calculator @ngrx/store 8.0.1 8.2.0 8.2.0 math-calculator @types/jasmine 3.3.13 3.3.16 3.4.0 math-calculator @types/node 8.9.5 8.9.5 12.7.1 math-calculator karma 4.1.0 4.1.0 4.2.0 math-calculator karma-chrome-launcher 2.2.0 2.2.0 3.0.0 math-calculator karma-coverage-istanbul-reporter 2.0.5 2.0.6 2.1.0 math-calculator mathjs 6.0.2 6.0.4 6.0.4 math-calculator rxjs 6.4.0 6.4.0 6.5.2 math-calculator ts-node 7.0.1 7.0.1 8.3.0 math-calculator tslint 5.15.0 5.15.0 5.18.0 math-calculator typescript 3.4.5 3.4.5 3.5.3 math-calculator zone.js 0.9.1 0.9.1 0.10.1 math-calculator
npm ls lists installed packages in the current project.
npm list and
npm la are aliases of this command.
npm prune removes unused packages.
npm run --production is used to delete packages from the
devDependencies section. The
--dry-run option is used for checking which packages will be deleted before the actual run. The
--json option can be used to display results in JSON. With package-lock enabled, pruning is automatic.
npm root displays the root folder for Node packages in the project.
npm run-script lets you run custom scripts that you write.
npm run is an alias of this command.
npm start starts a package by running the command you define.
npm search is used to search for packages by name.
npm shrinkwrap creates
npm-shrinkwrap.json by repurposing
package-lock.json or creating from scratch.
npm-shrinkwrap.json takes precedence over
npm stop stops a package by running stop command that you define.
npm test allows you to run tests with a script that you define.
npm uninstall is used for uninstalling packages. You can add
-g at the end to remove global packages.
npm updateupdates packages in the project.
npm update packageName updates only the package with the name
packageName . It will record the latest version to
To upgrade npm to the latest version, run
npm install -g npm.