Managing Our Project with npm

Installing an npm package

The npm utility is quite powerful. One of its most important facilities is the ability to find and install Node.js packages created by other developers. This is the main reason npm was created, so let’s try that out.

To see how npm works when installing packages, we’ll use it to install a simple and silly package that produces cool faces drawn using ASCII characters. To do this, open up a command-line window, navigate to the onboarding-api folder, and enter the following on the command line:

root@educative/onboarding-api$ npm install --save cool-ascii-faces

After a few seconds, we should see a response that looks something like this:

npm notice created a lockfile as package-lock.json. We should
 commit this file.
+ cool-ascii-faces@1.3.4
added 12 packages from 9 contributors and audited 12 packages in 6.421s
found 0 vulnerabilities

Surprise! This response shows that 12 packages were added, not just one. One of the features of npm package management is that when we install a package using npm, any packages that the module depends on are also installed.

We can also see that npm checks the installed modules for known vulnerabilities and, if needed, helps us identify and fix them too.

In this example, the package name is cool-ascii-faces. The --save argument tells npm to save the module within the current project and update the package.json file to note that this project now has a dependency on the cool-ascii-faces module.

We can confirm this by loading the package.json file with the cat package.json command and looking for the dependencies node in the JSON document.

"dependencies": {
  "cool-ascii-faces": "^1.3.4"
}

Along with the name of the package, we’ll find a version number indicator. We can see all the packages added to our project by doing a directory listing of the node_modules/ folder in our project: