NPM Commands

Let's look at other stuff that you can do with npm!


Since the package.json file contains the versions that we want for the libraries that we install, let's choose Bootstrap v4 that still uses jQuery as our example.


Whenever you want to reinstall all of the libraries it's important to delete the package-lock.json, so that it can be recreated with the new dependency chain.

So go ahead and delete package-lock.json.

Then adjust the package.json to look like this, we're just lowering the major version to the previous one:

  "dependencies": {
    "bootstrap": "^4.0.1"

Then execute: npm i to install all of the packages again.

Now if you look in the node_modules folder, you will see a @popperjs and a popper.js folder. One of these came in just now with the reinstall, but the other one remained from the Bootstrap v5 install.

npm also tells you about the package as not being the latest one:

npm WARN deprecated popper.js@1.16.1: You can find the new Popper v2 at @popperjs/core, this package is dedicated to the legacy v1

To have a clear set of libraries installed without duplicates, you have to delete the node_modules folder too before each reinstall.

Tip: The "node_modules" folder usually never gets pushed to a code repository. That's due to the size it usually takes. Instead, only the "package.json" file is included, so that the developer can only get the necessary files and then npm i all of the 3rd party libraries that are needed separately.

So just delete "node_modules" and run npm i again.

npm audit

One of the most important npm commands is npm audit. It will inform you about whether and how many security vulnerabilities you have in your packages.

npm audit fix

The above command will not only scan, but also fix any vulnerabilities that can be fixed automatically. Some might require manual work, as stated in the npm docs:

Note that some vulnerabilities cannot be fixed automatically and will require manual intervention or review. Also note that since npm audit fix runs a full-fledged npm install under the hood, all configs that apply to the installer will also apply to npm install -- so things like npm audit fix --package-lock-only will work as expected.

npm uninstall

Installing packages is fun, but at some point you probably want to remove them too. You don't have to manually go into package.json and then the node_modules folder to remove it. You can just execute:

npm uninstall <package_name>

npm outdated

This command allows you to see the latest and current versions of your packages. Simply run it like:

npm outdated

That's it!

npm update

Pretty self-explanatory, just updates packages, like this:

npm update <package_name>

If you want to update all of them, run it without a package name:

npm update


You probably want to see the full list of stuff you can do with npm, so you can list all of the available commands by running:



I strongly suggest exploring all the cool things that you can do with npm, it will save you tons of time. The dev community has created cheatsheets, blog posts and more for the most popular commands and how to use them.