npm & Yarn Cheat Sheet
npm and Yarn command reference with install, scripts, versioning, publishing, and workspace management. Side-by-side comparison.
Setup
| Keyword | Description | Example |
|---|---|---|
| Create a new package.json | npm init -y (skip prompts) | |
| Create project from initializer | npm init vite@latest my-app | |
| Run create-* package | npx create-react-app my-app | |
| Set npm configuration | npm config set registry https://registry.npmjs.org/ | |
| Authenticate with registry | npm login --scope=@myorg | |
| Project/user configuration file | save-exact=true\
engine-strict=true | |
| Node version file | 18.17.0 |
Install
| Keyword | Description | Example |
|---|---|---|
| Install all dependencies | npm install (reads package.json) | |
| Install a package (dependency) | npm i react react-dom | |
| Install as dev dependency | npm i -D typescript @types/react | |
| Install globally | npm i -g serve | |
| Install specific version | npm i react@18.2.0 | |
| Install by tag | npm i next@canary | |
| Remove a package | npm uninstall lodash | |
| Clean install from lockfile (CI) | npm ci (faster, deterministic) | |
| Install exact version (no ^) | npm i --save-exact react@18.2.0 | |
| Ignore peer dependency conflicts | npm i --legacy-peer-deps |
Scripts
| Keyword | Description | Example |
|---|---|---|
| Run a package.json script | npm run build | |
| Run start/test (no 'run' needed) | npm test | |
| Pass arguments to script | npm test -- --coverage | |
| Auto-run before/after a script | "prebuild": "rm -rf dist" | |
| Run a package without installing | npx prettier --write . | |
| Execute package binary | npm exec -- eslint . | |
| Run multiple scripts in parallel | "dev": "concurrently \"npm:server\" \"npm:client\"" |
Versions
| Keyword | Description | Example |
|---|---|---|
| List outdated packages | npm outdated (shows current/wanted/latest) | |
| Update packages within range | npm update react | |
| Update and save to package.json | npm update --save | |
| Bump version in package.json | npm version patch (1.0.0 → 1.0.1) | |
| Compatible with version (minor updates) | ^1.2.3 matches >=1.2.3 <2.0.0 | |
| Approximately (patch updates only) | ~1.2.3 matches >=1.2.3 <1.3.0 | |
| Exact version | "react": "18.2.0" | |
| Version range operators | >=1.0.0 <2.0.0 || >=3.0.0 | |
| Latest version wildcard | "react": "latest" | |
| List all published versions | npm view react versions |
Info
| Keyword | Description | Example |
|---|---|---|
| List installed packages | npm ls --depth=0 | |
| View package registry info | npm view react | |
| Explain why package is installed | npm explain react-dom | |
| Check for security vulnerabilities | npm audit fix (auto-fix) | |
| Show funding info for packages | npm fund | |
| Check environment health | npm doctor | |
| Clear npm cache | npm cache clean --force | |
| Create tarball of package | npm pack (creates .tgz file) |
Publish
| Keyword | Description | Example |
|---|---|---|
| Publish package to registry | npm publish --access public | |
| Deprecate a published version | npm deprecate pkg@1.0.0 "Use v2" | |
| Remove from registry (72h limit) | npm unpublish pkg@1.0.0 | |
| Symlink local package for dev | cd my-lib && npm link; cd my-app && npm link my-lib | |
| Specify included files | "files": ["dist", "README.md"] | |
| Exclude files from publish | src/\
tests/\
.env | |
| Read/write package.json fields | npm pkg set type=module |
Workspaces
| Keyword | Description | Example |
|---|---|---|
| Monorepo workspace config | "workspaces": ["packages/*"] | |
| Install in specific workspace | npm i react -w @myorg/web | |
| Run script in workspace | npm run build -w @myorg/web | |
| Run script in all workspaces | npm run test --workspaces | |
| Run command in Yarn workspace | yarn workspace @myorg/web add react |
Yarn
| Keyword | Description | Example |
|---|---|---|
| Add dependency (Yarn) | yarn add react | |
| Add dev dependency (Yarn) | yarn add -D typescript | |
| Modern Yarn with PnP | corepack enable; yarn set version stable | |
| Execute package once (like npx) | yarn dlx create-next-app | |
| Explain why package is installed | yarn why react | |
| Interactive upgrade UI | yarn upgrade-interactive --latest |
Frequently asked questions
npm vs Yarn vs pnpm - which should I use?
npm is the default and most compatible. Yarn is faster with better monorepo support. pnpm is fastest and most disk-efficient (hard links). For most projects, npm works fine. For monorepos, consider Yarn or pnpm. All three are production-ready.
What's the difference between dependencies and devDependencies?
dependencies are needed at runtime (React, Express). devDependencies are needed only for development (TypeScript, ESLint, testing tools). When someone installs your package, only dependencies are included. For apps (not libraries), the distinction matters less.
Should I commit node_modules?
Never. Always add node_modules to .gitignore. Commit package-lock.json (or yarn.lock) instead. The lockfile ensures reproducible installs. node_modules can contain hundreds of megabytes and platform-specific binaries.
What does npx do?
npx runs a package's binary without installing it globally. It first checks local node_modules/.bin, then downloads temporarily if needed. Great for project generators (create-react-app), code formatters, and one-off tools.
How do peer dependencies work?
peerDependencies declare that your package requires the host project to have a specific package installed (e.g., a React component needs React). npm 7+ auto-installs peers. Use them for plugins and libraries that extend frameworks.
How do I fix 'ERESOLVE unable to resolve dependency tree'?
This happens when peer dependencies conflict. Options: 1) npm i --legacy-peer-deps (ignore peer conflicts), 2) npm i --force (override conflicts), 3) manually resolve by updating conflicting packages. Option 1 is usually safest.
Go from reference to real skills
Cheat sheets are great for quick lookups. Our in-depth courses take you from the fundamentals to professional-level mastery.
Browse all courses