NPM (Node Package Manager) is the package manager for JavaScript. It lets you install, share, and manage code libraries (called packages) that other people have written.
Instead of writing everything from scratch, you install a package:
npm install expressNow you have a web framework. Someone else wrote it, tested it, and maintains it. You just use it.
Whatβs a package?
A package is a reusable piece of code published to the npm registry (npmjs.com). There are over 2 million packages. Examples:
expressβ web frameworkreactβ UI librarylodashβ utility functionsaxiosβ HTTP clientdotenvβ load .env files
Key files
package.json β your projectβs manifest. Lists dependencies, scripts, and metadata:
{
"name": "my-app",
"dependencies": {
"express": "^4.18.0"
},
"devDependencies": {
"jest": "^29.0.0"
},
"scripts": {
"start": "node index.js",
"test": "jest"
}
}package-lock.json β locks exact versions so every developer and CI server gets identical dependencies. Always commit this file.
node_modules/ β where packages are actually installed. Never commit this (add to .gitignore).
Essential commands
npm init -y # Create package.json
npm install express # Add a dependency
npm install jest -D # Add a dev dependency
npm install # Install all deps from package.json
npm run start # Run the "start" script
npm run test # Run the "test" script
npm update # Update packages to latest allowed
npm outdated # Show outdated packages
npm uninstall express # Remove a packagedependencies vs. devDependencies
- dependencies β needed to run your app (express, react)
- devDependencies β only needed during development (jest, eslint, typescript)
npm install express # β dependencies
npm install jest -D # β devDependenciesnpx β run without installing
npx create-react-app my-app # Runs the package without installing globally
npx prettier --write . # Run prettier onceNPM vs. alternatives
| Tool | Speed | Lock file | Disk usage |
|---|---|---|---|
| npm | Good | package-lock.json | Normal |
| pnpm | Fastest | pnpm-lock.yaml | Smallest (shared store) |
| yarn | Fast | yarn.lock | Normal |
| bun | Fastest | bun.lockb | Normal |
All use the same npm registry. You can switch between them freely.
For the full command reference, see the npm cheat sheet and pnpm cheat sheet.
If youβre considering alternatives, check out pnpm vs npm for a head-to-head comparison, or npm vs pnpm vs yarn for a full overview of all major package managers.
FAQ
Is npm the same as Node.js?
No. Node.js is the JavaScript runtime that lets you run JavaScript outside the browser. npm is the package manager that comes bundled with Node.js. You need Node.js installed to use npm, but theyβre separate tools.
Should I commit node_modules to Git?
Never. The node_modules folder can contain hundreds of megabytes of files. Instead, commit package.json and package-lock.json, and anyone can recreate node_modules by running npm install.
What does the ^ (caret) mean in package versions?
The caret (^4.18.0) means βcompatible with version 4.18.0β β npm can install any version from 4.18.0 up to (but not including) 5.0.0. This allows patch and minor updates while preventing breaking major version changes.