npm Command: Install and Manage Node.js Packages

When you start or clone a Node.js project, one of the first things you usually do is install its packages. npm is the default package manager that ships with Node.js, and it is the command you use to add, update, remove, and run project dependencies. It reads and writes the package.json file that records what your project needs.

This guide walks through the npm commands you will use most often: starting a project, installing local and global packages, pinning versions, updating and removing dependencies, and running project scripts.

Syntax #

The general form of the command is:

npm <command> [args] [options]

npm ships with Node.js, so installing Node.js installs npm too. If you have not set up Node.js yet, see our guide on installing Node.js on Ubuntu 26.04 . Before we run package commands, confirm both tools are available:

node --version
npm --version

v24.16.0
11.13.0

If npm reports a version, you are ready to go.

Initialize a Project #

Every npm project centers on a package.json file. This file lists the project dependencies, scripts, package name, version, and other metadata. Create one in the current directory with:

npm init

npm asks a series of questions (name, version, entry point, and so on) and writes your answers to package.json. To accept all the defaults without prompts, add the -y flag:

npm init -y

This is the usual starting point for a new project. Once package.json exists, later npm install commands have a file where they can record dependencies.

Install Packages #

To add a package to your project, run npm install with the package name:

npm install express

This downloads express into a node_modules directory and records it under dependencies in package.json. npm also creates or updates package-lock.json, which records the exact versions that were installed.

For tools you only need while developing, such as test runners or linters, save them as development dependencies with -D (short for --save-dev):

npm install -D eslint

These land under devDependencies and are skipped when a project is installed for production with npm install --omit=dev.

When you clone an existing project, you do not install each package by hand. Run install with no arguments from the project directory:

npm install

npm reads package.json and the lock file, installs the missing packages, and updates package-lock.json when dependency ranges need to be resolved. This is the command you usually run during local development.

For CI jobs, clean deploys, and other repeatable installs, use npm ci instead:

npm ci

npm ci requires an existing package-lock.json, removes any current node_modules directory, and installs the exact dependency tree from the lock file without changing package.json or package-lock.json.

Install Global Packages #

Some packages are command-line tools you may want available everywhere instead of tied to one project. Install them globally with -g:

sudo npm install -g http-server

The tool is then on your PATH and can be run from any directory. Reserve global installs for command-line utilities. Project dependencies should stay local so each project controls its own versions.

Install a Specific Version #

When a project needs a specific package release, append @ and the version number:

npm install express@4.18.2

You can also install by tag, such as npm install express@latest for the newest release or @next for a prerelease line. Pinning a specific version is useful when you need to match an application requirement or avoid a breaking change in a newer release.

Update and Inspect Packages #

Before updating packages, check what is currently installed and what newer versions are available:

npm outdated

Package  Current  Wanted  Latest  Location
express  4.18.0   4.18.2  4.19.2  node_modules/express

The Wanted column is the newest version allowed by the range in package.json, while Latest is the newest published. Update packages to the wanted versions with:

npm update

If you want to move to a new major version beyond your declared range, install that version explicitly as shown above.

Remove Packages #

When a dependency is no longer needed, uninstall it and remove it from package.json with:

npm uninstall express

npm removes the package from node_modules and updates both package.json and the lock file. For a global package, add -g:

sudo npm uninstall -g http-server

Run Scripts #

The scripts section of package.json defines named commands for common project tasks. A typical file might include:

{
  "scripts": {
    "start": "node index.js",
    "test": "jest"
  }
}

Run a script with npm run followed by its name:

npm run start

The start and test names are special and can be run without run, so npm start and npm test both work. Scripts are how most projects expose their build, test, lint, and development commands.

List Installed Packages #

When you need to inspect what is installed in the current project, use:

npm list

By default, recent npm versions show the top-level project and its direct dependencies. If you need to inspect the full nested tree, add --all:

npm list --all

Add -g to list globally installed packages instead.

Run a Package Without Installing It #

The npx command, bundled with npm, runs a package binary without a permanent global install. Use it when you need a one-off tool but do not want to add it to the project:

npx prettier@latest --check .

npx downloads the package if needed, runs it, and does not leave a global install behind. For project scaffolding, many packages also support the npm create form. For example, to start a Vite React project, run:

npm create vite@latest my-app -- --template react

Quick Reference #

For a printable quick reference, see the npm cheatsheet .

Troubleshooting #

EACCES: permission denied during a global install
A global install is trying to write to a system directory your user cannot modify. Either prefix the command with sudo, or, better, manage Node.js with nvm so global packages install under your home directory without root permissions.

A script exits with an npm error
The script ran but one of the commands inside it exited with an error. Scroll up to the actual command output above the npm error block; the underlying tool, not npm, is usually reporting the failure.

Conflicting peer dependency errors on install
A package expects a different version of a shared dependency than what is installed. Resolve the version mismatch where possible, or, as a temporary measure, retry with npm install --legacy-peer-deps while you sort out the conflict.

FAQ #

What is the difference between dependencies and devDependencies?
dependencies are packages your application needs to run. devDependencies are needed only during development, such as test frameworks and linters, and are installed with -D. Production installs can skip them with --omit=dev.

What does package-lock.json do?
It records the exact version of every installed package, including nested dependencies. Commit it to version control, then use npm ci when you need an exact lock-file install in CI or deployment.

What is the difference between npm and npx?
npm installs and manages packages, while npx runs a package’s executable, downloading it temporarily if it is not installed. Use npx for one-off commands and scaffolding tools.

How do I install a package without saving it to package.json?
Add the --no-save flag, for example npm install --no-save <pkg>. The package is installed into node_modules but the change is not recorded in package.json.

Conclusion #

A small set of commands, npm install, npm ci, npm update, npm uninstall, and npm run, covers nearly all package work in a Node.js project. Keep package-lock.json committed, and use npm ci whenever repeatable installs matter.

About the authors

Dejan Panovski

Dejan Panovski is the founder of Linuxize, an RHCSA-certified Linux system administrator and DevOps engineer based in Skopje, Macedonia. Author of 800+ Linux tutorials with 20+ years of experience turning complex Linux tasks into clear, reliable guides.

View author page