Skip to content
HeyNode

What is NPM?

This tutorial focuses on the npm (Node Package Manager), the standard command line tool to install Node.js dependencies, and also a public database of JavaScript packages available for download. Working with Node.js means we have a flourishing ecosystem of open source software and tools available. NPM helps us use these tools and libraries, enabling us to find, install, and manage them.

NPM Packages are accessible at npmjs.com, and we use the npm Command Line Interface (CLI) tool to install them properly into our application. Although npm started with Node.js packages, it is now an essential part of the entire JavaScript ecosystem and depended upon by web developers of all kinds.

In this tutorial we’ll:

  • Understand the basics of the Node Package Manager
  • Learn about the role NPM plays in the JavaScript ecosystem
  • Learn about the NPM registry
  • Discuss the npm command line interface, and alternatives to it

Goal

Learn about NPM and the role it plays in the Node.js ecosystem.

Prerequisites

  • None

Watch: What is NPM?

What is NPM?

As the widely popular Node.js package manager, NPM represents the entry point into the ecosystem of open source JavaScript modules. One of the biggest benefits of working with Node.js is leveraging this ecosystem. Working with libraries distributed on NPM minimizes the amount of application-specific code you need to write and maintain. Reusing code others have written is central to creating any application, and NPM helps make managing that code much easier for developers.

NPM is actually a few different things. First and foremost, it is the NPM Registry, the public database of JavaScript packages available for download. You can search for packages to download on npmjs.com. Second, you use the npm command line tool (which is bundled with Node.js) to download packages from NPM and put them into the proper place in your application. Finally, npm, Inc. is the company that maintains the public NPM Registry.

To recap, when people talk about NPM, they usually mean one or more of the following:

  • The NPM software registry, available to browse at npmjs.com
  • The npm command line tool
  • npm, Inc., the company which maintains the registry

Next we’ll talk briefly about each of NPM’s aspects to get a better idea of how all these things relate.

Common terms

Let’s define some important terms first.

package

A package is a unit of code which can be published to the NPM registry. What makes it a package is the presence of a package.json file, which describes the code contained in the package and its dependencies. You aren’t required to publish your packages to NPM, but everything published to NPM must be a package. You can read more about packages in the npm documentation.

package.json

A JSON file which describes important metadata about a package, such as dependencies required by the package and the package’s name. Learn more about package.json.

module

Modules are reusable units of code that are used directly in your code via require. There are built-in core modules, which come with Node.js and don’t need to be installed first (like the http module), as well as local modules you write yourself, and external modules published to NPM. External modules are distributed via packages published to NPM, and installed to your node_modules/ folder using the npm CLI. You can read more about modules in the npm documentation.

node_modules/

The folder in the root of your application where packages are installed by the npm CLI tool. This folder contains the actual code of your application’s dependencies, and is created by the npm CLI tool when installing packages. This folder should not be checked-in to version control.

The NPM software registry

One of the most important parts of NPM is the registry. The NPM software registry is a public database of JavaScript code, tools, libraries, and frameworks which are available to download and use in your applications. The registry allows you to search for and download useful modules and libraries to use in your applications.

Currently, the NPM registry has over 800,000 packages listed (and counting), making it the largest public registry of software anywhere on the internet. Anyone can freely distribute their JavaScript modules by publishing them as packages to NPM. The registry is truly the heart of NPM, connecting millions of developers around the world with the packages and tools needed to get their work done.

Instead of writing your application entirely from scratch, you will likely use modules published to NPM to aid in your development, reusing modules and libraries written by other developers to accomplish certain tasks. For example, Express is the most popular server framework in Node.js. You can download it from NPM and have a server running in just a few lines of code. This availability of reusable modules helps to speed up Node.js development by reducing the amount of application-specific code you have to write.

Finding packages to use on npmjs.com

With almost 1 million packages published to NPM, how do you find the one you need to solve your particular problem? This is where the npmjs.com website comes in, as the frontend to the NPM registry. You’re able to search through all available public NPM packages from the npmjs.com website, see the package’s readme, find usage stats, see when the package was last updated, and view other metadata like links to the package’s repository and issue tracker.

There are no definitive rules for how to pick a package to use. When possible, we suggest you choose a package which is popular and actively maintained, and which focuses on the problem you’re trying to solve most specifically. Popularity and active maintenance are less-than-perfect indicators of quality, but are useful heuristics when deciding which package to depend on. In general, you want to work with projects which are healthy and actively maintained, so bugs get fixed and the project gets better over time.

Some of the most common indicators of package health and popularity available on the npm website are the following:

Weekly downloads

How many times was this package downloaded in the last 7 days? This is a good indication of how widely used a package is. The more downloads, the better.

Last published date

Not all packages are updated frequently, which is fine, but a long span of time without a new version being published is an indicator that the package might not be actively maintained anymore.

Version

What version number is the package on? Is it still at 1.0.0, meaning it hasn’t been updated since first being published? More versions may indicate the project is being developed more actively.

Dependencies

Although it has nothing to do with popularity, it’s something to consider when choosing packages. How many dependencies does the package use? If you’re concerned about the overall weight of your application, choosing packages that have fewer dependencies will often reduce the overall size of your application. You can check how large any package on NPM is by entering its name into www.bundlephobia.com.

Open issues

The NPM website lists open issues for some packages, and while the number alone isn’t a bad thing (a more popular package is likely to have more issues), you can click through to the issue tracker and see how old the issues are, and whether they are being answered by maintainers.

When in doubt, do an internet search for your problem domain plus npm packages and see what others are using. NPM has hundreds of thousands of packages to choose from, but the most popular packages account for a small fraction of that. Choosing a popular package is typically a safe bet, because there are likely more examples of its use available and other people who have asked questions and had them answered already.

The npm CLI tool

Now that you understand what the NPM registry is and how it helps us, let’s look at how we interact with the registry using the npm CLI tool. If you’ve ever worked with Node.js before, or even a modern JavaScript frontend application, you’ve likely had to run a command like npm install during setup to install dependencies for an application.

When people talk about NPM in the context of installing dependencies or developing an application, they’re typically referring to the npm command line application, which is the default package manager that comes bundled with Node.js. When you install Node.js, the npm CLI is installed by default. If you have Node.js installed, you should already have npm. This handy tool is our client for interacting with, and installing packages from, the NPM registry.

In short, the npm CLI helps you install and manage the dependencies for your Node.js project. It is responsible for fetching packages from the NPM registry and installing them into the proper place in your project, your node_modules folder. When installing new dependencies, the npm CLI will also update your project’s package.json file, which keeps a record of all dependencies your application will need to run.

Because the NPM registry is hosted online, with all the packages you want to download from it, the npm CLI requires an internet connection to install packages. Keep that in mind when trying to develop somewhere without an internet connection!

As an example, let’s say you want to use the Express Node.js package in your application. To install the latest version of Express, you would run the following:

Terminal window
npm install express

You will see npm begin downloading the package, and in the background the package will be installed to your node_modules/ folder in your project root. The package name and installed version number will be added to the dependencies field in your package.json.

However, before you can install or manage dependencies, your application needs to have a package.json file. Your package.json file is where dependencies and other important metadata are recorded. Happily, the CLI can help you create one. Learn more about creating a package.json with npm init.

A typical package.json might look like this after installing Express like above:

    {
        "name": "my-server",
        "version": "1.0.0",
        "description": "This is my server",
        "main": "index.js",
        "scripts": {
      "test": "echo \"Error: no test specified\" && exit 1",
            "start": "node index.js"
        },
        "dependencies": {
            "express": "^4.16.4"
        }
    }

Once a package has been installed to your node_modules folder, it is then able to be loaded in your code, using require.

Example:

const express = require('express')
//... use express package

Yarn vs npm

The npm CLI is not the only package manager for Node.js. There is another very popular tool called yarn which also interacts with the NPM registry. Yarn is an another open source JavaScript package manager. Many people prefer using yarn over npm, perhaps because it was created to address certain shortcomings of the npm CLI.

However, the differences between yarn and npm are outside the scope of this tutorial. Yarn works very similarly to npm, so most of what you can learn about how npm works transfers over to yarn. It is a personal preference at the end of the day (or perhaps a decision your team makes for you) but we will focus on using the default npm CLI.

More uses for the CLI

The npm CLI is useful beyond managing dependencies. The npm CLI is with us during all stages of our project. It helps us create, run, manage, and share Node.js packages and apps.

It can be used to install global executables, start your project, kickoff a build process, or share your code by publishing it to the NPM registry.

We can create npm scripts that take repetitive tasks and automate them so they can run them with a single command. This lets us check in to version control our commonly run commands like running a development server, running a linter, watching files, and running tests.

Learn about using npm to write shell command scripts that are stored in your package.json.

Important npm CLI commands to learn

Your most common command will certainly be npm install, but it’s important to know what else npm makes available to you for managing dependencies.

npm, Inc. the company

npm, Inc. is the company that runs the NPM registry. NPM began as an open source project created in 2009 by Isaac Schlueter. Since then, NPM has grown substantially as Node.js and JavaScript began to eat the world. In 2014 Isaac Schlueter founded npm, Incorporated, a company created around continuing to offer the NPM registry as a free service even as the resources required to maintain the registry continue to grow.

Note: Since this was first published, npm, Inc has been acquired by Github.

The company’s main product offers the ability to publish private packages to the NPM registry, for use internally by companies, teams, and enterprise businesses. Beyond npm, Inc.’s paid accounts, NPM is still free to use, and you aren’t required to create an account to download public packages from the registry.

The NPM registry is a critical part of the JavaScript ecosystem, and it’s important to understand who is in charge of that ecosystem. Currently, that is npm, Inc., as they control the registry and make decisions about the future of NPM.

Recap

NPM is the ecosystem of packages available to JavaScript and Node.js developers. You can interact with NPM in a few different ways. The heart of the ecosystem is the NPM software registry, where packages are listed and available for download. The npmjs.com website is a convenient way to browse and research packages to use in your applications. Once you’ve selected a package, you will use the npm CLI tool to install the package into your application. The npm CLI is a useful tool for managing your application’s dependencies, and much more. npm, Inc. is the company that maintains the NPM registry, and offers paid private accounts.

Alternatives exist to the default npm CLI app, such as yarn, but ultimately they both do similar things: install and manage dependencies.

NPM makes your life as a Node.js developer easier, by making available hundreds of thousands of packages you can reuse in your code, speeding up development and preventing you from reinventing the wheel. Understanding what NPM is and its role in the Node.js ecosystem is an important part of learning to work with Node.js.

Further your understanding

Additional resources