Skip to content
Learn Netverks

Lesson

Step 10/36 28% through track

npm-basics

npm basics

Last reviewed Jun 1, 2026 Content v20260601
Track mode
nodejs_server
Means
Node sandbox
Reading
~1 min
Level
beginner

This lesson

This lesson teaches npm basics: the syntax, APIs, and habits you need before advancing in Node.js.

Module boundaries and npm supply-chain hygiene matter for security reviews and reproducible deploys.

You will apply npm basics in contexts like: CI/CD scripts, internal CLIs, and microservice repos versioned with package-lock.json.

Run JavaScript on the Node runner when configured—never mix arbitrary shell commands in lessons.

When you can explain the previous lesson's ideas without copying starter code.

npm (Node Package Manager) installs dependencies, runs scripts, and publishes packages. Every serious Node project starts with npm init and a package.json manifest.

Essential files

  • package.json — name, version, scripts, dependencies
  • package-lock.json — exact dependency tree for reproducible installs
  • node_modules/ — installed packages (usually gitignored)

Common commands

  • npm install — install from lock file
  • npm install express — add dependency
  • npm run dev — run script from package.json
  • npm audit — report known vulnerabilities

Scripts example

"scripts": {
  "start": "node src/main.mjs",
  "dev": "node --watch src/main.mjs",
  "test": "node --test"
}

Playground note

The runner cannot npm install arbitrary packages—lessons simulate manifests in comments and use built-ins in runnable code.

Important interview questions and answers

  1. Q: package.json vs package-lock.json?
    A: JSON declares semver ranges; lock pins exact versions—commit lock in apps for CI reproducibility.
  2. Q: dependencies vs devDependencies?
    A: Runtime vs build/test-only tools (eslint, jest)—production installs can omit dev with npm ci --omit=dev.

Self-check

  1. Why commit package-lock.json?
  2. What folder holds installed packages?

Interview prep

package.json vs package-lock.json?

JSON declares ranges and scripts; lock pins exact dependency tree for reproducible installs—commit lock in applications.

Interview tip Lesson completion confidence

Can you explain this lesson in 30 seconds without reading notes?

Not saved yet.

Playground

Runs on the configured server runner (dev: npm run runner with LEARNING_RUNNER_ENABLED=true). Output appears below the editor.

Check yourself

Multiple choice — immediate feedback.

Discussion

Past discussion is visible to everyone. Only logged-in users can post comments and replies.

Starter discussion topics

  • package-lock why commit?
  • devDependency vs dependency?

Sign up or log in to post comments and sync lesson progress across devices.

No discussion yet. Be the first to ask a question.

Jump

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36