Vanilla JavaScript Projects

Node Packages & npm

Anjana Vakil

Anjana Vakil

Software Engineer & Educator
Vanilla JavaScript Projects

Check out a free preview of the full Vanilla JavaScript Projects course

The "Node Packages & npm" Lesson is part of the full, Vanilla JavaScript Projects course featured in this preview video. Here's what you'd learn in this lesson:

Anjana introduces npm, a tool for installing and managing Node modules in a project. npm is similar to other package managers like Yarn or pnpm. Node modules can be explored in the online registry at


Transcript from the "Node Packages & npm" Lesson

>> And that brings us to nodes BFF, NPM. And some people will say that this stands for Node Package Manager, but according to NPM, it does not stand for Node Package Manager. It stands for NPM is a package manager, or not a package manager or something. So anyway, if you go to, you'll now see a new acronym for NPM every, I don't know, it's every time you go to the page or every few seconds, it changes so it just they're fun random.

NPM doesn't stand for anything, it's just NPM. Anyway, so it is a package manager [LAUGH] for JavaScript. It's not the only one. And increasingly, some developers are starting to be big fans of other package managers. So I'd say probably the two other major ones that you might hear of, which we're not gonna cover in this course, but I'm sure are widely learnable on front-end masters are Yarn and PNPM.

So just to be aware that this is not the only way to get node packages, [LAUGH] but it's the one that's most common. So we're gonna use it. And it's also great because it comes out of the box with your node installation. So if you have node in your path here If you have access to node, then you also have access to NPM.

And these are different programs so they have different versions and everything but they kinda go hand in hand. So there is an NPM for every node. [LAUGH] All right, so what is NPM steal? Well, it exposes us to a massive, absolutely massive collection of, Code randos on the Internet have written, basically.

[LAUGH] So if you go to, which why don't we just do that right now? And it used to be like a .org, but I think, yeah, GitHub owns it now. So, nope. All right, so, and here's our, yes, Neoplastic Plasma Medusa. All right, anyway. [LAUGH] So, if you search for pretty much anything that comes to your mind, like the word that's on my mind all the time, you will find 651 packages that are somehow related to memes or have the word meme in them including one that's just called meme.

So what are all of these? I mean, do they have to be memes? No, they don't. They could also be something related to a framework. Let's say like React, and that's 6,000 packages and probably even more than that cuz these are very round numbers, and I don't trust that that's a, [LAUGH].

I mean React itself is a package on NPM. We're not gonna talk about React, but any of these frameworks that we know, all of these different tools for this framework, all kinds of other things that might be intended to accomplish different functionality that you might want. Like, I don't know, maybe I want to look for something related to cameras.

Well, somebody called Contra four years ago published something called Camera, which is just a dead simple package to create readable streams from connected webcams. Okay, cool. So, there is a whole bunch of stuff here and the thing is that you'll find all information about like, okay, what is this package called?

A little description, there's maybe some tags, the author of who it is, and what version is that, how long ago it's published, all this stuff. And you will notice some very different values in some of these, right? You'll notice some big names like, for example, where were we?

With React. Well, that doesn't seem right. But anyway, [LAUGH] there'll be like big companies that have their own repositories of all these different tools that they've created. And then there'll also be just like random people like me, on the Internet, publishing things that might have no business publishing things.

There will also be things that are decades old, things that are hours old, [LAUGH] things that are days old or months old. So this is all to say, there is so much stuff here and there is absolutely no rhyme or reason or really much of a control mechanism to vet any of this or make sure that people aren't doing malicious things.

So when we're installing stuff from the NPM registry, the registry is sort of like, these are all the packages I know about and there are some custom ones, but that's details you can look up. This collection is something we wanna really take with a grain of salt because it's just code from strangers on the Internet.

So we wanna be cautious whenever we're using packages from here in our code because we don't know, like we said, JavaScript lets you do all kinds of things out from underneath you. So word to the wise, just keep in mind grain of salt.

Learn Straight from the Experts Who Shape the Modern Web

  • In-depth Courses
  • Industry Leading Experts
  • Learning Paths
  • Live Interactive Workshops
Get Unlimited Access Now