Introduction
npm (Node Package Manager) is the default package manager bundled with Node.js. It lets developers install, share, and manage third-party libraries (packages) as well as run custom project scripts. Every Node.js project typically has a package.json file, which acts as the project's manifest — listing metadata, dependencies, and scripts. npm downloads packages from the public npm registry (registry.npmjs.org) or private registries and stores them in a local node_modules folder.
Cricket analogy: npm is like a cricket board's central kit supplier that every club orders equipment from, while a club's own package.json is the equipment manifest listing exactly what gear and drills (dependencies and scripts) the squad relies on, stored in the club's own storeroom (node_modules).
How It Works
Running npm init creates a package.json file interactively (or npm init -y to accept defaults). Installing a package with npm install <package> adds it to node_modules and records it under the dependencies field in package.json, along with an exact version recorded in package-lock.json for reproducible installs. Packages needed only during development (like testing tools or linters) are installed with npm install --save-dev <package> and listed under devDependencies.
Cricket analogy: npm init is like filling out a new club's registration form interactively (or accepting the default template with -y), while npm install <package> is signing a new player to the squad, recorded in the roster (dependencies) with their exact contract terms locked (package-lock.json); a part-time fitness coach used only in preseason is signed as devDependencies.
npm init -y
npm install express
npm install --save-dev jest
npm uninstall lodashExplanation
npm uses semantic versioning (semver): MAJOR.MINOR.PATCH (e.g. 4.18.2). A caret (^4.18.2) allows updates to any 4.x.x version but not 5.0.0, while a tilde (~4.18.2) allows only patch updates within 4.18.x. package-lock.json pins the exact resolved version tree so that every install produces identical results across machines. The scripts field in package.json defines shortcuts for common tasks, run via npm run <script-name>.
Cricket analogy: Semver (4.18.2) is like a squad's jersey numbering system: a caret (^4.18.2) allows any player rotation within division 4 but not a jump to division 5, while a tilde (~4.18.2) allows only minor lineup tweaks within 4.18.x, and the lock file pins the exact starting XI for every match.
Example
{
"name": "my-app",
"version": "1.0.0",
"scripts": {
"start": "node index.js",
"test": "jest"
},
"dependencies": {
"express": "^4.18.2"
},
"devDependencies": {
"jest": "^29.7.0"
}
}Output
$ npm run start
> my-app@1.0.0 start
> node index.js
Server running on port 3000Key Takeaways
- package.json is the manifest that lists dependencies, scripts, and project metadata.
- package-lock.json pins exact dependency versions for reproducible installs.
- dependencies are needed at runtime; devDependencies are only needed during development.
- Semantic versioning (MAJOR.MINOR.PATCH) with ^ and ~ controls how loosely versions can update.
- npm scripts (npm run <name>) provide reusable shortcuts for common project tasks.
Practice what you learned
1. What is the purpose of package.json in a Node.js project?
2. What does package-lock.json guarantee?
3. Which command installs a package only as a development dependency?
4. In semantic versioning, what does the caret (^) prefix in ^4.18.2 allow?
Was this page helpful?
You May Also Like
Introduction to Node.js
Learn what Node.js is, why it exists, and how it lets JavaScript run outside the browser on servers.
Setting Up a Node.js Environment
Install Node.js, choose an LTS version, and configure a basic project structure ready for development.
Environment Variables and Configuration
Learn how to manage configuration and secrets in Node.js apps using environment variables and dotenv.
Related Reading
Related Study Notes in Web Development
Browse all study notesWebSockets Study Notes
Web Development · 30 topics
Web DevelopmentWebAssembly Study Notes
WebAssembly · 30 topics
Web DevelopmentgRPC Study Notes
Protocol Buffers · 30 topics
Web DevelopmentSpring Boot Study Notes
Java · 30 topics
Web DevelopmentFlask Study Notes
Python · 30 topics
Web DevelopmentDjango Study Notes
Python · 30 topics