npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

What are your npm tips and tricks?

I’ve been using npm for years, but to be honest, it was mostly to install packages. I didn’t know all the amazing things the CLI let you do and since I joined npm, I’m discovering new things weekly. I want to write a blog post about those findings, and create a talk around the npm CLI, so I’m looking at you to help me make this content even better. It’s also a way for me to learn new things :D

So, what are your npm tips and tricks? For me, it was npx: I didn’t know it was a thing!


For me, it was npm pack --dry-run, which shows which files would be packed when publishing your package to npm. :package:


Hah, didn’t know this. Thanks for sharing.


The possibilities of npm scripts :sparkling_heart:


and this is the reason why I want to create that content :D


Thanks for sharing @macklinu. AFAIK, I think --dry-run can be run on most commands. @zkat would know!


Can’t agree more!

Great post, thanks for sharing @mischah!


Together with Juan Picado, we compiled a list of 10 npm security best practices - https://snyk.io/blog/ten-npm-security-best-practices/ :slight_smile:

It covers quite a few topics, from lock files, npmignore file usage, run-scripts, 2fa tokens, and more.


I <3 npm ci.

A real productivity win for me was adopting package-lock.json. This speeds up CI runs runs tremendously and also ensures that all team members use the same dependency version.


The npm ci should be used with care, npm audit is being ignored and it is not documented on npmjs.


I think it’s important to highlight this for me as many people don’t even know it’s a thing and why it’s there.


Interesting, I need to give a closer look at this, thanks for the feedback!


You can use “npm run” to list what scripts are available to run in package.json. It’s really nice when you clone a new project and don’t know the name of the build script.


Oh! I didn’t know about that, thanks @styfle!