npm ci vs npm install
npm install:
1) Installs dependeciesfrom package-lock.json, if it’s exist.
2) Updates package-lock.json, if has differences with package.json.
3) Suitable for development.
npm ci:
1) Removes node_modules and rebuilds everything strictly according to package-lock.json.
2) Does not change package-lock.json.
3) Faster, suitable for CI/CD and reproducible builds.
npm audit
npm audit — use to regularly check your project for vulnerabilities.
npm audit fix — use to quickly fix compatibility issues (does not change major versions).
npm audit fix –force — use only if you are confident in the safety of the changes, as the team can update major versions and potentially break the project.
npm dedup
npm dedup — a command to optimize the dependency tree, removes duplicate dependencies with the same versions from node_modules.
What it does:
1) Finds duplicate dependencies with the same versions.
2) Moves them to the top level of node_modules.
3) Reduces the size of node_modules.
npm cache verify vs npm cache clean –force
npm cache verify - verifies the cache, removes only corrupted or unnecessary files, optimizes and compresses the cache.
npm cache clean –force - completely removes the entire npm cache, including all stored data (packages, metadata, etc.).
npm whoami
Allows you to see under what login you are logged into NPM
npm publish
Publish a package to NPM
npm exec (npx)
Downloads, saves the package in the cache and executes it immediately
How to update packages to the latest version?
1) Manual update: Manually change the versions in package.json and run npm install.
2) Check for outdated packages: To see outdated packages, use npm outdated, to update a specific package, run npm install <package-name>@latest.</package-name>
3) Full update: Remove node_modules and package-lock.json, change the versions to “*” in package.json, then run npm install.
4) Using ncu (recommended): To update all packages to the latest versions, use ncu -u && npm install. (npm-check-updates package)
peerDependencies
peerDependencies — a dependency that your package does not install automatically, but expects the project developer to install it.
Used to avoid version conflicts and ensure compatibility.
When to use?
Your package is a plugin, component library, or extension.
The dependency should be one for the entire project (e.g. React, Vue, Angular).
Example: React components or Webpack plugins.
Why not dependencies?
Avoids duplicate versions (e.g. two Reacts in node_modules).
Gives the user control over the dependency version.
Prevents errors related to incompatibility (e.g. “Invalid Hook Call”).
npx install-peerdeps my-library
