Complete reference guide for Node.js Package Manager (npm) with 60+ essential commands, syntax, and practical examples
Initialize a new Node.js project and create a package.json file
# Interactive initialization
npm init
# Quick initialization with defaults
npm init -y
# Create with specific scope
npm init --scope=@myorgInstall packages and dependencies from package.json or specific packages
# Install all dependencies from package.json
npm install
# Install a specific package
npm install express
# Install as dev dependency
npm install --save-dev jest
# Install specific version
npm install lodash@4.17.21
# Install globally
npm install -g npmRemove installed packages from node_modules and package.json
# Uninstall a package
npm uninstall express
# Uninstall globally
npm uninstall -g typescript
# Uninstall and remove from package.json
npm uninstall --save lodashUpdate packages to their latest versions based on semver ranges
# Update all packages
npm update
# Update specific package
npm update express
# Update globally installed packages
npm update -gCheck for outdated packages and show their current, wanted, and latest versions
# Show outdated packages
npm outdated
# Show outdated global packages
npm outdated -g
# JSON output format
npm outdated --jsonScan project dependencies for security vulnerabilities
# Run security audit
npm audit
# Get detailed report
npm audit --json
# Fix vulnerabilities automatically
npm audit fix
# Fix including breaking changes
npm audit fix --forceDisplay funding information for installed packages
# Show funding info
npm fund
# JSON output
npm fund --jsonRemove extraneous packages not listed in package.json
# Remove unused packages
npm prune
# Also remove devDependencies
npm prune --productionClean install of dependencies (faster, for CI/CD environments)
# Clean install from package-lock.json
npm ci
# Skip optional dependencies
npm ci --no-optionalRun the start script defined in package.json
# Run start script
npm start
# With arguments
npm start -- --port=3000Run the test script defined in package.json
# Run tests
npm test
# Run specific test file
npm test -- user.test.js
# Watch mode
npm test -- --watchExecute custom scripts defined in package.json
# List all available scripts
npm run
# Run custom script
npm run build
# Run with arguments
npm run build -- --productionAlternative syntax to run scripts (same as npm run)
# Run script with explicit command
npm run-script dev
# Silent mode (suppress output)
npm run-script build --silentExecute packages without installing them globally
# Run package binary
npx create-react-app my-app
# Run specific version
npx cowsay@1.5.0 "Hello"
# Run local package binary
npx eslint .
# Force use of npm packages
npx --no-install rimraf distRun the stop script defined in package.json
# Run stop script
npm stopRestart a package (runs stop, restart, and start scripts)
# Restart application
npm restartPublish a package to the npm registry
# Publish package
npm publish
# Publish with tag
npm publish --tag beta
# Publish scoped package as public
npm publish --access public
# Dry run (see what would be published)
npm publish --dry-runCreate a tarball from a package for distribution
# Create tarball
npm pack
# Pack specific package
npm pack lodash
# Dry run
npm pack --dry-runAuthenticate to the npm registry
# Login to npm
npm login
# Login to specific registry
npm login --registry=https://registry.npmjs.org
# Login with scope
npm login --scope=@myorgLog out from the npm registry
# Logout
npm logout
# Logout from specific registry
npm logout --registry=https://registry.npmjs.orgBump package version following semver conventions
# Patch version (1.0.0 -> 1.0.1)
npm version patch
# Minor version (1.0.0 -> 1.1.0)
npm version minor
# Major version (1.0.0 -> 2.0.0)
npm version major
# Specific version
npm version 1.2.3
# Prerelease version
npm version prerelease --preid=betaMark a package version as deprecated
# Deprecate specific version
npm deprecate my-package@1.0.0 "Use version 2.0 instead"
# Deprecate all versions
npm deprecate my-package "Package is no longer maintained"Remove a package from the npm registry (use with caution)
# Unpublish specific version
npm unpublish my-package@1.0.0
# Unpublish entire package (within 72 hours)
npm unpublish my-package --forceManage distribution tags for published packages
# Add a tag
npm dist-tag add my-package@1.2.3 beta
# Remove a tag
npm dist-tag rm my-package beta
# List tags
npm dist-tag ls my-packageList installed packages in a tree structure
# List all packages
npm list
# List top-level packages only
npm list --depth=0
# List globally installed packages
npm list -g --depth=0
# List specific package
npm list express
# JSON output
npm list --jsonView package information from the registry
# View package info
npm view express
# View specific field
npm view express version
# View all versions
npm view express versions
# View dependencies
npm view express dependenciesSearch for packages in the npm registry
# Search for packages
npm search websocket
# Limit results
npm search react --limit=10
# Search with JSON output
npm search lodash --jsonDisplay detailed information about a package (alias for npm view)
# Get package info
npm info lodash
# Get specific version info
npm info lodash@4.17.21
# JSON format
npm info express --jsonOpen package documentation in browser
# Open docs
npm docs express
# Open docs for specific version
npm docs lodash@4.17.21Open package repository page in browser
# Open repository
npm repo react
# Open repo for specific package
npm repo @angular/coreOpen package issues page in browser
# Open issues page
npm bugs webpack
# View bugs for specific package
npm bugs typescriptExplain why a package is installed and show its dependency path
# Explain why package is installed
npm explain lodash
# JSON output
npm explain express --jsonManage npm configuration settings
# List all config settings
npm config list
# List with defaults
npm config ls -l
# Edit config in editor
npm config edit
# Delete config key
npm config delete keySet configuration values
# Set registry
npm set registry https://registry.npmjs.org/
# Set init defaults
npm set init.author.name "John Doe"
npm set init.author.email "john@example.com"
# Set strict SSL
npm set strict-ssl falseRetrieve configuration values
# Get specific config value
npm get registry
# Get init author name
npm get init.author.name
# Get all config (same as npm config list)
npm getConfiguration file for npm settings (per-project, per-user, or global)
# Example .npmrc file content
registry=https://registry.npmjs.org/
@myorg:registry=https://npm.myorg.com/
save-exact=true
package-lock=true
init.author.name=John Doe
init.license=MITDisplay npm prefix (local or global installation directory)
# Get local prefix
npm prefix
# Get global prefix
npm prefix -gDisplay npm root directory (node_modules location)
# Get local root
npm root
# Get global root
npm root -gDisplay directory for executable binaries
# Get local bin directory
npm bin
# Get global bin directory
npm bin -gManage npm's local cache directory
# Verify cache integrity
npm cache verify
# Show cache location
npm cache dir
# Add to cache
npm cache add expressClear npm's local cache (use when troubleshooting)
# Clean cache (requires --force)
npm cache clean --force
# Verify after cleaning
npm cache verifyConfigure and manage npm registry settings
# Get current registry
npm config get registry
# Set registry
npm config set registry https://registry.npmjs.org/
# Set scoped registry
npm config set @myorg:registry https://npm.myorg.com/
# Use registry for single command
npm install express --registry=https://registry.npmjs.org/Test connection to npm registry
# Ping default registry
npm ping
# Ping specific registry
npm ping --registry=https://registry.npmjs.org/Run commands in a specific workspace
# Run command in workspace
npm run build --workspace=package-a
# Install in specific workspace
npm install lodash --workspace=package-b
# Run test in workspace
npm test --workspace=package-aRun commands across multiple workspaces
# Run in all workspaces
npm run build --workspaces
# Install in all workspaces
npm install --workspaces
# Run if present (skip if script doesn't exist)
npm run test --workspaces --if-present
# List all workspaces
npm ls --workspacesSet up workspaces in package.json
// Root package.json
{
"name": "my-monorepo",
"workspaces": [
"packages/*",
"apps/*"
]
}Automatically fix security vulnerabilities
# Fix vulnerabilities
npm audit fix
# Fix including breaking changes
npm audit fix --force
# Dry run to see what would change
npm audit fix --dry-run
# Only audit production dependencies
npm audit --productionManage authentication tokens
# List tokens
npm token list
# Create new token
npm token create
# Create read-only token
npm token create --read-only
# Revoke token
npm token revoke <token-id>Set package access level and manage permissions
# Make package public
npm access public my-package
# Make package restricted
npm access restricted my-package
# Grant access to user
npm access grant read-write myorg:team my-package
# Revoke access
npm access revoke myorg:team my-package
# List collaborators
npm access ls-collaborators my-packageCheck npm environment for common issues
# Run health check
npm doctorShorthand commands for faster typing
# npm install
npm i
npm i express
# npm install --save-dev
npm i -D jest
# npm install --global
npm i -g typescript
# npm uninstall
npm un express
npm rm express
# npm list
npm ls
npm ls --depth=0
# npm test
npm t
# npm run
npm run buildCombine flags and aliases for efficiency
# Install and save exact version
npm i -E lodash
# Install dev dependency with exact version
npm i -D -E jest
# Install multiple packages
npm i express body-parser cors
# Uninstall multiple packages
npm un lodash moment axios
# List globally with depth 0
npm ls -g --depth=0Abbreviated flags for common options
# -S, --save (default in npm 5+)
npm i -S express
# -D, --save-dev
npm i -D eslint
# -O, --save-optional
npm i -O fsevents
# -E, --save-exact
npm i -E react@18.2.0
# -g, --global
npm i -g npm
# -f, --force
npm i -f
# -y, --yes
npm init -y