100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace
Node.js

npm and Package Management

Learn how npm manages dependencies, scripts, and versioning for Node.js projects via package.json.

Introduction to Node.jsBeginner9 min readJul 8, 2026
Analogies

Introduction

npm (Node Package Manager) is the default package manager bundled with Node.js. It lets developers install, share, and manage third-party libraries (packages) as well as run custom project scripts. Every Node.js project typically has a package.json file, which acts as the project's manifest — listing metadata, dependencies, and scripts. npm downloads packages from the public npm registry (registry.npmjs.org) or private registries and stores them in a local node_modules folder.

🏏

Cricket analogy: npm is like a cricket board's central kit supplier that every club orders equipment from, while a club's own package.json is the equipment manifest listing exactly what gear and drills (dependencies and scripts) the squad relies on, stored in the club's own storeroom (node_modules).

How It Works

Running npm init creates a package.json file interactively (or npm init -y to accept defaults). Installing a package with npm install <package> adds it to node_modules and records it under the dependencies field in package.json, along with an exact version recorded in package-lock.json for reproducible installs. Packages needed only during development (like testing tools or linters) are installed with npm install --save-dev <package> and listed under devDependencies.

🏏

Cricket analogy: npm init is like filling out a new club's registration form interactively (or accepting the default template with -y), while npm install <package> is signing a new player to the squad, recorded in the roster (dependencies) with their exact contract terms locked (package-lock.json); a part-time fitness coach used only in preseason is signed as devDependencies.

bash
npm init -y
npm install express
npm install --save-dev jest
npm uninstall lodash

Explanation

npm uses semantic versioning (semver): MAJOR.MINOR.PATCH (e.g. 4.18.2). A caret (^4.18.2) allows updates to any 4.x.x version but not 5.0.0, while a tilde (~4.18.2) allows only patch updates within 4.18.x. package-lock.json pins the exact resolved version tree so that every install produces identical results across machines. The scripts field in package.json defines shortcuts for common tasks, run via npm run <script-name>.

🏏

Cricket analogy: Semver (4.18.2) is like a squad's jersey numbering system: a caret (^4.18.2) allows any player rotation within division 4 but not a jump to division 5, while a tilde (~4.18.2) allows only minor lineup tweaks within 4.18.x, and the lock file pins the exact starting XI for every match.

Example

javascript
{
  "name": "my-app",
  "version": "1.0.0",
  "scripts": {
    "start": "node index.js",
    "test": "jest"
  },
  "dependencies": {
    "express": "^4.18.2"
  },
  "devDependencies": {
    "jest": "^29.7.0"
  }
}

Output

bash
$ npm run start
> my-app@1.0.0 start
> node index.js
Server running on port 3000

Key Takeaways

  • package.json is the manifest that lists dependencies, scripts, and project metadata.
  • package-lock.json pins exact dependency versions for reproducible installs.
  • dependencies are needed at runtime; devDependencies are only needed during development.
  • Semantic versioning (MAJOR.MINOR.PATCH) with ^ and ~ controls how loosely versions can update.
  • npm scripts (npm run <name>) provide reusable shortcuts for common project tasks.

Practice what you learned

Was this page helpful?

Topics covered

#NodeJs#NodeJsExpressStudyNotes#WebDevelopment#NpmAndPackageManagement#Npm#Package#Management#Works#StudyNotes#SkillVeris