Awesome npm resources and tips
npm is a package manager for the JavaScript programming language and comes bundled in the Node.js runtime.
Please read the contribution guidelines before contributing.
- Small focused modules
- Unix philosophy and Node.js - Write programs that do one thing and do it well.
- Writing small modules
- Semver: A Primer (Must read!)
- Semver: Tilde and Caret
- Offline installation of npm packages
- Task automation with npm run
- How to use npm as a build tool
- Install npm packages globally without sudo on macOS and Linux
- Optimizing the footprint of an npm package
- The Art of Node - An introduction to Node.js and client-side development with npm.
- Why npm scripts? - An introduction to npm scripts with common packages and scripts, as well as a boilerplate project.
- npms - Superb package search with deep analysis of package quality using a myriad of metrics.
- npm-introspect - A npms-based utility for visually exploring the quality of package dependencies.
- npmsearch - Fast package search with ranking based on metrics like stars, dependents, release frequency, etc.
- node-modules - Personalized package search based on your GitHub social graph.
- NodeICO - Package badges.
- Libraries.io - Package discovery.
- npm-stat - Statistics charts for packages.
- npmgraph - Visualization of dependencies.
- npm trends - Compare package download counts over time.
- npm-compare - Easily search and compare packages.
- npm-top - npm users by downloads.
- npm semver calculator - Visually explore what versions of a package a semver range matches.
- npm-stats - Displays metrics about packages.
- ghub.io - Redirects to the GitHub repo of an npm package.
- npm addict - Your daily injection of npm packages.
- Octo-Linker - Chrome extension to navigate across npm packages on GitHub with ease.
- npm-hub - Chrome extension to explore npm dependencies on GitHub repos.
- github-npm-stats - View npm download stats on GitHub.
- npm-search-update - Chrome extension to quickly search for dependencies and monitor changes from the npm registry.
- zsh-better-npm-completion - Better ZSH completion for npm.
- npkill - Easily find and remove old and heavy node_modules folders.
- np - A better
npm publish
. - publish-please - Publish packages safely and gracefully.
- npm-release - Making releasing to npm so easy a kitten could probably do it™.
- pkgfiles - List all files which would be published in a package.
- release-it - Automate releases for Git repositories and/or npm packages. Changelog generation, GitHub/GitLab releases, etc.
- semantic-release - Fully automated package publishing.
- npm-name - Check whether a package name is available on npm.
- package-json - Get the package.json of a package from the npm registry.
- latest-version - Get the latest version of an npm package.
- npm-keyword - Get a list of npm packages with a certain keyword.
- npm-user - Get user info of an npm user.
- npm-email - Get the email of an npm user.
- npm-user-packages - Get packages by an npm user.
- dpn - Get the dependents of a user's npm packages.
- npm-stats - Get data from an npm registry.
- npm-cli-login - Log in to npm.
- nrm - Registry manager.
- npm-register - Easy to set up and maintain npm registry and proxy.
- verdaccio - Lightweight private npm proxy registry.
- cloudsmith - A fully managed package management SaaS with support for public and private npm registries (and many others).
- npm-home - Open the npm page of a package.
- gh-home - Open the GitHub page of a package.
- david - Check if your package dependencies are out of date.
- npm-check - Check for outdated, incorrect, and unused dependencies, as well as interactive update.
- npm-upgrade - Update outdated npm dependencies interactively.
- npm-shrinkwrap - A consistent shrinkwrap tool.
- npm-windows-upgrade - Upgrade npm on Windows.
- generator-nm - Scaffold out an npm package.
- pkg-up - Find the closest package.json file.
- read-pkg-up - Read the closest package.json file.
- normalize-package-data - Normalize package metadata.
- pkg-conf - Get namespaced config from the closest package.json.
- npm-run-path - Run locally installed binaries in the terminal by name like with global ones.
- local-npm - Use npm offline.
- npe - CLI for inspecting and editing properties in package.json.
- engine-deps - Manage Node.js version specific dependencies with ease.
- enpeem-search - Search packages by scraping the npm web search.
- npm-issues - Search known issues of all your packages at once.
- john - Make npm3's flat dependencies easier to find and sort.
- ntl - Interactive CLI menu to list & run npm tasks.
- decheck - Explore dependencies of npm packages in the command-line.
- shrinkpack - Lock down your dependencies and install offline.
- redrun - Expand scripts from package.json to improve execution speed.
- package-size - Get the bundle size of an npm package.
- synp - Convert yarn.lock to package-lock.json and vice versa.
- npm-run-all - CLI tool to run multiple npm-scripts in parallel or serial.
- onchange - Watch files and folders and run a command when something changed.
- cli-error-notifier - Sends native desktop notifications when npm scripts fail.
- luna - App to manage npm dependencies.
- emma-cli - Interactive CLI package search utility.
- lockfile-lint - Lint lockfiles for improved security and trust policies to mitigate malicious package injection and insecure lockfile resources.
- yarn - Fast, reliable, and secure dependency management.
- npm - The official client.
- pnpm - Fast, disk space efficient package manager.
$ npm install --global npm
npm i
→npm install
npm i -D
→npm install --save-dev
npm t
→npm test
npm it
→npm install && npm test
npm r
→npm uninstall
Speed up your common npm tasks.
In your .zshrc
/.bashrc
:
alias ni='npm install'
alias nid='npm install --save-dev'
alias nig='npm install --global'
alias nt='npm test'
alias nit='npm install && npm test'
alias nk='npm link'
alias nr='npm run'
alias ns='npm start'
alias nf='npm cache clean && rm -rf node_modules && npm install'
alias nlg='npm list --global --depth=0'
By default npm adds packages you install to the dependencies
field in package.json (since v5). You can prevent this by specifying the --no-save
flag. You can add a package to devDependencies
with --save-dev
/-D
:
$ npm install --save-dev ava
You can easily run scripts using npm by adding them to the "scripts"
field in package.json and run them with npm run <script-name>
. Run npm run
to see available scripts. Binaries of locally install packages are made available in the PATH, so you can run them by name.
{
"name": "awesome-package",
"scripts": {
"cat": "cat-names"
},
"dependencies": {
"cat-names": "^1.0.0"
}
}
$ npm run cat
Max
All package.json properties are exposed as environment variables:
{
"name": "awesome-package",
"scripts": {
"name": "echo $npm_package_name"
}
}
$ npm run name
awesome-package
You can pass options to the command you are using in your npm script by adding -- --flag
like in the example below. The --
marks the end of options parsing, so npm run
will just ignore it and pass it to the command.
{
"name": "awesome-package",
"scripts": {
"xo": "xo",
"xo:fix": "npm run xo -- --fix",
}
}
Adding the -- --fix
option is like executing xo --fix
.
npm run
has a --silent
option which is especially useful when combining npm scripts.
Imagine you have a setup for linting your JavaScript files like the following:
{
"name": "awesome-package",
"scripts": {
"xo": "xo",
"xo:fix": "npm run xo --silent -- --fix",
}
}
Using the --silent
option reduces the output in the terminal. See this comparison.
npm comes with predefined lifecyle scripts which are excuted under specific conditions if they are defined in your package.json.
{
"name": "awesome-package",
"scripts": {
"prepublishOnly": "nsp check"
},
"devDependencies": {
"nsp": "^3.0.0"
}
}
This will be executed automatically before your npm package is published to the registry via npm publish
to check for known vulnerabilties in your dependencies.
Note: prepublishOnly is available since npm v4.0.0. See npm docs.
npm start
and npm test
are also lifecycle scripts but are not executed automatically.
{
"name": "awesome-package",
"scripts": {
"start": "node server.js",
"test": "ava"
},
"devDependencies": {
"ava": "^1.0.0"
}
}
Therefore they can be executed simply with:
$ npm test
$ npm start
These are special lifecycle scripts which can be used to run scripts automatically in sequence.
{
"name": "awesome-package",
"scripts": {
"pretest": "eslint .",
"test": "ava"
},
"devDependencies": {
"eslint": "^4.19.0",
"ava": "^1.0.0"
}
}
$ npm test
This will lint your files before running your tests. The tests will not run if linting fails. Or more generally spoken: the following script won’t be executed if one of the scripts running in sequence exits with an exit code other than 0.
Note: pre
and post
scripts can also be used for your custom npm scripts. So npm run foo
will also run prefoo
and postfoo
if defined.
npm
comes bundled with npx
(Since v5.2.0) — a tool to execute package binaries. Each command is executed either from the local node_modules/.bin
directory, or from a central cache, installing any packages needed in order for <command>
to run.
{
"name": "awesome-package",
"dependencies": {
"cat-names": "^1.0.0"
}
}
If the binary is already installed, it will be executed from node_modules/.bin
.
$ npx cat-names
Max
But if the binary is missing, it will be installed first.
$ npx dog-names
npx: installed 46 in 3.136s
Bentley
With npx
(Comes bundled with npm v5.2.0 or newer) and the node-bin
package, you can easily try out code in different Node.js versions without having to use a version manager like nvm
, nave
, or n
.
$ npx [email protected] -- node --version
v6.11.0
Sometimes it can be useful to have a local version of a package as a dependency. You can use npm link
to link one local package into another. Run npm link
in the package you want to use. This creates a global reference. Then go into your original package and run npm link <package-name>
to link in the other package.
$ cd rainbow
$ npm link
$ cd ../unicorn
$ npm link rainbow
You can now use rainbow
as a dependency in the unicorn
package.
npm supports using a shorthand for installing a package directly from a GitHub repo:
$ npm install sindresorhus/chalk
Let's target a specific commit as master is a moving target:
$ npm install 'sindresorhus/chalk#51b8f32'
Specify either a commit SHA, branch, tag, or nothing.
You can also install Git dependencies with semver: (Requires npm v5 or newer)
$ npm install 'sindresorhus/chalk#semver:^2.0.0'
$ npm install [email protected]
$ npm ls --depth=0
Get help docs for a command:
$ npm help <command>
Example:
$ npm help install
Quickly get a standalone version of a package that is browserified and usable in the browser.
https://wzrd.in/standalone/<package-name>[@<version>]
Examples:
Great for prototyping, but download the file or use Browserify yourself for production.
- Check in node_modules vs. shrinkwrap
- What is the difference between Bower and npm?
- What does
^
mean in package.json versioning? - Find the version of an installed npm package
- What's the difference between dependencies, devDependencies, and peerDependencies in package.json?