npm is the package manager for the JavaScript ecosystem, primarily used with Node.js.
Core role
npm manages dependencies for JavaScript projects. It allows you to:
- Install third-party libraries
- Version and lock those libraries
- Publish and distribute your own packages
- Define and run project-specific commands
Conceptually, it plays the same role that pip plays in Python.
Key components
1. Package registry
A public registry containing millions of packages, each identified by a name and version. Packages typically expose reusable code, tooling, or frameworks.
2. CLI tool
The npm command-line interface is installed automatically with Node.js.
Common commands:
npm init— create apackage.jsonnpm install <package>— add a dependencynpm install— install all declared dependenciesnpm run <script>— execute a project script
3. package.json
A manifest file that defines:
- Project metadata
- Dependencies and version ranges
- Scripts (custom commands)
- Configuration hints for tools
Example:
{
"name": "example-project",
"version": "1.0.0",
"dependencies": {
"lodash": "^4.17.21"
},
"scripts": {
"build": "node build.js"
}
}4. Lock file
package-lock.json records the exact dependency versions installed, ensuring reproducible builds across machines and environments.
Dependency types
- dependencies — runtime requirements
- devDependencies — build, test, lint tooling
- peerDependencies — compatibility contracts (common in libraries)
Versioning follows semantic versioning: .
Typical use cases
- Frontend frameworks (React, Vue, Svelte)
- Backend services (Express, Fastify)
- Build tools (Vite, Webpack, ESLint, Prettier)
- Data tooling and CLIs
Relation to alternatives
- yarn and pnpm are alternative package managers that use the same registry but differ in performance and dependency resolution strategy.
- npm remains the default and most widely supported.
Mental model
Think of npm as:
A reproducible dependency graph manager + task runner for JavaScript projects.
If useful, I can next:
- Contrast npm with
pipin terms of dependency resolution - Walk through a minimal Node.js project structure
- Explain lockfiles and semver edge cases in detail