๐Ÿ“ฆ Tools

npm and package.json Explained โ€” Dependencies Demystified

๐Ÿ“… Jul 5, 2026 โฑ 3 min read

Every JS project starts with these files. Understanding them turns npm from ritual into tool.

The anatomy

{
  "name": "my-app",
  "scripts": {
    "dev": "vite",                    // npm run dev
    "build": "vite build"
  },
  "dependencies": {                   // shipped to production
    "express": "^4.19.0"
  },
  "devDependencies": {                // build-time only
    "vite": "^5.0.0"
  }
}

The semver symbols (interview trivia)

The files and what to commit

Commands that matter

npm install            # everything from package.json
npm ci                 # exact lockfile install โ€” use in CI/CD
npm install -D vite    # add as devDependency
npx create-vite my-app # run a package WITHOUT installing globally
npm outdated           # what needs updating
npm audit              # known vulnerabilities

Delete node_modules + npm install is the JS world's turn-it-off-and-on โ€” works disturbingly often.

โ† All Articles