10 Tips and Tricks That Will Make You an npm Ninja

By Craig Buckler

Shuriken embedded in a scroll

This article was peer reviewed by Vildan Sortic, Matt Burnett and Tom Greco. Thanks to all of SitePoint’s peer reviewers for making SitePoint content the best it can be!

While there is much excitement about Facebook’s new Yarn project, the continuing success of Node.js owes much to its original package manager, npm.

A few simple npm commands is all it takes to initialize a folder (npm init), download packages (npm install) and create tests (npm test) and custom scripts (npm run) for use in your project. Few delve further but there are several npm tips and tricks which can revolutionize your daily development tasks.

Note: if you need a primer on npm, check out our beginners guide. If you’re confused as to the difference between npm and Yarn, see our post: Yarn vs npm: Everything You Need to Know.

1. Getting Help!

The npm online help and CLI Command documentation is excellent but switching to and from your browser is not always convenient. A quick reminder of all options is available from the command line:

npm help

Help for specific npm commands can also be displayed:

npm help <command>

for example, npm help install.

Or you can view a quick command parameter reference:

npm <command> -h

2. npm Command Autocomplete

npm offers command auto-completion for systems using bash (including Bash for Windows 10):

npm completion >> ~/.bashrc

or Z shell:

npm completion >> ~/.zshrc

Reload the shell configuration file, e.g.

source ~/.bashrc

Now type npm ins and hit TAB and install will appear. You need never waste time typing in full ever again!

3. Fixing Global Module Permissions

Linux-like systems can throw permission errors when you attempt to install global packages. You can prepend sudo to any npm command but that’s a dangerous option. A better solution is to change npm’s default directory to one you own:

mkdir ~/.npm-global
npm config set prefix '~/.npm-global'

Add the following line to ~/.bashrc or ~/.zshrc as appropriate using your text editor of choice:

export PATH="$HOME/.npm-global/bin:$PATH"

Reload the shell configuration file (source ~/.bashrc) then reinstall npm itself to the new user-owned location:

npm install -g npm

This will also update npm to the latest version.

4. Keeping npm Updated

You can reveal the npm version number:

npm -v

and update if required using:

npm install -g npm

You may also need to rebuild C++ addons when a new major version of Node is released:

npm rebuild

Taking this further, if you need to manage updates for multiple versions of Node.js and npm, consider options such as nvm and n. We’ve got a tutorial on that, too: Quick Tip: Install Multiple Versions of Node.js using nvm

5. Defining npm init Defaults

New project folders are initialized with npm init. This prompts you for further details about your project and creates an initial package.json file.

If you’re fed up of retyping the same information every time you start a new project, you can accept a bunch of defaults using the -y flag:

npm init -y

Or, you can set some sensible defaults for npm to use:

npm config set <name>
npm config set <email>

6. Sophisticated Package Search

At the time of writing there are more than 350,000 packages available on npm with more appearing daily. While many are great, you probably want to avoid less popular, buggy or discontinued packages. Searching at and GitHub is practical but there are other options…


npms ranks packages to provide an overall quality score based on the project version, the number of downloads, the latest update date, the commit frequency, testing coverage, documentation, the number of contributors, issues, stars, forks and even the author’s standing in the community.

npm Discover

npm Discover locates packages which are commonly used with others, e.g. body-parser with Express.

Packages by PageRank

Packages by PageRank searches and sorts npm packages by their associated Google ranking.

Curated npm Lists

Alternatively, leverage someone else’s search success. I often refer to Awesome Node.js from sindresorhus when looking for a robust solution.

7. Managing Your Packages

You’ve chosen your packages and installed the dependencies. Let’s list what we have:

npm list

(ls, la and ll can be used as aliases for list).

The list shows everything: packages, sub-packages, sub-packages of sub-packages etc. Limit the output to top-level-only packages using:

npm list --depth=0

A package homepage can be opened with:

npm home <package>

This only works if your system can open a browser – it will fail on OS Server editions. Similarly, you can open a package’s GitHub repository:

npm repo <package>

or its documentation:

npm docs <package>

or the current list of bugs:

npm bugs <package>

npm list reports when you have extraneous packages installed — those which are no longer referenced in your package.json file. You can npm uninstall each separately or remove them all with:

npm prune

If you add the --production flag or have the NODE_ENV environment variable set to production, packages specified as devDependencies in package.json will also be removed.

8. Locking-Down Dependencies

By default, npm references package version numbers with the caret (^) character when installing a package with --save or --save-dev. This pins the package to its major version number. For example, ^1.5.1 permits anything from that version up to but NOT including 2.0.0 to be installed when npm update is run.

The more conservative tilde (~) character pins the package to the minor version. For example, ~1.5.1 permits anything from that version up to but not including 1.6.0 to be installed when npm update is run. The tilde prefix can be set as the default with:

npm config set save-prefix="~"

For those who are paranoid about any updates which could break your system, you can configure npm to use exact version numbers only:

npm config set save-exact true

Alternatively, you can shrinkwrap your project using:

npm shrinkwrap

This generates an npm-shrinkwrap.json file containing the specific versions of the dependencies you’re using. This file is used by default and will override package.json when running npm install.

9. Finding Outdated Modules

How do you know when a dependency has been updated? The process I used for many months was to list my dependencies (npm list --depth=0), search for the package on and manually check which version numbers had changed. Hours of fun. Fortunately, there’s a significantly easier option:

npm outdated

Or npm outdated -g for global packages such as npm itself.

You can also view the current version of an individual package:

npm list <package>

and examine the current and historical versions:

npm view <package> versions

npm view <package> displays all information about an individual package including its dependencies, keywords, update dates, contributors, repository, licence, etc.

10. Using Development Packages

When developing packages you often want to try them in other projects or run them from any directory (if your application supports it). There’s no need to publish the package to the npm registry and install globally – just use:

npm link

from the package folder. This creates a symlink in the global folder for that package. You will see the reference when using:

npm list -g --depth=0


npm outdated -g

You can now run package from the command line or include it in any project with require.

Alternatively, you also can declare dependencies by filepath in package.json, e.g.

"dependencies": {
  "myproject": "file:../myproject/"

So those are some of my favorite npm tricks but have I missed one of yours? Comments are welcome…

  • Richard Torcato

    you can install packages quicker with npm by just typing just “i” instead of install. I’m surprised how many people don’t know this.

    • Craig Buckler

      Thanks Richard. Most commands have shorter aliases although I think it’s useful to provide the full name in tutorials. Strangely, I still type `npm install` and `npm list` despite knowing the shorter versions!

  • Infantito

    Good post!

  • Worth mentioning also that “npm run” on its own will list the scripts available so you don’t need to check in package.json.

Get the latest in JavaScript, once a week, for free.