Node.js: Understanding NPM

Posted by: Ravi Kiran , on 7/15/2015, in Category Node.js
Views: 20490
Abstract: NPM is a very rich and useful package manager and has gained a lot of popularity due to Node.js. This article gives you useful information to deal with NPM in your projects

One of the essential components of any development platform is package management. Every major platform has a package manager that stores all essential packages that are used by developers around the world, and developers consume these packages whenever they need. Package management increases code reusability, reduces duplication and also optimizes size of the files to be deployed, as the build servers can also use package managers to resolve the dependencies.

Note: If you are new to Node.js, please go through these articles to get a good understanding of Node.

Node.js Tutorial Series - Getting Started

Node.js Serving HTML pages and Static content

Using Node.js to build REST APIs

Node.js Module System


Node.js is a platform for building server applications using JavaScript. Node.js is not only used as a platform for building server applications, but also used as a tool in development lifecycle. Task runners like Grunt and Gulp make Node.js a tool that can be used with other platforms too. The Node.js Package Manager (NPM) plays an important role in both usages of Node.js.

NPM contains a huge number of packages contributed by the Node.js team, companies like Strongloop, Microsoft, and others and even independent open source developers. All public NPM packages are available on the global NPM registry. We can write our own packages and add them to the global package as well. NPM also has support for private package system.Otherwise, we can also setup our own private registry in our own domain and publish the packages there; these packages will remain private, as they won’t be accessible outside the domain.  

The required setup for NPM is installed along with Node.js. You can check the version of NPM installed using the following command:

> npm --version

If this command runs, be assured that NPM is installed on your machine.

Creating package.json file

The package.json file in any Node.js application holds the required configurations for the application and also contains the list of NPM packages that are required by the application. If you start a Node.js application with an empty folder, you can add the package.json file to the project using the following command:

> npm init

This command asks you for a set of inputs. Once you provide all the details, it shows a preview of the file and if you accept, it creates the package.json file with the details entered. Figure-1 shows an example of npm init:


Figure-1 npm init

Below is the content of the package.json file created after the above command has executed:

  "name": "NPMFundas",
  "version": "0.0.1",
  "description": "NPM Fundamentals",
  "main": "server.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  "keywords": [
  "author": "Ravi",
  "license": "ISC"

Some Directives of package.json file

The data written in the package.json file is consumed by the NPM registry, if the package is deployed there. It is important to fill data into the fields of this file to make it easy to search, to link to the documentation of the package, for branding of the author and for a number of other benefits. Following are some of the most important fields of this file:

  • name: This is a mandatory field. The package is registered with this name and the same name is used by the clients to install the package. Name cannot contain spaces, can’t start with an underscore or a period, can’t contain the words node or, js and can’t be same as a library module. It has to be unique. It also helps in searching the package in the registry
  • version: This is a mandatory field. It denotes version of the package. Default value assigned by npm init command is 0.0.0. Value of the version must be changed before every successive deployment to the registry
  • dependencies: List of packages required by the current package. The package uses these packages to achieve its functionality
  • devDependencies: List of packages required while developing the current package. They shouldn’t be used in the functionality of the package
  • optionalDependencies: List of packages that may be required by the package
  • engine: Version of node on which the package would run. If not specified, it would run on any version of node. e.g. “engine”: {“node”: “>0.10.3”}
  • engines: If you need to specify the version of NPM on which your package runs, you need to use the engines field e.g. “engines”: {“npm”: “1.4.8”}
  • scripts: You can use this field to create shortcuts for some of the commands that you use frequently. Once the command is registered here, it can be accessed using the “npm run” command.  e.g. “scripts”: { “serv”: “npm install && gulp server” }

Upon running the command “npm run serv”, it installs the packages and runs the gulp task serv.

To learn more about these directives or, the other directives of package.json file, you may visit the official documentation.

Installing Packages

To install NPM packages in an application, we use the command “npm install”. A command of following pattern installs the package to the application and doesn’t save it to the package.json file:

> npm install <package-name>@<version-number>

Example: npm install express@4.13.0

Here, the package name can be name of a package from NPM registry, a remote git URL (can be on any git based repository), path of a local folder or, path of a .tar file (file path or web URL). Version number is an optional parameter. If version is not specified, it installs the latest version of the package.

Upon running this command, the package gets installed and the files of the package are saved inside node_modules folder. The entry of the package is not added to package.json file. To get the entry added, we need to specify the --save flag in this command.

The save flag has following four variations:

1. --save: Adds an entry of the package to dependencies section of package.json

2. --save-dev: Adds an entry of the package to devDependencies section of package.json

3. --save-optional: Adds an entry of the package to optionalDependencies section of package.json

4. --save-exact: Adds entry of the package with exact version number, it doesn’t prepend the version number with ^ or ~

Installing, Updating and Uninstalling Packages in an existing Repository

If you joined a team that is already working on a Node.js based project and you cloned the repository to your system, the first thing that you need to do before starting work is, installing packages. To make the setup process of the project smoother, the projects should contain the package.json file. If you have this file in the project, you just need to run the command “npm install” to get all dependencies installed.

Out of the list of packages currently installed in the app, if you need to update a package, here is the command for it:

> npm update <package-name>

If you want to save the updated version number, you need to specify the --save flag that suits your requirement.

Similarly, if an existing package has to be uninstalled and the change has to be saved in the package.json file, we need to run the uninstall npm uninstall command.

> npm uninstall <package-name> --save

The command npm rm can also be used to remove the package from the repository. The above command can be re-written using rm as:

> npm rm <package-name> --save

Global Packages

NPM packages like bower, grunt, gulp and several others have to be executed globally to be able to run them from command prompt from any location. The only difference between the command to install a package locally and globally, is the flag (-g) for installing globally. Following command installs grunt command line interface globally:

> npm install –g grunt-cli

These packages can be updated and removed using the same set of commands that we discussed in the previous section, we need to pass the flag to indicate that the package is global.

> npm update –g grunt-cli
> npm uninstall –g grunt-cli

Dependencies of dependencies

Every package in turn may be dependent on other packages. These packages are installed inside folder of the package. Out of these packages, the packages specified in devDependencies and optionalDependencies sections are not installed while installing the package. The packages specified in the dependencies section are considered essential for the package and they are installed inside the folder.

A few more Useful NPM Commands

  • npm search: To search for packages in the registry. It lists all the packages that match the search criteria and shows description of the package from its package.json file.
    • e.g. npm search underscore
  • npm pack: Creates tarball of a package. If name of an installable package is passed in, it fetches the tarball of that package to the current folder. Of no package is specified, it created a tarball out of contents of the current folder.
    • e.g. npm pack underscore and npm pack
  • npm view: Shows data about the package. Data includes all details of the package including list of contributors, dependencies, last commit ID license and a number of others. We can also choose to view details of a particular property. Eg:
    • npm view underscore //Shows all details of the underscore package
    • npm view underscore repository //Shows path of the got repository
  • npm owner: Shows names and e-mail IDs of the owners of the package. eg:
    • npm owner ls underscore
  • npm publish: Publishes a package to the registry so that the package can be re-used. By default, it stores the package in the global registry. If your company has a private NPM registry, you can override the behavior by setting the default registry to the local registry.

List of all commands can be found under CLI Commands section of the official documentation page on NPM’s site.


NPM is a very rich and useful package manager. A huge number of packages are already available there and new packages are added quite frequently. The importance of NPM is increasing these days because of the popularity of Node.js environment. I hope this post makes you confident enough in dealing with NPM in your projects.

This article has been editorially reviewed by Suprotim Agarwal.

Absolutely Awesome Book on C# and .NET

C# and .NET have been around for a very long time, but their constant growth means there’s always more to learn.

We at DotNetCurry are very excited to announce The Absolutely Awesome Book on C# and .NET. This is a 500 pages concise technical eBook available in PDF, ePub (iPad), and Mobi (Kindle).

Organized around concepts, this Book aims to provide a concise, yet solid foundation in C# and .NET, covering C# 6.0, C# 7.0 and .NET Core, with chapters on the latest .NET Core 3.0, .NET Standard and C# 8.0 (final release) too. Use these concepts to deepen your existing knowledge of C# and .NET, to have a solid grasp of the latest in C# and .NET OR to crack your next .NET Interview.

Click here to Explore the Table of Contents or Download Sample Chapters!

What Others Are Reading!
Was this article worth reading? Share it with fellow developers too. Thanks!
Share on LinkedIn
Share on Google+

Rabi Kiran (a.k.a. Ravi Kiran) is a developer working on Microsoft Technologies at Hyderabad. These days, he is spending his time on JavaScript frameworks like AngularJS, latest updates to JavaScript in ES6 and ES7, Web Components, Node.js and also on several Microsoft technologies including ASP.NET 5, SignalR and C#. He is an active blogger, an author at SitePoint and at DotNetCurry. He is rewarded with Microsoft MVP (Visual Studio and Dev Tools) and DZone MVB awards for his contribution to the community

Page copy protected against web site content infringement 	by Copyscape

Feedback - Leave us some adulation, criticism and everything in between!