IT Get in touch

npm: the package manager that created an ecosystem

npm introduces a centralised registry and client for managing Node.js modules, with package.json, semantic versioning and nested dependencies.

Open SourceWeb
Open SourceWeb Open SourcenpmNode.jsJavaScriptPackage Manager
Linux Services & Systems

Linux Services & Systems

Domains, hosting, PEC, email infrastructure, network services and Linux systems. Open Source infrastructure support and management.

Discover →

The missing piece

Node.js brought JavaScript to the server side, but in its first year of life it lacks a fundamental element: a standard way to distribute, install and manage reusable code. Every developer organises libraries differently, copies files manually or manages dependencies with ad hoc scripts. In 2010 Isaac Schlueter releases npm (Node Package Manager), a system consisting of a centralised registry — an online archive where packages are published and downloaded — and a command-line client that automates installation and dependency management.

The idea is not new in the software world: Perl has CPAN, Python has PyPI, Ruby has RubyGems. But npm is born alongside a young, fast-growing ecosystem, and its architecture profoundly influences that ecosystem’s culture.

package.json and semantic versioning

At the centre of npm lies the package.json file, a JSON manifest describing every package: name, version, author, licence, code entry point and above all the list of dependencies — the other packages needed for it to function.

Versions follow Semantic Versioning (semver): three numbers separated by dots — major, minor, patch — that communicate the type of change. A major version increment signals incompatible modifications; minor indicates new backwards-compatible features; patch fixes bugs without altering the interface. The npm client uses these conventions to automatically determine which dependency versions are compatible with the project.

Small, composable modules

npm adopts a nested dependency model: each package can have its own copy of its dependencies, isolated from the versions used by other packages in the same project. This approach avoids version conflicts but can produce deep dependency trees.

The philosophy that emerges is one of small, composable modules: single, well-defined functions published as independent packages and assembled as needed. An approach that favours reuse but requires care in selecting dependencies.

With a single command — npm install — the client reads the package.json, queries the registry, downloads every dependency with its sub-dependencies and builds the complete tree in the node_modules directory. The registry is public and publication is open to all: anyone can contribute a package.

npm is released under the Artistic License 2.0.

Link: npmjs.com

Need support? Under attack? Service Status
Need support? Under attack? Service Status