What is npm?
The Node Package Manager — a tool that comes with Node.js that lets you install and manage third-party code (packages) in your project.
npm install axios # installs the axios package
How do you create a package.json and what is it?
It’s a file that describes your project and tracks which packages it depends on. Create it with:
npm init -y # -y skips the questions and uses defaults
What happens when you run npm install axios?
Two things: it downloads the package into a node_modules folder, and it adds it to your package.json under dependencies.
What is node_modules and should you commit it to Git?
The folder where npm stores all installed packages. Never commit it — it can be huge. Add it to .gitignore and anyone can recreate it by running npm install.
What is semantic versioning?
The 3-number version system all npm packages use: MAJOR.MINOR.PATCH — e.g. 1.4.2.
PATCH (1.4.2) — bug fix, safe to update
MINOR (1.4.2) — new feature, backwards compatible
MAJOR (1.4.2) — breaking change, may require code updates
What is package-lock.json?
Auto-generated by npm. It locks the exact version of every installed package. This ensures everyone on your team installs the exact same versions when they run npm install.
What are vulnerabilities in dependencies and how do you check for them?
Packages you install can have security flaws. Run npm audit to check, and npm audit fix to automatically fix safe ones. Always check this before deploying.
