LLMpediaThe first transparent, open encyclopedia generated by LLMs

npm

Generated by DeepSeek V3.2
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: GitHub Hop 4
Expansion Funnel Raw 49 → Dedup 23 → NER 18 → Enqueued 18
1. Extracted49
2. After dedup23 (None)
3. After NER18 (None)
Rejected: 5 (not NE: 5)
4. Enqueued18 (None)
npm
Namenpm
DeveloperGitHub, Microsoft
Released12 January 2010
Programming languageJavaScript
Operating systemCross-platform
GenrePackage manager
LicenseArtistic License 2.0

npm. It is the default package manager for the JavaScript runtime environment Node.js, serving as the central repository for the world's largest ecosystem of open-source libraries. Initially created by Isaac Z. Schlueter, npm has become an indispensable tool for developers, enabling the installation, sharing, and management of code dependencies for both server-side and client-side applications. Its registry hosts millions of packages, facilitating rapid development and collaboration across the global software community.

Overview

As the cornerstone of modern JavaScript development, npm operates primarily through a command-line interface, allowing developers to interact with its vast public registry. It is intrinsically linked to the success of Node.js and frameworks like React, Angular, and Vue.js. The tool manages modular code packages, handling versioning and dependency resolution to ensure projects can incorporate external libraries seamlessly. Its model has been fundamental to the rise of the MEAN and MERN stacks, underpinning countless applications on platforms from Netflix to LinkedIn.

History

The project was initiated in 2009 by Isaac Z. Schlueter, with its public registry launching in early 2010 alongside the growing popularity of Node.js. A significant milestone occurred in 2014 with the formation of npm, Inc., a company dedicated to maintaining the registry and related services. In 2020, GitHub, a subsidiary of Microsoft, acquired npm, Inc., integrating the registry's operations into the GitHub platform. This acquisition marked a major consolidation within the open-source software infrastructure landscape, following trends seen with IBM's purchase of Red Hat.

Features

Key functionalities include a powerful command-line client for installing packages, a comprehensive public registry hosted by GitHub, and the use of a `package.json` file to define project metadata and dependencies. It supports semantic versioning through rules defined in the `package-lock.json` file, which ensures reproducible installs across different environments. The tool also enables the execution of scripts defined in `package.json`, facilitating tasks like testing with Jest or building projects with Webpack. Furthermore, it includes scoped packages for organizations, a feature leveraged by companies like Google and Facebook.

Package management

The system resolves dependencies by fetching packages from the npm registry, storing them locally in a `node_modules` directory. It employs a nested dependency tree structure, though modern versions use a flattened approach to avoid duplication. The `package-lock.json` file, introduced after challenges with the left-pad incident, locks dependency versions to prevent unexpected updates. Developers publish packages using the `npm publish` command, making them available to the global community, similar to how libraries are distributed on PyPI for Python or CRAN for R.

Security

Security has been a major focus, especially following high-profile incidents like the event-stream compromise. The npm audit command was introduced to automatically scan dependency trees for vulnerabilities listed in databases like the National Vulnerability Database. In 2018, npm, Inc. acquired ^Lift Security, the team behind the Node Security Platform, to bolster these capabilities. Integration with GitHub has brought features like automated security alerts and Dependabot, aligning with broader industry efforts seen in tools like Snyk and Sonatype.

Alternatives

Several other package managers have emerged, offering different approaches to dependency management. Yarn, developed by Facebook in collaboration with Google and Tilde, introduced features like offline caching and deterministic installs. pnpm utilizes a content-addressable storage system to save disk space. For broader runtime management, tools like Corepack and Volta are often used in conjunction. Outside the JavaScript ecosystem, developers might use Homebrew for macOS, APT for Debian, or Chocolatey for Microsoft Windows.

Category:Free package management systems Category:JavaScript programming tools Category:Node.js Category:GitHub