Product
Introducing License Enforcement in Socket
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
The npm package 'npm' is the package manager for Node.js. It allows users to install, update, and manage dependencies for Node.js applications. It also provides tools for package discovery, publishing, and managing a local development environment.
Package Installation
Installs the 'express' package and its dependencies into the node_modules directory.
npm install express
Package Update
Updates the 'lodash' package to the latest version according to the versioning in package.json.
npm update lodash
Package Removal
Removes the 'moment' package from the node_modules directory and updates the package.json.
npm uninstall moment
Listing Installed Packages
Lists the top-level packages installed in the node_modules directory.
npm list --depth=0
Running Scripts
Runs the 'test' script specified in the package.json file.
npm run test
Publishing a Package
Publishes the current package to the npm registry, making it available for others to install.
npm publish
Yarn is a package manager that provides faster, more reliable, and more secure dependency management compared to npm. It uses a lockfile to ensure that the same package versions are installed across different environments.
pnpm is a fast, disk space efficient package manager that works by creating a single copy of a package version and linking it in the node_modules of every project that uses it. This approach saves disk space and improves installation speed compared to npm.
Bower is a package manager primarily for front-end web development. It manages components that contain HTML, CSS, JavaScript, fonts, or even image files. Bower is less commonly used now due to npm and Yarn's ability to handle front-end packages as well.
One of the following versions of Node.js must be installed to run npm
:
18.x.x
>= 18.17.0
20.5.0
or highernpm
comes bundled with node
, & most third-party distributions, by default. Officially supported downloads/distributions can be found at: nodejs.org/en/download
You can download & install npm
directly from npmjs.com using our custom install.sh
script:
curl -qL https://www.npmjs.com/install.sh | sh
If you're looking to manage multiple versions of Node.js
&/or npm
, consider using a node version manager
npm <command>
npm help-search <query>
npm
is configured to use the npm Public Registry at https://registry.npmjs.org by default; Usage of this registry is subject to Terms of Use available at https://npmjs.com/policies/termsnpm
to use any other compatible registry you prefer. You can read more about configuring third-party registries herenpm
should never be capitalized unless it is being displayed in a location that is customarily all-capitals (ex. titles on man
pages).
Contrary to popular belief, npm
is not in fact an acronym for "Node Package Manager"; It is a recursive bacronymic abbreviation for "npm is not an acronym" (if the project was named "ninaa", then it would be an acronym). The precursor to npm
was actually a bash utility named "pm", which was the shortform name of "pkgmakeinst" - a bash function that installed various things on various platforms. If npm
were to ever have been considered an acronym, it would be as "node pm" or, potentially "new pm".
10.9.0 (2024-10-03)
63d6a73
#7783 package.json: add brief section on exports, link to Node.js docs (#7783) (@wheresrhys)366c07e
#7776 remove incorrect note about npm install (#7776) (@wraithgar)60a7ee5
#7803 hoist npm-normalize-package-bin20dd44f
#7803 hoist minipass-fetch5795987
#7803 update proggy@3.0.0
99ccae3
#7803 update bin-links@5.0.0
75786ad
#7803 update @npmcli/query@4.0.0
1c25a1d
#7803 update @npmcli/node-gyp@4.0.0
2d7fc3d
#7803 update @npmcli/name-from-folder@3.0.0
1e09334
#7803 update @npmcli/metavuln-calculator@8.0.0
820e983
#7803 update @npmcli/installed-package-contents@3.0.0
9cd6603
#7803 update read-package-json-fast@4.0.0
b84d907
#7803 update @npmcli/git@6.0.1
53ed632
#7803 update write-file-atomic@6.0.0
ab40dab
#7803 update which@5.0.0
b1c4770
#7803 update validate-npm-package-name@6.0.0
8206c4f
#7803 update ssri@12.0.0
8b7dbc8
#7803 update read@4.0.0
f6909a0
#7803 update proc-log@5.0.0
f9b2e18
#7803 update parse-conflict-json@4.0.0
e7ab206
#7803 update pacote@19.0.0
b28dbb1
#7803 update npm-user-validate@3.0.0
d13a20b
#7803 update npm-registry-fetch@18.0.1
5208f74
#7803 update npm-profile@11.0.1
092f41f
#7803 update npm-pick-manifest@10.0.0
50a7bc8
#7803 update npm-package-arg@12.0.0
591130d
#7803 update npm-install-checks@7.1.0
be6ae96
#7803 update npm-audit-report@6.0.0
8d4060a
#7803 update normalize-package-data@7.0.0
105fa2b
#7803 update nopt@8.0.0
eae4f57
#7803 update make-fetch-happen@14.0.1
7214149
#7803 update json-parse-even-better-errors@4.0.0
c4bed31
#7803 update init-package-json@7.0.1
f54b155
#7803 update ini@5.0.0
6deae9e
#7803 update hosted-git-info@8.0.0
034c729
#7803 update cacache@19.0.1
ddb8be0
#7803 update abbrev@3.0.0
538a4cc
#7803 update @npmcli/run-script@9.0.1
b80d048
#7803 update @npmcli/redact@3.0.0
81137fc
#7803 update @npmcli/promise-spawn@8.0.1
2076368
#7803 update @npmcli/package-json@6.0.1
feac87c
#7803 update @npmcli/map-workspaces@4.0.1
dd90f9e
#7803 update @npmcli/fs@4.0.0
95e2cb1
#7810 ignore .github folder in release-please (@reggi)be1e6da
#7803 update minify-registry-metadata@4.0.0
(@reggi)43f2374
#7803 update ignore-walk@7.0.0
(@reggi)bb03036
#7803 update npm-packlist@9.0.0
(@reggi)2072705
#7803 update @npmcli/eslint-config@5.0.1
(@reggi)949d8f8
#7803 engine ^18.17.0 || >=20.5.0 in package template (@reggi)fefd509
#7764 deps: bump actions/download-artifact from 3 to 4 in /.github/workflows (#7764) (@dependabot[bot], @wraithgar)@npmcli/arborist@8.0.0
@npmcli/config@9.0.0
libnpmaccess@9.0.0
libnpmdiff@7.0.0
libnpmexec@9.0.0
libnpmfund@6.0.0
libnpmhook@11.0.0
libnpmorg@7.0.0
libnpmpack@8.0.0
libnpmpublish@10.0.0
libnpmsearch@8.0.0
libnpmteam@7.0.0
libnpmversion@7.0.0
FAQs
a package manager for JavaScript
The npm package npm receives a total of 5,656,886 weekly downloads. As such, npm popularity was classified as popular.
We found that npm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
Product
We're launching a new set of license analysis and compliance features for analyzing, managing, and complying with licenses across a range of supported languages and ecosystems.
Product
We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.