NPM
See NPM package for details on creation and publishing with TypeScript, Rollup, Vitest, and Changesets
NPM Basics
Initialize NPM Project
npm init
Install Package
npm install <package-name>
npm i <package-name>
Install Package as Dev Dependency
npm install <package-name> --save-dev
npm i <package-name> -D
Uninstall Package
npm uninstall <package-name>
Show Outdated Packages
npm outdated
Update Package
Note: This will update to the latest version according to the versioning rules in package.json. To update to the absolute latest version, you may need to modify the version specifier in package.json first.
npm update <package-name>
Semantic versioning
| Specifier | Example | What it Allows (Range) | Updates to | Use For |
|---|---|---|---|---|
| ^ (Caret) | ^1.2.3 | >=1.2.3 <2.0.0 | Minor and Patch | General use, new features |
| ~ (Tilde) | ~1.2.3 | >=1.2.3 <1.3.0 | Patch only | Stability-critical bug fixes |
| None | 1.2.3 | 1.2.3 | Exact version only | Maximum stability, critical production |
List Installed Packages
npm list
Show Global Packages
npm list -g --depth=0
Run Script from package.json
npm run <script-name>
Run script from bash
npx <script-name>
Audit for Vulnerabilities
npm audit
Fix Vulnerabilities
npm audit fix
npm audit fix --force
View Package Info
npm view <package-name>
Package.json Key Fields
Specs for package.json file used by NPM to manage project metadata and dependencies can be found at the NPM Package.json Docs.
You can create a package.json file by running npm init in your project directory.
Common Fields to Update
These fields are typically manually updated to reflect the project information for a general web project.
| Field | Type | Description |
|---|---|---|
| name | String | Name of the package |
| version | SemVer String | Version of the package |
| description | String | Short description of the package |
| license | String | License type for the package |
| homepage | String | URL of the project homepage |
| scripts | Object with Script keys | Scripts that can be run using npm run <name> |
| private | Boolean | If true, prevents publishing the package |
| repository | Object {type, url} | Repository URL and type |
| keywords | Array[] of Strings | Keywords for package discovery |
| author | Object {name, email, url} | Author of the package |
Fields Managed with NPM commands
This fields are typically managed automatically by NPM commands like npm install, npm uninstall, and npm update
| Field | Type | Description |
|---|---|---|
| dependencies | Object keys package-name:semver | Runtime dependencies |
| devDependencies | Object keys package-name:semver | Development dependencies |
Example Web Project package.json
{
"name": "name-app",
"version": "0.0.7",
"description": "name-app description",
"license": "MIT",
"homepage": "https://pennockprojects.com/projects/jamstart",
"scripts": {
"custom": "echo 'custom script running'"
},
"private": true,
"repository": {
"type": "git",
"url": "git+https://github.com/PennockProjects/jamstart.git"
},
"author": {
"name": "John Pennock",
"email": "info@pennockprojects.com",
"url": "https://pennockprojects.com"
},
"keywords": [
"example",
"npm",
"package.json"
],
}