npm (Node Package Manager) is the default package manager for Node.js. It installs libraries and manages project configuration via package.json.

package.json Essentials 

  {
  "name": "my-app",
  "version": "1.0.0",
  "description": "My Node.js application",
  "main": "index.js",
  "type": "module",
  "scripts": {
    "start": "node src/index.js",
    "dev": "node --watch src/index.js",
    "test": "node --test"
  },
  "dependencies": {
    "express": "^4.18.2"
  },
  "devDependencies": {
    "nodemon": "^3.0.0"
  },
  "engines": {
    "node": ">=18.0.0"
  }
}

Installing Packages 

  # Production dependency
npm install express

# Development dependency
npm install --save-dev nodemon

# Global CLI tool
npm install -g nodemon

# Install all dependencies from package.json
npm install

Semantic Versioning

Symbol Meaning Example
^4.18.2 Compatible with 4.x (minor/patch updates) 4.18.2 → 4.19.0 OK
~4.18.2 Patch updates only 4.18.2 → 4.18.3 OK
4.18.2 Exact version Always 4.18.2

npm Scripts

Run scripts defined in package.json:

  npm start
npm run dev
npm test
npm run build

Custom scripts can chain commands:

  {
  "scripts": {
    "dev": "node --watch src/index.js",
    "lint": "eslint src/",
    "lint:fix": "eslint src/ --fix"
  }
}

npx

Run packages without global install:

  npx create-express-app my-api
npx eslint src/

package-lock.json

Automatically generated — locks exact dependency versions for reproducible installs. Commit this file to version control.

Useful Commands 

  npm list              # List installed packages
npm outdated          # Check for updates
npm update            # Update packages
npm uninstall express # Remove a package
npm audit             # Security vulnerability scan
npm audit fix         # Auto-fix vulnerabilities

.npmrc

Project-level npm configuration:

  save-exact=true
engine-strict=true

Alternatives

  • yarn — Fast, reliable package manager
  • pnpm — Disk-efficient, strict dependency resolution

All use the same npm registry.