In this article, we will explore what NPM is, how it works, and why it is so essential within the Node.js ecosystem.
What is NPM?
NPM also provides a Registry, which is a central database of packages that are available for use. It contains over 1.3 million packages, making it the world’s largest ecosystem of open-source libraries. These packages can include anything from utility libraries and frameworks to complete applications.
Through NPM, developers can install packages from the Registry into their projects with a single command. They can also specify which packages their project depends on, and NPM will automatically install these dependencies. This makes it easy for developers to incorporate code from other developers into their projects and helps to avoid duplication of effort.
What is the NPM ecosystem?
The NPM Ecosystem refers to the entire network of packages, developers, and tools that make up the Node.js community; it includes the Registry, the CLI tool, and services like npmjs.com, the website that provides access to the Registry and documentation for packages.
Its ecosystem is a vibrant and active community, with thousands of developers contributing packages to the Registry. Many of these packages are open source, meaning their source code is available for anyone to view and use. This encourages collaboration and sharing within the community and helps to drive innovation and progress.
For example, the CLI tool provides several commands for working with packages, including installing, updating, and uninstalling packages.
Other tools, like npm-shrinkwrap and npm-bundle, help developers lock down the exact versions of packages their projects depend on, ensuring that their projects are stable and reproducible.
Important NPM CLI commands
The npm install command will install all the dependencies/packages specified in the current directory’s package.json file.
By specifying a package name, we shall be able to add that package as a dependency and install it in our project as well:
npm install <my-package>
npm install <package-name> will install the latest package version with the ^ version sign.
An npm install within the context of an npm project will download packages into the project’s
node_modules directory according to package.json specifications, upgrading the package version (and in turn regenerating
package-lock.json) wherever it can be based on
~ version matching.
You can specify a global flag (
-g) if you want to install a package in the global context, which you can use anywhere across your machine (this is common for command-line tooling packages like live-server).
While npm install allows us to install a module or a package, the npm uninstall command will enable us to do the exact opposite: uninstall a package.
The command can be run as such:
npm uninstall <package-name>
With the massive number of packages that have been published and can easily be installed, npm packages are susceptible to bad authors with malicious intentions like these.
Realizing there was an issue in the ecosystem, the npm.js organization came up with the idea of npm audit. They maintain a list of security loopholes that developers can audit their dependencies against using the
npm audit command.
npm audit gives developers information about the vulnerabilities and whether there’re versions with remediations to upgrade to.
Sending a package to our npmjs.com fulfillment center is easy as we only need to run npm publish. The tricky part, which is not specific to npm package authors, is determining the package version.
The rule of thumb, according to semver.org:
- MAJOR version when you make incompatible API changes,
- MINOR version when you add functionality in a backwards-compatible manner, and
- PATCH version when you make backwards-compatible bug fixes.
It’s even more important to follow the above rule when publishing your packages to ensure that you’re not breaking anyone’s code, as the default version matching in npm is
^ (aka the next minor version).
In conclusion, NPM is crucial for any developer working with Node.js.
It allows you to share and reuse code easily, manage dependencies, and access the vast community of packages and developers within the NPM ecosystem.
Understanding how NPM works and how to use it effectively is essential to being a successful Node.js developer.
I hope you’ve enjoyed this article and you’ve now got a better understanding of what NPM is, what we use it for, as well as what are its most common commands.
Feel free to let me know your thoughts by leaving a comment below.