Skip to content
Latchkey

What Is npm? The Node.js Package Manager Explained

npm is the default package manager for Node.js: it installs the libraries your project depends on and runs the scripts that build and test it.

npm (short for Node Package Manager) ships with Node.js and is the most widely used tool for installing JavaScript packages. It reads a project manifest, downloads the right versions of every dependency, and gives you a command runner for build and test scripts. If you have ever run "npm install", you have used it.

What npm is

npm has three parts: a command-line tool, an online registry of over two million packages, and the package.json manifest format that describes a project. When you install a package, npm fetches it from the registry (registry.npmjs.org by default) and places it under node_modules, along with everything that package itself depends on.

How it works

Your dependencies are declared in package.json. The exact resolved versions are pinned in package-lock.json, which npm writes so that every machine installs the identical tree. Running "npm install" resolves and downloads everything; running "npm ci" installs strictly from the lockfile for reproducible builds and is the right choice in automation.

A worked example

A typical project declares its tooling and scripts in package.json, then uses npm to install and run them.

package.json plus npm commands
{
  "name": "my-app",
  "scripts": {
    "test": "vitest run",
    "build": "vite build"
  },
  "dependencies": { "react": "^18.0.0" }
}

# install and run a script
npm ci
npm run build

Role in CI/CD

In a pipeline, npm restores dependencies and runs the build and test scripts. The canonical CI command is "npm ci" because it installs exactly what the lockfile specifies and fails loudly if package.json and the lockfile drift apart. Caching the npm cache directory between runs avoids re-downloading unchanged packages and speeds up every job.

Alternatives

Yarn and pnpm are drop-in alternatives that read the same package.json. pnpm is notably faster and more disk-efficient through a content-addressable store; Yarn pioneered lockfiles and offers Plug and Play. Most teams still reach for npm first because it requires no extra install.

Key takeaways

  • npm is the default package manager bundled with Node.js.
  • package.json declares dependencies and scripts; package-lock.json pins exact versions.
  • Use "npm ci" in CI for fast, reproducible installs from the lockfile.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →