100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace

npm & Yarn Cheat Sheet

npm & Yarn Cheat Sheet

Covers installing and managing packages, package.json scripts, semantic versioning ranges, lockfiles, and key npm versus Yarn command differences.

2 PagesBeginnerMar 5, 2026

Installing & Managing Packages

Core install commands for npm and Yarn.

bash
# npmnpm install                 # install all deps from package.jsonnpm install lodash           # add a dependencynpm install -D typescript    # add a devDependencynpm uninstall lodashnpm update                   # update within each package's semver rangenpm ci                       # clean install from lockfile (CI-safe)# yarn (classic v1)yarn installyarn add lodashyarn add -D typescriptyarn remove lodashyarn upgrade

package.json Scripts

Defining and running custom scripts.

bash
npm run dev        # explicit "run" needed for custom script namesnpm start           # shorthand for the "start" scriptnpm test            # shorthand for the "test" scriptyarn dev            # yarn omits "run" for any script nameyarn build

Semver Ranges & Version Bumps

Dependency version ranges and release tagging.

javascript
// package.json dependency ranges"lodash": "4.17.21"   // exact version"lodash": "^4.17.21"  // compatible with 4.x.x (minor/patch updates)"lodash": "~4.17.21"  // patch-level updates only (4.17.x)"lodash": "*"          // any version (avoid in production)

Key Commands & npm vs Yarn

Lockfiles and notable command differences.

  • package-lock.json / yarn.lock- locks exact resolved versions for reproducible installs across machines
  • npm ci- faster, strict install used in CI; fails if the lockfile is out of sync with package.json
  • npx <pkg>- runs a package's binary without installing it globally
  • npm link- symlinks a local package for local development and testing
  • workspaces- both npm (7+) and Yarn support monorepo workspaces declared via a workspaces field in package.json
  • yarn dlx <pkg>- Yarn Berry's equivalent of npx for one-off binary execution
Pro Tip

Commit your lockfile and always run npm ci (not npm install) in CI: it enforces exact reproducibility and fails fast if package.json and the lockfile have drifted apart, instead of silently resolving new versions.

Was this cheat sheet helpful?

Explore Topics

#NpmYarn#NpmYarnCheatSheet#WebDevelopment#Beginner#InstallingManagingPackages#PackageJsonScripts#Semver#Ranges#CheatSheet#SkillVeris
Advertisement
Sri Hayavadhana Info-Tech

Professional Web Designing Services

  • Responsive Websites
  • E-commerce Solutions
  • SEO Friendly Design
  • Fast & Secure
  • Support & Maintenance
Get a Free Quote

Share this Cheat Sheet