- Developer Guide
So, you've decided to use npm to develop (and maybe publish/deploy) your
There are a few things that you need to do above the simple steps that your
users will do to install your program.
These are man pages. If you install npm, you should be able to then do man
to get the documentation on a particular topic, or npm help
to see the same information.
A package is:
- a) a folder containing a program described by a package.json file
- b) a gzipped tarball containing (a)
- c) a url that resolves to (b)
- d) a <name>@<version> that is published on the registry
- e) a <name>@<tag> that points to (d)
- f) a <name> that has a "latest" tag satisfying
- g) a git url that, when cloned, results in (a).
Even if you never publish your package, you can still get a lot of benefits of
using npm if you just want to write a node program (a), and perhaps if you
also want to be able to easily install it elsewhere after packing it up into a
Git urls can be of the form:
can be any tag, sha, or branch which can be supplied as an
argument to git checkout
. The default is master
You need to have a package.json
file in the root of your project to do
much of anything with npm. That is basically the whole interface.
See npm help 5 package.json
for details about what goes in that file. At
the very least, you need:
- name: This should be a string that identifies your project. Please do not
use the "engines" field to explicitly state the versions of node
(or whatever else) that your program requires, and it's pretty well
github repository name. So, node-foo and bar-js are bad
names. foo or bar are better.
- version: A semver-compatible version.
- engines: Specify the versions of node (or whatever else) that your program
runs on. The node API changes a lot, and there may be bugs or new
functionality that you depend on. Be explicit.
- author: Take some credit.
- scripts: If you have a special compilation or installation script, then
you should put it in the scripts object. You should definitely have
at least a basic smoke-test command as the "scripts.test" field.
See npm help 7 scripts.
- main: If you have a single module that serves as the entry point to your
program (like what the "foo" package gives you at
require("foo")), then you need to specify that in the
- directories: This is an object mapping names to folders. The best ones to
include are "lib" and "doc", but if you use
"man" to specify a folder full of man pages, they'll get
installed just like these ones.
You can use npm init
in the root of your package in order to get you
started with a pretty basic package.json file. See npm help npm-init
for more info.
Use a .npmignore
file to keep stuff out of your package. If there's no
file, but there is
file, then npm
will ignore the stuff matched by the .gitignore
file. If you
to include something that is excluded by your .gitignore
file, you can create an empty .npmignore
file to override it. Like
looks for .npmignore
in all subdirectories of your package, not only the root directory.
files follow the same pattern rules
- Blank lines or lines starting with # are ignored.
- Standard glob patterns work.
- You can end patterns with a forward slash / to specify a
- You can negate a pattern by starting it with an exclamation point
By default, the following paths and files are ignored, so there's no need to add
them to .npmignore
Additionally, everything in node_modules
is ignored, except for bundled
dependencies. npm automatically handles this for you, so don't bother adding
The following paths and files are never ignored, so adding them to
- README (and its variants)
- CHANGELOG (and its variants)
- LICENSE / LICENCE
If, given the structure of your project, you find .npmignore
to be a
maintenance headache, you might instead try populating the files
property of package.json
, which is an array of file or directory names
that should be included in your package. Sometimes a whitelist is easier to
manage than a blacklist.
If you want to double check that your package will include only the files you
intend it to when published, you can run the npm pack
which will generate a tarball in the working directory, the same way it does
is designed to install a development package and see the changes
in real time without having to keep re-installing it. (You do need to either
re-link or npm rebuild -g
to update compiled packages, of course.)
More info at npm help npm-link
This is important.
If you can not install it locally, you'll have problems trying to publish it.
Or, worse yet, you'll be able to publish it, but you'll be publishing a broken
or pointless package. So don't do that.
In the root of your package, do this:
That'll show you that it's working. If you'd rather just create a symlink
package that points to your working directory, then do this:
Use npm ls -g
to see if it's there.
To test a local install, go into some other folder, and then do:
npm install ../my-package
to install it locally into the node_modules folder in that other place.
Then go into the node-repl, and try using require("my-thing") to bring
in your module's main module.
Create a user with the adduser command. It works like this:
and then follow the prompts.
This is documented better in npm help adduser.
This part's easy. In the root of your folder, do this:
You can give publish a url to a tarball, or a filename of a tarball, or a path
to a folder.
Note that pretty much everything in that folder will be exposed
default. So, if you have secret stuff in there, use a .npmignore
to list out the globs to ignore, or publish from a fresh checkout.
Send emails, write blogs, blab in IRC.
Tell the world how easy it is to install your program!
- npm help npm
- npm help init
- npm help 5 package.json
- npm help 7 scripts
- npm help publish
- npm help adduser
- npm help 7 registry