NPM and package.json

What is NPM?

NPM (Node Package Manager) is the default package manager for Node.js. It’s the world’s largest software registry with over 2 million packages.

NPM Commands

Installation

# Install package locally
npm install express

# Install globally
npm install -g nodemon

# Install as dev dependency
npm install --save-dev jest

# Install specific version
npm install express@4.18.0

# Install all dependencies
npm install

Package Management

# Update packages
npm update

# Remove package
npm uninstall express

# List installed packages
npm list

# Check outdated packages
npm outdated

# Audit for vulnerabilities
npm audit
npm audit fix

Scripts

# Run script
npm start
npm test
npm run dev

# Run with arguments
npm run build -- --production

package.json

The package.json file contains metadata about your project and its dependencies.

Basic Structure

{
  "name": "my-app",
  "version": "1.0.0",
  "description": "My Node.js application",
  "main": "index.js",
  "scripts": {
    "start": "node index.js",
    "dev": "nodemon index.js",
    "test": "jest",
    "build": "webpack --mode production"
  },
  "keywords": ["nodejs", "express"],
  "author": "Your Name",
  "license": "MIT",
  "dependencies": {
    "express": "^4.18.0",
    "mongoose": "^6.0.0"
  },
  "devDependencies": {
    "nodemon": "^2.0.0",
    "jest": "^29.0.0"
  }
}

Key Fields

name

{
  "name": "my-package"
}

version

{
  "version": "1.0.0"
}

scripts

{
  "scripts": {
    "start": "node server.js",
    "dev": "nodemon server.js",
    "test": "jest --coverage",
    "lint": "eslint .",
    "build": "webpack"
  }
}

dependencies

{
  "dependencies": {
    "express": "^4.18.0",
    "dotenv": "^16.0.0"
  }
}

devDependencies

{
  "devDependencies": {
    "nodemon": "^2.0.0",
    "jest": "^29.0.0",
    "eslint": "^8.0.0"
  }
}

Semantic Versioning

MAJOR.MINOR.PATCH
  ^     ^     ^
  |     |     |
  |     |     └─ Bug fixes
  |     └─────── New features (backward compatible)
  └───────────── Breaking changes

Version Ranges

{
  "dependencies": {
    "express": "4.18.0",      // Exact version
    "mongoose": "^6.0.0",     // Compatible (6.x.x)
    "lodash": "~4.17.0",      // Approximately (4.17.x)
    "axios": "*",             // Any version (not recommended)
    "moment": ">=2.29.0",     // Greater than or equal
    "react": "18.x"           // Any 18.x version
  }
}

package-lock.json

Locks exact versions of dependencies for consistent installs.

{
  "name": "my-app",
  "version": "1.0.0",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "node_modules/express": {
      "version": "4.18.2",
      "resolved": "https://registry.npmjs.org/express/-/express-4.18.2.tgz",
      "integrity": "sha512-..."
    }
  }
}

NPM Scripts

Common Scripts

{
  "scripts": {
    "start": "node server.js",
    "dev": "nodemon server.js",
    "test": "jest",
    "test:watch": "jest --watch",
    "lint": "eslint .",
    "lint:fix": "eslint . --fix",
    "build": "webpack --mode production",
    "clean": "rm -rf dist",
    "prebuild": "npm run clean",
    "postbuild": "echo 'Build complete'"
  }
}

Pre and Post Hooks

{
  "scripts": {
    "pretest": "npm run lint",
    "test": "jest",
    "posttest": "npm run coverage"
  }
}

.npmrc Configuration

# .npmrc
registry=https://registry.npmjs.org/
save-exact=true
engine-strict=true

Creating a Package

Initialize

npm init
npm init -y  # Skip questions

Publish

# Login
npm login

# Publish
npm publish

# Publish with tag
npm publish --tag beta

NPM vs Yarn vs PNPM

Best Practices

1. Use package-lock.json for consistent installs
2. Specify exact versions for critical dependencies
3. Audit regularly for security vulnerabilities
4. Use .npmignore to exclude files from package
5. Keep dependencies updated but test thoroughly
6. Use semantic versioning properly

Interview Tips

• Explain NPM purpose: Package manager for Node.js
• Describe package.json: Project metadata and dependencies
• Show semantic versioning: MAJOR.MINOR.PATCH
• Discuss version ranges: ^, ~, exact versions
• Mention package-lock.json: Locks dependency versions
• Show common commands: install, update, audit
• Explain scripts: Custom commands in package.json

Summary

NPM is Node.js’s package manager for installing and managing dependencies. package.json defines project metadata, dependencies, and scripts. package-lock.json ensures consistent installs. Use semantic versioning for dependency management and npm scripts for automation.