npm

A tool that lets you download and install code libraries other people have written — like an app store for JavaScript building blocks.

The default package manager for Node.js, consisting of a CLI tool and the npmjs.com registry. npm resolves dependency trees, installs packages into node_modules, and manages versions via package.json and the lockfile (package-lock.json).

npm's dependency resolution uses a maximally flat node_modules tree (arborist algorithm), hoisting shared versions to minimize duplication. The lockfile records the exact resolved dependency graph with integrity hashes (SHA-512) for reproducibility. Workspaces enable monorepo management with symlinked packages. npm audit traverses the resolved tree against the GitHub Advisory Database for known vulnerabilities.