npm Resources, Tutorials and Guides

npm is the package registry and tooling at the heart of the JavaScript ecosystem. This hub gathers guides on managing dependencies, publishing packages, understanding versioning, and keeping projects secure.

5 articles · Updated June 10, 2022

Every dependency is code you now maintain by proxy. Audit before you add, and keep your lockfile committed.

Related topics

Featured articles

Hand-picked and latest articles from this topic.

From Basics

Quick-reference cheatsheets for tools and libraries in this space.

External resources

Curated tools, docs, and communities worth bookmarking.

Frequently asked questions

Quick answers about this topic hub.

What's the difference between dependencies and devDependencies?

Dependencies are packages your app needs at runtime, while devDependencies are only needed during development — things like test runners, bundlers, and linters. Separating them keeps production installs lean.

What does the package-lock.json file do?

It records the exact versions of every installed package (including nested ones) so installs are reproducible across machines and over time. Always commit it to keep your team on identical dependency trees.

How do I keep dependencies secure?

Run npm audit to check for known vulnerabilities, keep packages updated, minimize how many you add, and review new dependencies before installing. Supply-chain security starts with what you choose to pull in.

No posts found for this topic.

Promote your content

Reach over 400,000 developers and grow your brand.

Join our developer community

Hang out with over 4,500 developers and share your knowledge.