Security News
Combatting Alert Fatigue by Prioritizing Malicious Intent
In 2023, data breaches surged 78% from zero-day and supply chain attacks, but developers are still buried under alerts that are unable to prevent these threats.
The npm package 'npm' is the package manager for Node.js. It allows users to install, update, and manage dependencies for Node.js applications. It also provides tools for package discovery, publishing, and managing a local development environment.
Package Installation
Installs the 'express' package and its dependencies into the node_modules directory.
npm install express
Package Update
Updates the 'lodash' package to the latest version according to the versioning in package.json.
npm update lodash
Package Removal
Removes the 'moment' package from the node_modules directory and updates the package.json.
npm uninstall moment
Listing Installed Packages
Lists the top-level packages installed in the node_modules directory.
npm list --depth=0
Running Scripts
Runs the 'test' script specified in the package.json file.
npm run test
Publishing a Package
Publishes the current package to the npm registry, making it available for others to install.
npm publish
Yarn is a package manager that provides faster, more reliable, and more secure dependency management compared to npm. It uses a lockfile to ensure that the same package versions are installed across different environments.
pnpm is a fast, disk space efficient package manager that works by creating a single copy of a package version and linking it in the node_modules of every project that uses it. This approach saves disk space and improves installation speed compared to npm.
Bower is a package manager primarily for front-end web development. It manages components that contain HTML, CSS, JavaScript, fonts, or even image files. Bower is less commonly used now due to npm and Yarn's ability to handle front-end packages as well.
One of the following versions of Node.js must be installed to run npm
:
18.x.x
>= 18.17.0
20.5.0
or highernpm
comes bundled with node
, & most third-party distributions, by default. Officially supported downloads/distributions can be found at: nodejs.org/en/download
You can download & install npm
directly from npmjs.com using our custom install.sh
script:
curl -qL https://www.npmjs.com/install.sh | sh
If you're looking to manage multiple versions of Node.js
&/or npm
, consider using a node version manager
npm <command>
npm help-search <query>
npm
is configured to use the npm Public Registry at https://registry.npmjs.org by default; Usage of this registry is subject to Terms of Use available at https://npmjs.com/policies/termsnpm
to use any other compatible registry you prefer. You can read more about configuring third-party registries herenpm
should never be capitalized unless it is being displayed in a location that is customarily all-capitals (ex. titles on man
pages).
Contrary to popular belief, npm
is not in fact an acronym for "Node Package Manager"; It is a recursive bacronymic abbreviation for "npm is not an acronym" (if the project was named "ninaa", then it would be an acronym). The precursor to npm
was actually a bash utility named "pm", which was the shortform name of "pkgmakeinst" - a bash function that installed various things on various platforms. If npm
were to ever have been considered an acronym, it would be as "node pm" or, potentially "new pm".
10.5.2 (2024-04-10)
ef381b1
#7363 use @npmcli/redact for url cleaning (#7363) (@lukekarrys)3760dd2
#7361 perf: do less work loading config (#7361) (@wraithgar)64bcf4c
#7360 perf: only initialize workpaces when we are inside a workspace (#7360) (@H4ad)5a28a29
#7352 perf: lazy load workspace dependency (#7352) (@H4ad)5fc0f9d
#7347 lazy load validate npm package name on error message (#7347) (@H4ad)c929ed1
#7321 prioritize CLI flags over publishConfig settings (#7321) (@roni-berlin)70497cb
#7346 perf: avoid importing the entire semver package for update-notifier (#7346) (@H4ad)699a1de
#7362 @npmcli/map-workspaces@3.0.6
49fb9b7
#7362 socks@2.8.3
f69052e
#7362 @npmcli/package-json@5.0.2
c18a0ad
#7357 sigstore@2.3.0
fd4153b
#7357 socks@2.8.2
d6b705a
#7357 postcss-selector-parser@6.0.16
248c177
#7357 hasown@2.0.2
4af9e86
#7357 builtins@5.1.0
7546b56
#7357 @npmcli/agent@2.2.2
d38fd4f
#7357 spdx-expression-parse@4.0.0
913b326
#7357 is-cidr@5.0.5
84bbbd4
#7357 @npmcli/package-json@5.0.1
a0f5048
#7357 @npmcli/git@5.0.5
@npmcli/arborist@7.4.2
@npmcli/config@8.2.2
libnpmdiff@6.0.9
libnpmexec@7.0.10
libnpmfund@5.0.7
libnpmpack@6.0.9
FAQs
a package manager for JavaScript
The npm package npm receives a total of 4,936,086 weekly downloads. As such, npm popularity was classified as popular.
We found that npm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In 2023, data breaches surged 78% from zero-day and supply chain attacks, but developers are still buried under alerts that are unable to prevent these threats.
Security News
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
Security News
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.