This NPM Cheat Sheet is a concise reference guide designed to help developers navigate the complexities of Node Package Manager (NPM) with ease. It covers a wide array of commands for package management, installation, updating, and more, providing quick access to essential NPM functionalities. Whether you're a beginner or an experienced developer, this cheat sheet is a valuable tool for optimizing your workflow and enhancing project efficiency.
NPM Commands
Package management
| Command | Description |
|---|---|
npm i |
Alias for npm install |
npm install |
Install everything in package.json |
npm install --production |
Install everything in package.json, except devDependecies |
| --- | --- |
npm install lodash |
Install a package |
npm install --save-dev lodash |
Install as devDependency |
npm install --save-exact lodash |
Install with exact |
| --- | --- |
npm version 1.2.3 |
Bump the package version to 1.2.3 |
npm version major |
Bump the major package version by 1 (1.2.3 → 2.0.0) |
npm version minor |
Bump the minor package version by 1 (1.2.3 → 1.3.0) |
npm version patch |
Bump the patch package version by 1 (1.2.3 → 1.2.4) |
--save is the default as of npm@5. Previously, using npm install without --save doesn't update package.json.
Install names
| Command | Description |
|---|---|
npm i sax |
NPM package |
npm i sax@latest |
Specify tag latest |
npm i [email protected] |
Specify version 3.0.0 |
npm i sax@">=1 <2.0" |
Specify version range |
| --- | --- |
npm i @org/sax |
Scoped NPM package |
| --- | --- |
npm i user/repo |
GitHub |
npm i user/repo#master |
GitHub |
npm i github:user/repo |
GitHub |
npm i gitlab:user/repo |
GitLab |
| --- | --- |
npm i /path/to/repo |
Absolute path |
npm i ./archive.tgz |
Tarball |
npm i https://site.com/archive.tgz |
Tarball via HTTP |
Listing
| Command | Description |
|---|---|
npm list |
Lists the installed versions of all dependencies in this software |
npm list -g --depth 0 |
Lists the installed versions of all globally installed packages |
npm view |
Lists the latest versions of all dependencies in this software |
npm outdated |
Lists only the dependencies in this software which are outdated |
Updating
| Command | Description |
|---|---|
npm update |
Update production packages |
npm update --dev |
Update dev packages |
npm update -g |
Update global packages |
| --- | --- |
npm update lodash |
Update a package |
Removing
| Command | Description |
|---|---|
npm rm lodash |
Remove package production packages |
Misc features
# Add someone as an owner
npm owner add USERNAME PACKAGENAME# list packages
npm ls# Adds warning to those that install a package of old versions
npm deprecate PACKAGE@"< 0.2.0" "critical bug fixed in v0.2.0"# update all packages, or selected packages
npm update [-g] PACKAGE# Check for outdated packages
npm outdated [PACKAGE]Useful Tips and Links
NPM Tips
Navigating the Node Package Manager (NPM) can significantly enhance your development workflow and project management. Here are some tips to help you get the most out of NPM:
-
Use NPM Scripts: Take advantage of NPM scripts in your
package.jsonto automate common tasks like build, test, and start. Scripts can simplify complex commands and make your workflow more efficient. -
Lock Your Dependencies: Use
package-lock.jsonornpm shrinkwrapto lock your dependencies. This ensures that your project remains consistent across installations by fixing the versions of your packages and their dependencies. -
Explore NPM Audit: Security is paramount. Regularly run
npm auditto scan your project for vulnerabilities and apply updates or patches as recommended. Keeping your dependencies secure can prevent a multitude of issues down the line. -
Leverage
npx:npxcomes with NPM (5.2.0 and higher) and allows you to run packages without installing them globally. This is especially useful for running packages that are seldom used or testing different versions of a package. -
Understand Semantic Versioning: NPM uses semantic versioning (semver) to manage package versions. Understanding how version numbers affect your dependencies (major, minor, and patch versions) can help you manage updates more effectively.
-
Keep NPM Updated: Ensure that you are using the latest version of NPM. New versions often come with performance improvements, new features, and security patches.
-
Utilize NPM CI for Consistent Installs: When deploying your application, use
npm ciinstead ofnpm installto install dependencies. This command is faster and usespackage-lock.jsonto ensure that you get consistent installations across environments.
NPM Useful Links
Here are some resources that can help you deepen your understanding of NPM and stay updated with the latest practices:
-
NPM Documentation: The official NPM documentation is a comprehensive resource that covers all the commands, configurations, and functionalities of NPM.
-
Node.js Guides: These guides cover a wide range of topics including getting started with Node.js and understanding its core features, which are crucial for effective NPM use.
-
NPM Blog: The NPM blog is a great place to learn about new features, updates, and best practices. It also covers topics on security, development workflows, and community contributions.
-
SemVer.org: As semantic versioning is vital for package management, this website provides a detailed specification of semver. Understanding it can help you manage package versions more effectively.
-
NPM Weekly: Subscribe to NPM Weekly to get the latest news, tips, and insights directly to your inbox.
-
NPM GitHub Issues: The GitHub issues page for NPM is a place to report bugs, request features, and track the development progress of NPM itself.
-
Stack Overflow: A great community resource for troubleshooting. If you encounter an issue, there's a good chance someone else has faced it and found a solution.
Incorporating these tips and resources into your development practices can enhance your proficiency with NPM, leading to more efficient project management and a better understanding of the Node.js ecosystem.