You can install any npm package in any folder containing a package.json file, using npm install <options> <package_name>.
After executing npm install a few times, you might wonder where those packages might be getting installed. First off, you need to know that npm packages can be installed in two different ways:
- Locally: By default, npm packages are installed in the current folder, under node_modules/. For example, if you execute npm install lodash in the current folder, then npm will create the following folder structure for you: ./node_modules/lodash. Usually, you'll install most, if not all, of your project dependencies locally.
- Globally: If you pass the --global or -g flag to npm install, then the package will get installed globally. Normally, only utilities should be installed globally. When a package is installed globally, it can be used from anywhere on your machine. This is, of course, very useful for utilities, but it should be used sparingly as it can cause issues for teams. For instance, how do you make sure that everyone uses the same version?
On Windows, global packages are installed by default under: %APPDATA%/npm.
You can find the official documentation of npm install here: https://docs.npmjs.com/cli/install.
Here are some examples of packages that you might consider installing globally:
- caniuse: https://www.npmjs.com/package/caniuse
- webpack: https://www.npmjs.com/package/webpack
- yarn: https://www.npmjs.com/package/yarn
- prettier: https://www.npmjs.com/package/prettier
- typescript: https://www.npmjs.com/package/typescript
By default, npm will fetch packages from the official npm registry. The registry is basically the package hosting service. Enterprises can also deploy internal registries for security, proxying, and caching. The registry/registries to use can be configured through the local or global npm configuration files, but this is out of the scope of this book. To learn more about this, check out the following link: https://docs.npmjs.com/files/npmrc.
There are actually hundreds of thousands of packages! Always be careful when choosing, as there are many potential pitfalls: abandoned ones, malicious ones, bogus ones, and many others.
You should also know that npm maintains a local cache. Sometimes, it might cause surprises. In those cases, refer to the official troubleshooting guide: https://docs.npmjs.com/troubleshooting/try-clearing-the-npm-cache.
Let's now discover the purpose of the package.json file.