After this lesson, you will be able to: Master package.json, semantic versioning, lockfiles, and workspaces.
npm is more than `install`. Understanding semver + lockfiles avoids 90% of dependency surprises.
What each field does.
{"name": "myapp","version": "1.2.3","type": "module", // ESM by default"private": true, // prevents accidental npm publish"engines": { "node": ">=20" },"main": "./dist/index.js", // CommonJS entry"exports": { // modern conditional exports".": {"import": "./dist/index.mjs","require": "./dist/index.cjs","types": "./dist/index.d.ts"}},"scripts": {"dev": "tsx watch src/index.ts","build": "tsc","test": "vitest"},"dependencies": { "zod": "^3.22.0" },"devDependencies": { "vitest": "^1.0.0" }}
MAJOR.MINOR.PATCH. Increment MAJOR on breaking changes; MINOR on new features (backwards-compatible); PATCH on bug fixes. Ranges: `^1.2.3` allows >=1.2.3 < 2.0.0 (any 1.x). `~1.2.3` allows >=1.2.3 < 1.3.0 (only patches). `1.2.3` = exact. 0.x versions: minor increments may break (1.0 marks stability).
package.json declares RANGES. package-lock.json (npm) / pnpm-lock.yaml / yarn.lock pin exact versions for reproducibility. ALWAYS commit your lockfile. `npm ci` (CI) installs strictly from lockfile; `npm install` may update. Hash mismatches between teammates? Different lockfile generators (npm vs pnpm vs yarn). Pick one per project.
Built into npm 7+.
// Root package.json{"name": "my-monorepo","private": true,"workspaces": ["packages/*", "apps/*"]}// Use:npm install # installs all workspacesnpm install lodash -w packages/utilsnpm run build -w apps/webnpm run test --workspaces # run in all workspaces
Committing node_modules. Never. Not committing the lockfile. Reproducible installs broken. Mixing npm + yarn + pnpm in the same repo. Pick one. Installing globally (`npm install -g foo`) when npx + project-local works.
Pick the cleanest answer.
Sign in and purchase access to unlock this lesson.