Prakash Blog's

"Getting Started with NPM: A Beginner's Guide to Package Management"

"Getting Started with NPM: A Beginner's Guide to Package Management"

Mastering npm: Unleashing the Power of Package Management

Prakash Kumar's photo
Prakash Kumar
·

10 min read

Table of contents

Introduction

As a developer, you've probably come across NPM, the Node Package Manager. While it's a well-known tool in the development world, you may still be unsure of its purpose and how it's used. In this blog post, I'll provide a comprehensive overview of NPM, covering its key concepts such as dependencies, packages.json, and the distinctions between global and local NPM. By the end of this post, you'll have a clear understanding of what NPM is and why it's an essential tool for many developers.

Before starting with npm, Let’s Understand what scenario’s before npm and how npm resolved them in real-world application management.

Let’s start with an organization it is creating a new product, which required them to write a lot of JavaScript code. At the time, there was no central repository for JavaScript packages, so They had to rely on manually downloading and including code from various sources.

One day, A Developer needed to use a library for parsing JSON data. He found a package that looked promising on a blog post and downloaded the source code. However, he quickly discovered that the package was not well-maintained, and had several bugs that caused his code to crash. He spent several hours debugging the issue and trying to find a better library.

Meanwhile, Another Developer was working on a different part of the product that required him to work with dates and times. He found a package that looked like it would do the job and included it in his code. However, he soon discovered that the package had a dependency on another package, which had a different version of a library that was already included in the project. This caused a conflict, and He spent several hours trying to resolve the issue.

So, these developers waste more of their time finding libraries for the product and even if they find the right packages that had a dependency on another package. May cause an error to resolve it.

To End the problem of developers a concept was introduced called “Package management”.

After reading this story you may wonder of some words, what is packages, dependencies and JSON. Don’t worry by the end of this blog you everything about it.

What is exactly package management?

Package managers are used to efficiently manage dependencies in your project. It is a developer tool used to find, download, install, configure, update, and remove packages, along with their dependencies, for your projects.

Using a package manager can save you time and effort by providing pre-built solutions to problems that have already been solved. It also helps prevent errors related to dependencies and version conflicts, ensuring that your project runs smoothly and without any hiccups. In short, a package manager is an essential tool for any developer looking to streamline their development process.

Let’s come to the Dependencies

What are Dependencies?

A dependency is a software component that is needed by another software component to function properly.

For example, if one library requires a specific version of another library to work correctly, the dependency manager will ensure that the correct version is installed, preventing any compatibility issues.

After Knowing the use and benefits of package manager and dependencies you might use it in your project.

Before that, You want to know, How the packages are created and collected into the npm. Let's understand it first.

What is Package Registry?

We already know about package manager and its use. then what is a Package registry? what’s the relationship with the package manager?

In a package manager, such as npm, packages are downloaded and upgraded. You might wonder where these packages are downloaded from and how they are created by different developers and collected in npm.

This is where the package registry comes into play. The package registry is simply a central repository that collects npm packages from different developers, making them available for other developers to use and collaborate on maintaining specific projects.

The package registry serves as a collaborative platform, allowing developers to share their packages and others to use them to make benefits of it.

How to use NPM?

First thing first install Node.js on your machine. Visit Node.js official website to download the latest version. While installing Node.js, automatically NPM is also installed on your machine.

To check the Node version on your machine.

node -v

To check the NPM version on your machine.

npm -v

To start using NPM, you first need to create a new project or navigate to an existing project directory in your terminal. Once there, you can use the npm init command to initialize a new package.json file for your project. This file will contain important information about your project, such as its name, version, and dependencies. You can then use the npm install command to install any packages or libraries that your project requires, which will be downloaded from the NPM registry and saved to the node_modules directory in your project. From there, you can import and use these packages in your code as needed.

After reading this you may have doubts about what package.json and node_modules Let's see in the next section.

What is node_module?

Node_modules is a directory that is automatically created when you run the npm install command in your project directory. It's where NPM places all the packages it downloads locally for your project.

Inside the node_modules directory, you'll find a separate directory for each package that has been installed. These directories contain all of the files and code necessary for that package to function properly, including any additional dependencies it may have.

For example, let's say you installed the express package for your Node.js project. After running npm install express, you would find a directory called express inside your node_modules directory. This directory would contain all of the code, files, and dependencies necessary for the express package to function properly.

What Exactly package.json file?

The package.json file is a file that contains important information about an NPM package, such as its name, version, description, author, license, and dependencies. This file serves as a blueprint or plan for NPM to manage the package and its dependencies.

Here's an example package.json file:

{
  "name": "my-package",
  "version": "1.0.0",
  "description": "A simple NPM package",
  "main": "index.js",
  "scripts": {
    "start": "node index.js"
  },
  "author": "John Doe",
  "license": "MIT",
  "dependencies": {
    "express": "^4.17.1",
    "lodash": "^4.17.21"
  }
}

In this example, the package.json file includes the following properties:

  • name: The name of the package.

  • version: The version number of the package.

  • description: A brief description of the package.

  • main: The entry point for the package (i.e. the file that will be executed when someone uses the package).

  • scripts: A set of scripts that can be run using npm run <script-name> (e.g. npm run start will run the start script, which in this case runs the node index.js command).

  • author: The name of the package's author.

  • license: The license under which the package is distributed.

  • dependencies: The list of packages that the current package depends on (in this case, express and lodash). The ^ symbol before each version number indicates that the package manager can automatically install compatible minor and patch releases.

What is the Package-lock.json file?

The package-lock.json file is an essential tool for ensuring consistency and collaboration among developers working on the same NPM project. It acts as a reference point for all the dependencies in the project, which helps to ensure that every developer is working with the same versions of the dependencies.

As developers add or update dependencies, the package-lock.json file is automatically updated to reflect the changes. When the file is committed to the code repository and pushed to the remote repository, other developers can easily pull the changes and run npm install or yarn install to get the same dependencies and versions as their colleagues.

By providing a consistent set of dependencies, the package-lock.json file helps to prevent version conflicts and ensure that the project runs smoothly. This saves time and minimizes errors, making it an essential tool for collaborative software development.

{
"name": "test_project",
"version": "1.0.0",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "test_project",
"version": "1.0.0",
"license": "ISC",
"dependencies": {
"express": "^4.17.1"
}
},
"node_modules/accepts": {
"version": "1.3.8",
"resolved": "[<https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz>](<https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz>)",
"integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==",
}
}

  • name: Specifies the name of the package.

  • version: Specifies the version of the package.

  • lockfileVersion: Specifies the version of the lock file format.

  • requires: Specifies whether the package requires a lock file.

  • packages: An object containing information about the packages installed in the project. It's a nested object, where each key represents a package or a sub-package, and the value is an object containing information about that package.

  • ": This represents the root package, which is the main package that was installed in the project. It contains information such as the name, version, license, and dependencies of the package.

  • node_modules/accept: This represents a sub-package called "accepts", which is a dependency of the main package. It contains information such as the version, resolved URL, and integrity hash of the package.

    • resolved - The URL to download the package from.

    • integrity - A checksum that verifies the integrity of the downloaded package.

Global vs Local package installation

Global Installation :

A global installation means the package is installed in a central location on your system and can be accessed by any project or directory. The package is installed outside of any specific project and is made available globally. Global installations are typically used for command-line tools or utilities that you want to use across different projects.

To install the package globally on your machine.

npm install -g <package-name>

Local Installation :

When you install a package locally, it means the package is installed within the specific project or directory where the installation command was executed. The package is typically saved in the node_modules folder of that project. Local installations are specific to a particular project and do not affect other projects or the global environment.

To install the package locally on your machine

npm install <package-name>

Difference between Global and Local Installation

Local Installation

Global Installation

Scope

Limited to a specific project or directory

Accessible across all projects and directories

Location

Installed within the project's "node_modules" folder

Installed in a central location on the system

Isolation

Provides isolation of packages for each project

Shared packages across projects

Disk Space

Can consume more disk space due to project-specific installations

Shared installation reduces disk space usage

Version Management

Can have different versions of the same package for each project

Shared package version for all projects

Accessibility

Package available only within the project it is installed in

Package accessible from anywhere in the system

Usage

Typically used for project-specific dependencies

Commonly used for command-line tools or utilities

Dependency Conflicts

Less likely to have conflicts between packages

Potential conflicts when different projects require different versions

Sharing

Projects can easily share the required dependencies

Dependencies need to be installed separately for each project

NPM Publish

Publishing your npm package to the npm registry is easier than you may think. Simply use the npm publish command.

On your local machine, create a package.json file using the npm init command. Set a unique project name and fill in all the necessary fields in the package.json file, such as version, scripts, file names, and license.

Next, open your command prompt or terminal on your machine.

npm publish

Great now you contribute to the world.

Conclusion

In conclusion, npm is an indispensable tool for modern development, offering seamless package management and fostering collaboration within the open-source community. By leveraging the vast array of packages available, developers can enhance their productivity and streamline their workflows. While Contributing to open-source projects and encountering installation errors is inevitable, it is important to view them as learning opportunities and consult the comprehensive npm documentation for guidance.

Hope You Understand Well.

npmDeveloperdevelopmentJavaScript