Author: Boemo Wame Mmopelwa
Last Updated: Wed, Dec 8, 2021Node.js is a backend Javascript runtime environment that is light and highly scalable. It is used to build real-time applications such as video streaming applications. To make development easier, Node js developers created a node package manager (npm). This package manager acts as the Node.js command line. It is used for installing modules and initializing projects.
In this tutorial, you will learn how to install npm on Windows and how to use it.
Follow the steps below to download and install the Node.js .msi file. The Node.js .msi file includes the node package manager. You donât have to download them separately like before.
Go to the Nodej.s website and download the Long Term Support (LTS) version of Node.js. The LTS version has features that have abundant documentation and it is stable in terms of security and performance when compared to the Node.js current version.
Navigate to the Download folder in the file manager and click the .msi
package to start the installation procedure.
Accept the terms in the License Agreement.
Add a different directory if you want but you can just leave the default location set by Node.js.
Select the Node.js features you want to install or remove by clicking on the drop-down list. You can leave everything on default if you donât have any changes to make.
Check the box to install essential tools required by Node.js and npm.
Finish the installation process by clicking on the install button to install Node.js.
Use the npm -v
command to check the version of the node package manager you just installed. You will get the version number if it has been successfully installed.
npm -v
8.1.0
Use node -v
command to check if Node.js has been installed successfully. This command will also show the version number if Node.js has been successfully installed.
node -v
8.1.0
The npm init
command is used to create a Node.js project. The npm init command will create a package where the project files will be stored. All the modules you download will be stored in the package.
npm init
The npm init
command will also create the package.json file, and prompt you to add the following project information when creating a project:
Project name
Project initial version
Project description
The project's entry point
The project's entry point
The project's test command
The project's git repository
The project's license
The information will be stored in the package.json file. The package.json file contains the important details and metadata of your project such as package versions.
Here is an example of a package.json file:
{
"name": "hometech",
"version": "1.0.0",
"description": "How to install node package manager",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1",
"start": "node server.js"
},
"author": "Boemo Mmopelwa",
"license": "MIT",
"dependencies": {
"@apollo/client": "^3.3.7",
"Express": "^3.0.1",
"apollo-angular": "^2.2.0",
"express": "^4.17.1",
"express-graphql": "^0.12.0",
"graphql": "^15.4.0"
},
"devDependencies": {},
"keywords": [
"vultr"
]
}
The package.json file is stored in your current prescribed directory but you can also move it to your desired destination.
If you want to skip the questions asked when creating a project, use this command:
npm init --yes
The above command will initialize the project and skip all the required details required by the package.json file. You can set these configuration details later when youâre ready to add them. But these are important details that should never be forgotten to be added.
You can use the following commands to install additional information:
npx license: use this command to download your preferred license package such as MIT.
npx gitignore: This command downloads the gitignore file from GitHubâs repo of your choice using the gitignore package.
npx covgen: This command uses the covgen package to generate the Contributor Covenant. This command will also generate a code of conduct that all contributors must abide by.
The node package manager allows you to set default config options for the npm init command.
Here are some of the commands you can use to set default config options:
The following command sets your default email address.
> npm set init.author.email "enter your email address here"
The following command sets your default author name.
> npm set init.author.name "enter your author name here"
The following command sets your projectâs license.
> npm set init.license "MIT"
Use the dependencies attribute to manually add dependencies to the package.json file by referencing the name and version of the dependency using any text editor such as Microsoft Visual studio:
{
"name": "hometech",
"version": "1.0.0",
"dependencies": {
"my_dep": "^1.0.0",
}
}
Use the devDependencies attribute to manually add devDependencies name and version to the package.json file:
"name": "hometech",
"version": "1.0.0",
"dependencies": {
"my_dep": "^1.0.0",
},
"devDependencies" : {
"my_test_framework": "^3.1.0".
"another_dev_dep": "1.0.0 - 1.2.0"
}
You can check and keep track of all installed using the npm list
command. The npm list
command will generate a list of all installed packages.
npm list
The command will output all installed packages:
demo@1.0.0 C:\Users\Demo
+-- @apollo/client@3.3.7
+-- apollo-angular@2.2.0
+-- array-flatten@1.1.1 extraneous
+-- body-parser@1.19.0 extraneous
+-- content-disposition@0.5.3 extraneous
+-- cookie-signature@1.0.6 extraneous
+-- cookie@0.4.0 extraneous
+-- debug@2.6.9 extraneous
+-- destroy@1.0.4 extraneous
+-- ee-first@1.1.1 extraneous
+-- encodeurl@1.0.2 extraneous
+-- escape-html@1.0.3 extraneous
+-- etag@1.8.1 extraneous
+-- express-graphql@0.12.0
+-- Express@3.0.1 invalid: "^4.17.1" from the root project
+-- finalhandler@1.1.2 extraneous
+-- forwarded@0.1.2 extraneous
+-- fresh@0.5.2 extraneous
+-- graphql@15.4.0
+-- http-errors@1.7.2 extraneous
+-- type-is@1.6.18 extraneous
+-- utils-merge@1.0.1 extraneous
The npm install
command is used to install modules such as Express. To use this command just add the name of your module after the install keyword.
npm install <enter the module name here>
If you donât want to install a specific module you can go ahead and install modules and project dependencies listed in the package.json file using the following command.
npm install
If you are installing a module that hasnât been listed in the package.json file. You can use the following command to install and add the module to the package.json file as a project dependency.
npm install <module> --save
You can also use the --save-dev
flag which adds the module as a devDependencies. Development dependencies (devDependencies) are used for development purposes only, they are not required during runtime.
npm install <module> --save-dev
If you want all of your applications to use a specified module, install the module globally by using the--global
flag so that all Node.js applications in your system can access the module:
npm install <enter the module you want to install globally here> --global
Security vulnerabilities found in packages often cause service outages and data loss. Inspecting and auditing your Node.js package dependencies using the npm audit
command could help you identify security vulnerabilities and fix them before they cause data loss.
The npm audit
command is only supported in npm version 6.0.0 and later versions only.
The npm audit
command sends details about the packageâs dependencies and devDependencies for inspection to your default registry. A report will be sent back which contains results of your package dependencies, devDependencies, bundledDependencies, and optionalDependencies security state.
Follow the following steps to audit your package dependencies:
Launch the command line and navigate to your package directory.
Make sure that your package includes the package.json and package-lock.json files.
Insert the npm audit
command and press enter to start the security auditing process.
After the report has been generated using the previous command you can now analyze the audit report and implement security measures to eliminate security vulnerabilities detected in your package dependencies.
Here is a list of essential commands that you will use after you install Node.js and the node package manager.
npm uninstall <package>: This command is used to uninstall a package.
npm list -g --depth=0: List globally installed packages.
npm -g uninstall <name>: This command is used to uninstall a global package.
npm-windows-upgrade: Upgrade npm on Windows.
npm run: list available scripts to run.
npm-windows-upgrade: This command is used to update npm.