Npm

npm can manage packages that are local [[Coupling (computer programming)|dependencies]] of a particular project, as well as globally-installed JavaScript tools.<ref name="Ellingwood16">{{cite web |last1=Ellingwood |first1=Justin |title=How To Use npm to Manage Node.js Packages on a Linux Server |url=https://www.digitalocean.com/community/tutorials/how-to-use-npm-to-manage-node-js-packages-on-a-linux-server |access-date=22 October 2016 |website=DigitalOcean}}</ref> When used as a dependency manager for a local project, npm can install, in one command, all the dependencies of a project through the <code>package.json</code> file.<ref name="npm-install-docs">{{cite web |title=npm-install |url=https://docs.npmjs.com/cli/install |access-date=22 October 2016 |website=docs.npmjs}}</ref> In the <code>package.json</code> file, each dependency can specify a range of valid [[Software versioning|versions]] using the semantic versioning scheme, allowing developers to auto-update their packages while at the same time avoiding unwanted breaking changes.<ref name="npm-semver-docs">{{cite web |title=semver |url=https://docs.npmjs.com/misc/semver |url-status=dead |archive-url=https://web.archive.org/web/20161203095427/https://docs.npmjs.com/misc/semver |archive-date=3 December 2016 |access-date=22 October 2016 |website=docs.npmjs}}</ref> npm also provides version-bumping tools for developers to tag their packages with a particular version.<ref name="npm-version-dcs">{{cite web |title=npm-version |url=https://docs.npmjs.com/cli/version |access-date=29 October 2016 |website=docs.npm}}</ref> npm also provides the <code>package-lock.json</code><ref>{{Cite web |last=Koirala |first=Shivprasad |date=21 August 2017 |title=What is the need of package-lock.json in Node? |url=https://www.codeproject.com/Articles/1202361/What-is-package-lock-json-file-in-Node-NPM |website=codeproject}}</ref> file which has the entry of the exact version used by the project after evaluating semantic versioning in <code>package.json</code>.

npm can manage packages that are local [[Coupling (computer programming)|dependencies]] of a particular project, as well as globally-installed JavaScript tools.<ref name="Ellingwood16">{{cite web |last1=Ellingwood |first1=Justin |title=How To Use npm to Manage Node.js Packages on a Linux Server |url=https://www.digitalocean.com/community/tutorials/how-to-use-npm-to-manage-node-js-packages-on-a-linux-server |access-date=22 October 2016 |website=DigitalOcean}}</ref> When used as a dependency manager for a local project, npm can install, in one command, all the dependencies of a project through the <code>package.json</code> file.<ref name="npm-install-docs">{{cite web |title=npm-install |url=https://docs.npmjs.com/cli/install |access-date=22 October 2016 |website=docs.npmjs}}</ref> In the <code>package.json</code> file, each dependency can specify a range of valid [[Software versioning|versions]] using the semantic versioning scheme, allowing developers to auto-update their packages while at the same time avoiding unwanted breaking changes.<ref name="npm-semver-docs">{{cite web |title=semver |url=https://docs.npmjs.com/misc/semver |url-status=dead |archive-url=https://web.archive.org/web/20161203095427/https://docs.npmjs.com/misc/semver |archive-date=3 December 2016 |access-date=22 October 2016 |website=docs.npmjs}}</ref> npm also provides version-bumping tools for developers to tag their packages with a particular version.<ref name="npm-version-dcs">{{cite web |title=npm-version |url=https://docs.npmjs.com/cli/version |access-date=29 October 2016 |website=docs.npm}}</ref> npm also provides the <code>package-lock.json</code><ref>{{Cite web |last=Koirala |first=Shivprasad |date=21 August 2017 |title=What is the need of package-lock.json in Node? |url=https://www.codeproject.com/Articles/1202361/What-is-package-lock-json-file-in-Node-NPM |website=codeproject}}</ref> file which has the entry of the exact version used by the project after evaluating semantic versioning in <code>package.json</code>.

The ''npx'' command, which is an acronym for ''Node Package eXecuter'',<ref>{{Cite web |last=Turbak |first=Lyn |date=2024 |title=Developing and Collaborating on React JS Apps |url=https://cs.wellesley.edu/~cs317/slide-pdfs/s24-12_react_development_4up.pdf |publisher=[[Wellesley College]]}}</ref> executes packages without running them.<ref>{{Citation |last=Duldulao |first=Devlin Basilan |title=Getting Started with React Function Components and TypeScript |date=2021 |work=Practical Enterprise React |pages=21–38 |url=https://link.springer.com/10.1007/978-1-4842-6975-6_3 |access-date=2025-03-04 |place=Berkeley, CA |publisher=Apress |language=en |doi=10.1007/978-1-4842-6975-6_3 |isbn=978-1-4842-6974-9 |last2=Cabagnot |first2=Ruby Jane Leyva|url-access=subscription }}</ref>{{Rp|page=22}}

The ''npx'' command, which is an acronym for ''Node Package eXecuter'',<ref>{{Cite web |last=Turbak |first=Lyn |date=2024 |title=Developing and Collaborating on React JS Apps |url=https://cs.wellesley.edu/~cs317/slide-pdfs/s24-12_react_development_4up.pdf |publisher=[[Wellesley College]]}}</ref> executes packages without installing them.<ref>{{Citation |last=Duldulao |first=Devlin Basilan |title=Getting Started with React Function Components and TypeScript |date=2021 |work=Practical Enterprise React |pages=21–38 |url=https://link.springer.com/10.1007/978-1-4842-6975-6_3 |access-date=2025-03-04 |place=Berkeley, CA |publisher=Apress |language=en |doi=10.1007/978-1-4842-6975-6_3 |isbn=978-1-4842-6974-9 |last2=Cabagnot |first2=Ruby Jane Leyva|url-access=subscription }}</ref>{{Rp|page=22}}

npm's [[command-line interface]] client allows users to consume and distribute JavaScript modules that are available in the registry.<ref name="ampersandjs">{{cite web |last1=Ampersand.js |title=Ampersand.js – Learn |url=https://ampersandjs.com/learn/npm-browserify-and-modules/ |access-date=22 July 2016 |website=ampersandjs.com}}</ref> In npm version 6, the audit feature was introduced to help developers identify and fix security vulnerabilities in installed packages.<ref>{{cite web |last1=npm |title='npm audit': identify and fix insecure dependencies |url=https://blog.npmjs.org/post/173719309445/npm-audit-identify-and-fix-insecure |access-date=14 August 2018 |website=The npm Blog}}</ref> The source of security vulnerabilities were taken from reports found on the Node Security Platform (NSP) and has been integrated with npm since npm's acquisition of NSP.<ref>{{cite web |last1=npm |title=The Node Security Platform service is shutting down 9/30 |url=https://blog.npmjs.org/post/175511531085/the-node-security-platform-service-is-shutting |access-date=14 August 2018 |website=The npm Blog}}</ref>

npm's [[command-line interface]] client allows users to consume and distribute JavaScript modules that are available in the registry.<ref name="ampersandjs">{{cite web |last1=Ampersand.js |title=Ampersand.js – Learn |url=https://ampersandjs.com/learn/npm-browserify-and-modules/ |access-date=22 July 2016 |website=ampersandjs.com}}</ref> In npm version 6, the audit feature was introduced to help developers identify and fix security vulnerabilities in installed packages.<ref>{{cite web |last1=npm |title='npm audit': identify and fix insecure dependencies |url=https://blog.npmjs.org/post/173719309445/npm-audit-identify-and-fix-insecure |access-date=14 August 2018 |website=The npm Blog}}</ref> The source of security vulnerabilities were taken from reports found on the Node Security Platform (NSP) and has been integrated with npm since npm's acquisition of NSP.<ref>{{cite web |last1=npm |title=The Node Security Platform service is shutting down 9/30 |url=https://blog.npmjs.org/post/175511531085/the-node-security-platform-service-is-shutting |access-date=14 August 2018 |website=The npm Blog}}</ref>