What is Node.js?
What is Java’s runtime?
What is .NET’s runtime?
What is npm?
It's a way to reuse code from other developers, and also a way to share your code with them, and it makes it easy to manage the different versions of code.
- Share code
- Created to solve particular problems
- Reuse shared code in their own applications
- Check if author made updates to shared code
- Download those updates
- Shared Code
- Called package, module, or dependency (library)
- Directory of one or more files (including package.json which lists shared code it depends on)
- Packages often small
- Follows Unix philosophy of small building blocks that “do one thing well”
This command installs a package and any packages that it depends on.
npm install typescript --global
Replace --global with –g to save typing
Global Packages Location
Where do global packages get installed on a computer. Run the following command to see:
npm get prefix
%USERPROFILE%\AppData\Roaming\npm\node_modules(Windows 7, 8, and 10)
%USERPROFILE%\Application Data\npm\node_modules(Windows XP)
The Problem with Global Installs?
Question: What could be the problem with installing all your packages globally?
Answer: ProjectA and ProjectB need different versions of dependency (shared code).
npm init #creates package.json
npm install typescript --save-dev #saves in package.json
#creates node_modules directory
#installs the shared code in subdirectory (node_modules/typescript)
tsc -v #fails because can't find package
node_modules/.bin/tsc -v #outputs version info
npm install underscore --save
// or just
npm install underscore
+ "underscore": "~1.9.1"
npm install jest --save-dev
+ "jest": "~24.9.0",
- If you were starting with a package
1.0.4, this is how you would specify the ranges: -Patch releases:
- Minor releases:
^1.0.4-Major releases: * or x |
- Minor releases:
- To better understand play with the semantic versioning calculator.
Package Current Wanted Latest Location
react-scripts 3.1.1 3.1.1 3.1.2 my-app
npm install npm-check -g
npx npm-check -u
Uninstall a global dependency
npm uninstall create-react-app -g
Uninstall a local dependency
npm uninstall underscore --save
- In an ideal world, the same package.json should produce the exact same node_modules tree, at any time
- In some cases, this is indeed true. But in many others, npm is unable to do this
- To reliably produce the exact node_modules tree, package-lock.json was created.
Broken package.json scenarios
- A dependency of one of your dependencies may have published a new version, which will update even if you used pinned dependency specifiers (1.2.3 instead of ^1.2.3)
- Different versions of npm (or other package managers) may have been used to install a package, each using slightly different installation algorithms.
- A new version of a direct semver-range package may have been published since the last time your packages were installed, and thus a newer version will be used.
- The registry you installed from is no longer available, or allows mutation of versions (unlike the primary npm registry), and a different version of a package exists under the same version number now.
Npm's scripts directive can do everything that these build tools can, more succinctly, more elegantly, with less package dependencies and less maintenance overhead.
Your First Script
"start": "react-scripts start",
"build": "react-scripts build",
"test": "react-scripts test",
"eject": "react-scripts eject",
+ "hi": "echo hello world"
npm run hi
npmjs.com. The main areas they wanted to improve were:
- Caches packages on client
- Parallelizes operations
- Guarantee that an install that worked on one system will work exactly the same way on any other system
- Introduced lockfile
- Uses checksums to verify the integrity of every installed package
- Saves dependencies locally if
package.jsonexists in directory even if you don't set the command line flag
npm vs. Yarn
Since the introduction of
npm now has:
- significantly improved performance
- introduced a lock file to improve reliability
- saves dependencies without
npmclient is more popular and commonly used (because it is included with
Install via npm
To install Yarn through the npm package manager run the command:
If you already have Node.js installed then you should already have npm.
Once you have npm installed you can run:
npm install --global yarn
Note: Installation of Yarn via npm is generally not recommended. When installing Yarn with Node-based package managers, the package is not signed, and the only integrity check performed is a basic SHA1 hash, which is a security risk when installing system-wide apps.
For these reasons, it is highly recommended that you install Yarn through the installation method best suited to your operating system.
curl -o- -L https://yarnpkg.com/install.sh | bash
Installs in the directory ~/.yarn
To show hidden files on macOS: CMD + SHIFT + .
Here are some of the most common commands you'll need.
Starting a new project
Adding a dependency
yarn add [package]
yarn add [package]@[version]
yarn add [package]@[tag]
Adding a dependency to different categories of dependencies
yarn add [package] --dev
yarn add [package] --peer
yarn add [package] --optional
Upgrading a dependency
yarn upgrade [package]
yarn upgrade [package]@[version]
yarn upgrade [package]@[tag]
Removing a dependency
yarn remove [package]
Installing all the dependencies of project