npm in JavaScript: A Beginner’s Guide to the Node Package Manager
Modern JavaScript development rarely happens without external libraries.
Whether you are building a backend with Node.js or a frontend project with React, npm plays a central role in managing dependencies.
In this tutorial, you’ll learn:
what npm is
why npm is important
how
package.jsonworkscommon npm commands
dependency types
best practices
Let’s start from the beginning.
What Is npm?
npm (Node Package Manager) is:
the default package manager for Node.js
an online registry of JavaScript packages
a command-line tool to manage those packages
When you install Node.js, npm is installed automatically.
Why npm Is Important
Without npm:
you would manually download libraries
version management would be difficult
project setup would be slow
With npm:
dependencies install in seconds
versions are managed automatically
projects are reproducible
What Is a Package?
A package is a folder containing:
JavaScript code
a
package.jsonfileoptional documentation
Packages can be:
utilities
frameworks
libraries
CLI tools
Initializing a Project with npm
To start using npm in a project:
npm init
This creates a package.json file.
Quick setup:
npm init -y
Understanding package.json
package.json is the heart of a Node.js project.
Example:
{
"name": "my-app",
"version": "1.0.0",
"main": "index.js",
"scripts": {
"start": "node index.js"
},
"dependencies": {}
}
Installing Packages
Installing a Package Locally
npm install lodash
This:
downloads the package
creates a
node_modulesfolderupdates
package.json
Usage:
const _ = require("lodash");
Installing a Package Globally
npm install -g nodemon
Global packages are usually CLI tools.
Dependencies vs DevDependencies
dependencies
Used in production.
npm install express
devDependencies
Used only during development.
npm install --save-dev nodemon
Example use cases:
testing libraries
build tools
linters
Understanding node_modules
Contains all installed packages
Can be very large
Should never be committed to Git
Use .gitignore:
node_modules/
package-lock.json Explained
package-lock.json:
locks exact dependency versions
ensures consistent installs
improves security
Always commit this file.
npm Scripts
Scripts automate common tasks.
Example:
"scripts": {
"start": "node index.js",
"dev": "nodemon index.js"
}
Run scripts:
npm run dev
Updating Packages
Update all packages:
npm update
Check outdated packages:
npm outdated
Removing Packages
npm uninstall lodash
This removes:
package
entry from
package.json
Semantic Versioning (SemVer)
Versions follow this format:
MAJOR.MINOR.PATCH
Example:
^1.2.3
^allows minor updates~allows patch updates
Common npm Mistakes
❌ Deleting package-lock.json
This can break consistency.
❌ Installing everything globally
Most packages should be local.
❌ Committing node_modules
Always ignore it.
npm vs Yarn vs pnpm
| Feature | npm | Yarn | pnpm |
| Default with Node | Yes | No | No |
| Speed | Good | Faster | Fastest |
| Disk usage | High | Medium | Low |
Best Practices
Always commit
package.jsonandpackage-lock.jsonUse
npm init -yfor quick setupPrefer local installs
Keep dependencies minimal
Audit packages regularly
Mental Model
npm is your project’s dependency manager and task runner.
Conclusion
Understanding npm is essential for every JavaScript developer.
Once you master npm, you can:
set up projects faster
manage libraries confidently
collaborate smoothly
It’s a foundational skill before learning frameworks like React or backend tools like Express.