Comprehensive NPM & NPX Cheatsheet
NPM is the default package manager for Node.js, used for installing, managing, and sharing JavaScript packages.
| Command | Description |
|---|
npm init | Initialize a new project (interactive) |
npm init -y | Initialize with default settings (skips prompts) |
npm set init-author-name "Your Name" | Set default author name |
npm set init-license "MIT" | Set default license |
| Command | Description |
|---|
npm install <package> | Install a package locally |
npm install -g <package> | Install a package globally |
npm install --save <package> | Install & add to dependencies (default in npm 5+) |
npm install --save-dev <package> | Install & add to devDependencies |
npm install --save-optional <package> | Install & add to optionalDependencies |
npm install --no-save <package> | Install without saving to package.json |
npm install --force | Force reinstall all packages |
npm install --production | Install only production dependencies |
| Command | Description |
|---|
npm update | Update all packages |
npm update <package> | Update a specific package |
npm uninstall <package> | Remove a package |
npm uninstall -g <package> | Remove a global package |
npm outdated | Check for outdated packages |
| Command | Description |
|---|
npm run <script> | Run a script defined in package.json |
npm start | Runs "start" script (shortcut) |
npm test | Runs "test" script (shortcut) |
npm restart | Runs "restart" script (shortcut) |
npm run env | List environment variables |
| Command | Description |
|---|
npm cache verify | Verify cache integrity |
npm cache clean --force | Clear npm cache |
| Command | Description |
|---|
npm login | Log in to npm registry |
npm publish | Publish a package |
npm unpublish <package>@<version> | Unpublish a package version |
npm owner add <user> <package> | Add an owner to a package |
npm owner rm <user> <package> | Remove an owner from a package |
| Command | Description |
|---|
npm ls | List installed packages (local) |
npm ls -g | List globally installed packages |
npm root | Show path to local node_modules |
npm root -g | Show path to global node_modules |
npm config list | List npm configuration |
npm doctor | Check npm environment for issues |
npm repo <package> | Open package repository in browser |
npm docs <package> | Open package documentation |
NPX is a tool for executing Node packages without installing them globally.
| Command | Description |
|---|
npx <package> | Run a package (installs if not present) |
npx <package>@<version> | Run a specific version of a package |
npx -p <package> <command> | Install a package temporarily & run a command |
npx --no-install <package> | Run only if already installed |
| Command | Description |
|---|
npx --node-arg="--inspect" <package> | Run with Node.js flags |
npx -c "command1 && command2" | Execute multiple commands |
npx --package=<package> <command> | Specify a package to use |
| Command | Description |
|---|
npx create-react-app my-app | Create a React app without global install |
npx http-server | Run a local HTTP server |
npx eslint . | Run ESLint without installing globally |
npx cowsay "Hello" | Run a fun CLI tool |
- Global vs Local: Prefer
npx over global installs to avoid version conflicts.
package-lock.json: Never manually edit; it ensures consistent installs.npm ci: Faster, stricter alternative to npm install for CI/CD (requires package-lock.json)..npmrc: Configure npm settings per project or globally.
This cheatsheet covers the most essential npm and npx commands. Let me know if you need further details! 🚀
NPM & NPX Symbol Reference Guide
In npm and npx commands, symbols like @, ^, ~, and others have special meanings. Here's a breakdown of their usage:
The @ symbol is primarily used for:
npm install package@version
- Example:
npm install lodash@4.17.21
- Installs Lodash v4.17.21 exactly.
- Example:
- Installs the Angular CLI from the
@angular scope.
- Example:
npx create-react-app@5.0.1 my-app
- Runs CRA v5.0.1 without installing it globally.
- Allows minor and patch updates but not major updates.
- Example:
"dependencies": {
"express": "^4.18.2"
}
- Allows updates like
4.19.0 but not 5.0.0.
- Allows only patch updates (bug fixes).
- Example:
"dependencies": {
"express": "~4.18.2"
}
- Allows
4.18.3 but not 4.19.0.
- Used to specify version constraints.
- Examples:
npm install "react@>17.0.0"
npm install "lodash@<=4.17.21"
- Allows multiple version ranges.
- Example:
npm install "react@^16.8.0 || ^17.0.0"
- Installs either React 16.8+ or 17.0+.
- Specifies an inclusive range.
- Example:
npm install "react@16.0.0 - 17.0.0"
- Installs any React version from 16.0.0 to 17.0.0.
- Explicitly installs the newest version.
- Example:
npm install lodash@latest
- Installs any available version (not recommended).
- Example:
- Installs from a Git commit, branch, or tag.
- Example:
npm install github:user/repo
npm install github:expressjs/express
- Installs from a local path, Git repo, or direct URL.
- Examples:
npm install file:../my-local-package
npm install git+https://github.com/user/repo.git
npm install http://example.com/package.tgz
| Symbol | Meaning | Example |
|---|
@ | Specifies version or scoped package | npm install lodash@4.17.21 |
^ | Allows minor & patch updates | ^4.18.2 → 4.19.0 allowed |
~ | Allows only patch updates | ~4.18.2 → 4.18.3 allowed |
>, <, >=, <= | Version constraints | >16.0.0 |
| ` | | ` |
- | Version range | 16.0.0 - 17.0.0 |
latest | Latest stable version | npm install lodash@latest |
* | Any version (wildcard) | lodash@* |
# | Git commit/branch/tag | github:user/repo#main |
file:, git:, http: | Local/Git/URL install | file:../my-package |
✅ Exact version (@1.2.3) → For production stability.
✅ Caret (^1.2.3) → Default, allows minor updates.
✅ Tilde (~1.2.3) → Only bug fixes, stricter.
⚠️ Wildcard (*) → Risky, avoid in production.
This covers all major symbols in npm/npx. 🚀