npm

npm is the default node package manager for Node.js and is automatically installed along with Node.js.

The three main components of npm are

a website?
a command line interface
a registry to access a database of JavaScript software

Installing npm

curl -qL https://www.npmjs.com/install.sh | sh

Note to self: do not be attempted to install like shown below, it will (as of 2023-03-29) install node version 12 (while version 18 is the current one):

sudo apt install nodejs npm -y

TODO

nvm (node version manager) is recommended to install Node.js and npm.

Packages and modules

About packages and modules says:

A package is a file or directory that is described by a package.json file
A module is any file or directory in the node_modules directory that can be loaded by the Node.js require() function.

Package

A package is (see npm help install)

a) a folder containing a program described by a npm help package.json file
b) a gzipped tarball containing (a)
c) a url that resolves to (b)
d) a <name>@<version> that is published on the registry (see npm help registry) with (c)
e) a <name>@<tag> (see npm help dist-tag) that points to (d)
f) a <name> that has a "latest" tag satisfying (e)
g) a <git remote url> that resolves to (a)

Installing packages

npm allows to install packages, for example SQLite:

npm install sqlite3

npm is also the preferred way to install Yarn which is another package manager:

npm install --global yarn

sudo should not be used to globally install packages. Therefore, the npm installation directory need to be made accessible before installing package:

sudo chown -R $(whoami) $(npm config get prefix)/{lib/node_modules}

Commands

npm [command]

`access`	Set access level published packages
`adduser`
`audit`
`bin`	Display bin folder (for example `node_modules/.bin` appended to the current working directory, or when combined with `-g` the «global» bin directory `/usr/local/bin`). Compare with `prefix` and `root`
`bugs`
`cache`	Manipulate package cache (see also `~/.npm/_cacache/`)
`ci`	Install a project with a clean slate
`completion`
`config`	Manage configuration files
`dedupe`	Reduce duplication. Aliases are `find-dupes` and `ddp`
`deprecate`
`diff`	Registry diff
`dist-tag`
`docs`	Open documentation in a web browser
`doctor`	Check environment
`edit`	Edit an installed package
`exec`	Run a command from a local or remote npm package (compare with `npx`)
`explain`	Explain installed packages
`explore`
`find-dupes`
`fund`
`get`
`help`
`hook`
`init`	Creates a `package.json` file
`install`	Installs a package (including the packages it depends on)
`install-ci-test`
`install-test`
`link`	Symlink a package folder
`ll`
`login`	Add a registry user account
`logout`
`ls`	List installed packages. An alias for `ls` is `list`.
`org`	Manage orgs, see https://docs.npmjs.com/orgs/
`outdated`
`owner`	Manage package owners
`pack`	Create a tarball from a package
`ping`	Ping npm registry
`prefix`	Show prefix (for example the current working directory, or when combined with `-g` the «global» directory `/usr/local`). Compare with `bin` and `root`
`profile`	Change settings on registry profile
`prune`
`publish`	Publishes a package
`rebuild`	Rebuilds a package
`repo`	Opens package repository in browser
`restart`	Restarts a package. Compare with `start`
`root`	Shows npm root (for example `node_modules` appended to current working directory, or when combined with `-g`, the «global» directory `/usr/local/lib/node_modules`). Compare with `prefix` and `bin`
`run-script`	Add `node_modules/.bin` to `PATH` and then runs an arbitrary package script with `/bin/sh` or `cmd.exe`. Aliases are `run`, `rum` and `urn`.
`search`	Searches for packages, prints name, description, author, date, version and keywords.
`set`
`set-script`	Set tasks in the script section of `package.json`.
`shrinkwrap`	Lock down dependency version for publication
`star`	Mark favorite packages. Favorite packages can be viewed with `stars` and `unstar`
`stars`	View packages that were marked with `star`
`start`	Start a package by running the command specified in the `start` property of the `package.json` file. If such a command is not specified, npm will run `node server.js`. Compare with `restart`
`stop`	Stops a package
`team`	Manage organization teams and memberships
`test`	Runs the command specified in the `{"scripts": {"test": …"}}` property of `package.json`.
`token`	Manage authentication tokens
`uninstall`
`unpublish`
`unstar`
`update`
`version`	Bumps the version of a package
`view`
`whoami`

TODO

npx runs a command from a local (node_modules/.bin) or remote (/usr/local/bin and %APPDATA/npm?) npm package. npx is depracated (and its functionality seems to be provided by npm exec)

/usr/share/nodejs

Compare to yarn.

npm help shrinkwrap

For npm init xyz, xyz is considered package initializer. This seems to be a JSON file located at https://registry.npmjs.org/create-xyz

Package visibility/scope

A package's scope determines its visibility (aka access level).

Scope is one

Org	Allows to specifiy team members
User	Grants are given to users (not team members)
Unscoped

Access level is:

public	Everyone can download and view packages
private	Only owners or team embers/users granted read can download and view packages. Only team members with write right or users given write right or package owners can publish a package.

There is no unscoped private scope. Thus, there are five possible combinations of scope and access levels.

The name of the scope can optionally appear as first part of a package name: @orgname/packagename.

npm

Installing npm

TODO

Packages and modules

Package

Installing packages

Commands

TODO

Package visibility/scope

See also