Install, Run, Update — the Package Manager Shipped With Node
npm
npm is the default package manager. Install deps, run scripts, use npx to run binaries.
What you'll learn
- Install runtime + dev dependencies
- Run scripts and binaries
- Know the alternatives (pnpm, yarn, bun)
npm ships with Node. It’s how you pull in the vast library ecosystem (~3M packages and counting).
Installing Deps
npm install express # runtime dep
npm install --save-dev vitest # dev-only dep
npm install # install everything in package.jsonThis:
- Creates
node_modules/if missing - Updates
package.json(adds to deps) - Updates
package-lock.json(locks exact versions)
npm install and npm i are the same. So are --save-dev and
-D.
Removing
npm uninstall expressUpdating
npm outdated # show what's behind
npm update # update within the semver range in package.jsonTo bump major versions, edit package.json manually or use
npm-check-updates.
Running Scripts
npm run dev # runs scripts.dev from package.json
npm test # alias — works for "test" and "start"npx — Run a Package Without Installing
npx create-vite my-app # downloads & runs once
npx tsx script.ts # if tsx isn't installed globallynpx is part of npm. It checks node_modules/.bin, then downloads.
node_modules/
The flat folder where deps live. Never commit it — add to
.gitignore. With the lock file, anyone can npm install and get
the same tree.
Alternatives
| Tool | Pitch |
|---|---|
| npm | Default. Ships with Node. |
| pnpm | Faster, disk-efficient (hard links). Strict about deps. |
| yarn | Older alternative. Yarn 4 (Berry) does PnP. |
| bun | All-in-one (runtime + pkg mgr). Fast installs. |
All read the same package.json and produce a node_modules/.
Lock files differ:
package-lock.json(npm)pnpm-lock.yaml(pnpm)yarn.lock(yarn)bun.lockb(bun)
Pick one per project — don’t mix.
End of Chapter
That wraps the basics. Next chapter: Node’s standard library — the
parts of Node that aren’t on window.