A Brief Overview of What NPM Is.

Introduction to NPM

Andrew Wulf

I made a mistake, this week I started to write and prepare whatever I felt I needed the next article instead of investigating first like usual and ended up with something I didn’t feel was satisfactory.

Lesson re-learned: Research more before typing!

That aside, I managed to make a brief overview of what NPM is and while searching for NPM and how to publish for it I ended up stumbling on awesome articles and videos about the topic. If that would interest you keep reading.


When you install Node.js it comes with NPM which translates to “Node Package Manager”.

A package is nothing else than a project that gives you some methods to make your life easier while developing in Node.js, for example, you want to have yourconsole.logtext with color, instead of doing something likeconsole.log('\x1b[32m', 'I am green')you could install a package like chalk which allows you to just have to doconsole.log(chalk.green('I am green')). Or maybe you want to handle dates, instead of figuring out all the edge cases you have packages likemoment.

So NPM ends up being an online registry hosting packages for you to download and a manager of those packages and their dependencies on your machine so that you can use them whenever needed on your project.

You can have a more in depth overview of NPM in theirdocumentation.

How to use

After you install Node.js if you want to track your project package dependencies you have to create a file namedpackage.json, you can do that by just doingnpm initand answering the prompted questions.

To install a dependency just donpm install --save [package]what--savedoes is add it to the package (since npm 5 that comes with Node 8 this is the default behaviour) so if you share your code with anyone they just have to runnpm installand every dependency for your project to run will be installed.

When dependencies are installed a node_modules folder is created, that is where all the packages and their dependencies of your project are stored. You shouldn’t version that to Git since whenever a project is cloned the first thing you should do its runnpm installto get those dependencies again. To remove a dependency from node_modules that is no longer in your package runnpm prune.

You can install a dependency globally by replacing—-savewith-gbut I would only recommend you do so for utility dependencies like a linter and just leave the rest of the dependencies being tracked by project so you have a better overview of what is really needed on each project.

Global dependencies can be listed by doingnpm list -g --depth=0. And you can uninstall package by doingnpm uninstall [dependency]. If installed globally remember to send the-gand the same with—-savefor project dependencies.

“I have a dependency what now?” — Now you can either run it withnode_modules/.bin/[dependency]and play around with it on the CLI (terminal) or in a JavaScript file to be run by node doconst myVarName = require('[package]')and your variable should have access to the methods available to that package. For example, for chalk like we talked earlier

chalk will have the methods that you can see in their documentation like green, red and so on

test.js being my JavaScript filename

package.json example

You can also add scripts in thepackage.jsonso that they get used as shortcuts for frequent commands, to run a script just donpm run [scriptName]. To get a list of all available scripts without having to open thepackage.jsonjust donpm run.

“Why the caret (^)?” - well the moment a package is installed and saved in thepackage.jsonthe version of that package is also saved, if a caret is present next time you donpm installif that package has a new minor version (1.x.x) it will install that version even tough the package is saved with 1.2.0 but it will not install a major like 2.0.0. Likewise tilde (~) will install upwards to the patch version (1.2.x) but never a major or minor.

I like to remove those and just let it locked to the version of installation since a patch can be sent has an update with a major change when semantic versioning is not being followed making the project to just stop working.

Note that when calling a package in the scripts you don’t have to give the bin path you can just do"scriptName”: [dependency] [file] [params], the same happens to global dependencies.

“tape-watch” instead of “node_modules/.bin/tape-watch”

You can complement this introductory reading withthisawesome article.

Finding Packages

You could search in the NPM website to get a list of existing packages or you can useNPMSwhich will not only give you the packages that are available but will also present you a score to each package which is higher if the package doesn’t have vulnerable dependencies, is popular and maintenance is frequent.

How to publish

This is what I started writing and ended up finding there are awesome, very complete articles and videos already of the topic (one would expected that being the case but sometimes information is fragmented or old enough that is not useful anymore, not in this case):

NPM alternatives

Instead of using NPM to install your packages there are a couple of alternatives that can catch your eye because they boast being simpler or faster than NPM likePNPMandYARN.Boweris still maintained but as lost popularity over time.

Private Registry

So that you can have your modules private you have to pay a small monthly fee to have it on NPM has private package.

There are alternatives likeNexus Repository managerwhich you can install on your own server and install your packages from it instead of from NPM.

Article 10 of 30, part of a project for publishing an article at least once a week, from idle thoughts to tutorials. Leave a comment, follow me onDiogo Spínola and then go back to your brilliant project!

Source: https://medium.com/@daspinola/introduction-to-npm-d62b6f6efd08