npm cheat sheet

Npm cheat sheet. Explore our ultimate quick reference for npm.

This NPM Cheat Sheet is a concise reference guide designed to help developers navigate the complexities of Node Package Manager (NPM) with ease. It covers a wide array of commands for package management, installation, updating, and more, providing quick access to essential NPM functionalities. Whether you're a beginner or an experienced developer, this cheat sheet is a valuable tool for optimizing your workflow and enhancing project efficiency.

NPM Commands

Package management

Command Description
npm i Alias for npm install
npm install Install everything in package.json
npm install --production Install everything in package.json, except devDependecies
--- ---
npm install lodash Install a package
npm install --save-dev lodash Install as devDependency
npm install --save-exact lodash Install with exact
--- ---
npm version 1.2.3 Bump the package version to 1.2.3
npm version major Bump the major package version by 1 (1.2.3 → 2.0.0)
npm version minor Bump the minor package version by 1 (1.2.3 → 1.3.0)
npm version patch Bump the patch package version by 1 (1.2.3 → 1.2.4)

--save is the default as of npm@5. Previously, using npm install without --save doesn't update package.json.

Install names

Command Description
npm i sax NPM package
npm i sax@latest Specify tag latest
npm i [email protected] Specify version 3.0.0
npm i sax@">=1 <2.0" Specify version range
--- ---
npm i @org/sax Scoped NPM package
--- ---
npm i user/repo GitHub
npm i user/repo#master GitHub
npm i github:user/repo GitHub
npm i gitlab:user/repo GitLab
--- ---
npm i /path/to/repo Absolute path
npm i ./archive.tgz Tarball
npm i Tarball via HTTP


Command Description
npm list Lists the installed versions of all dependencies in this software
npm list -g --depth 0 Lists the installed versions of all globally installed packages
npm view Lists the latest versions of all dependencies in this software
npm outdated Lists only the dependencies in this software which are outdated


Command Description
npm update Update production packages
npm update --dev Update dev packages
npm update -g Update global packages
--- ---
npm update lodash Update a package


Command Description
npm rm lodash Remove package production packages

Misc features

# Add someone as an owner
# list packages
npm ls
# Adds warning to those that install a package of old versions
npm deprecate PACKAGE@"< 0.2.0" "critical bug fixed in v0.2.0"
# update all packages, or selected packages
npm update [-g] PACKAGE
# Check for outdated packages
npm outdated [PACKAGE]

NPM Tips

Navigating the Node Package Manager (NPM) can significantly enhance your development workflow and project management. Here are some tips to help you get the most out of NPM:

  1. Use NPM Scripts: Take advantage of NPM scripts in your package.json to automate common tasks like build, test, and start. Scripts can simplify complex commands and make your workflow more efficient.

  2. Lock Your Dependencies: Use package-lock.json or npm shrinkwrap to lock your dependencies. This ensures that your project remains consistent across installations by fixing the versions of your packages and their dependencies.

  3. Explore NPM Audit: Security is paramount. Regularly run npm audit to scan your project for vulnerabilities and apply updates or patches as recommended. Keeping your dependencies secure can prevent a multitude of issues down the line.

  4. Leverage npx: npx comes with NPM (5.2.0 and higher) and allows you to run packages without installing them globally. This is especially useful for running packages that are seldom used or testing different versions of a package.

  5. Understand Semantic Versioning: NPM uses semantic versioning (semver) to manage package versions. Understanding how version numbers affect your dependencies (major, minor, and patch versions) can help you manage updates more effectively.

  6. Keep NPM Updated: Ensure that you are using the latest version of NPM. New versions often come with performance improvements, new features, and security patches.

  7. Utilize NPM CI for Consistent Installs: When deploying your application, use npm ci instead of npm install to install dependencies. This command is faster and uses package-lock.json to ensure that you get consistent installations across environments.

Here are some resources that can help you deepen your understanding of NPM and stay updated with the latest practices:

  • NPM Documentation: The official NPM documentation is a comprehensive resource that covers all the commands, configurations, and functionalities of NPM.

  • Node.js Guides: These guides cover a wide range of topics including getting started with Node.js and understanding its core features, which are crucial for effective NPM use.

  • NPM Blog: The NPM blog is a great place to learn about new features, updates, and best practices. It also covers topics on security, development workflows, and community contributions.

  • As semantic versioning is vital for package management, this website provides a detailed specification of semver. Understanding it can help you manage package versions more effectively.

  • NPM Weekly: Subscribe to NPM Weekly to get the latest news, tips, and insights directly to your inbox.

  • NPM GitHub Issues: The GitHub issues page for NPM is a place to report bugs, request features, and track the development progress of NPM itself.

  • Stack Overflow: A great community resource for troubleshooting. If you encounter an issue, there's a good chance someone else has faced it and found a solution.

Incorporating these tips and resources into your development practices can enhance your proficiency with NPM, leading to more efficient project management and a better understanding of the Node.js ecosystem.