Managing Dependencies

Node.js ships with a small standard library that primarily provides abstractions over the operating system and network. If the feature you need is not provided by the standard library, you either write it yourself or you rely on external packages. Because sharing code is a major part of the ethos of the Node.js community, there are many external packages to choose from.

If you build an application or library and want to share it with others, you flesh out the configuration in package.json and publish the project on the NPM registry.

To pull down someone else's application or library, you run this command in your terminal:

npm install PACKAGE-NAME

Suppose you want to write a little command-line utility that tells you approximately how long ago a date was. You have the following code that takes in the year, month, and day as command-line arguments and turns them into a Date object:

const year = parseInt(process.argv[2]);
const month = parseInt(process.argv[3]);
const day = parseInt(process.argv[4]);
const date = new Date(year, month - 1, day);


Note that the constructor expects the month index, not the month number. January has number 1, but index 0.

Try creating a new project and adding a start script in package.json to run this code. Invoke this script using npm run start 1865 4 15. The command-line arguments are automatically appended to the command you enter in the scripts object.

The next steps are to figure out the difference between now and the date and to turn that difference into a readable string. After searching the NPM registry, you find that someone else has written a routine for generating a string of the form "X days ago" or "X months ago". Try creating a new project and installing the package twas.

You import the twas function in your script, and call it:

const twas = require('twas');

const year = parseInt(process.argv[2]);
const month = parseInt(process.argv[3]);
const day = parseInt(process.argv[4]);
const date = new Date(year, month - 1, day);

const ago = twas(date);

Try running your script with different dates. Does it print what you expect?

When you run an install command, several things happen. An entry is added to the dependencies object in package.json:

// ...
"dependencies": {
"twas": "^2.1.2"

When others clone your project, they will not need to run npm install twas. Rather, they will just run npm install. The dependencies listed in package.json will be automatically installed.

Try listing the files in your project directory. You see two new items.

The file named package-lock.json keeps track of what version of the dependencies you are currently using. This file should be added to version control and distributed with your project. When others run npm install, they will grab the same versions that you were using. Without this file, npm will install the latest versions of all the dependencies, which might have introduced breaking changes.

The folder named node_modules contains the code for all the dependencies you have installed. It is huge. It can be deleted at any time and rebuilt by running npm install. This folder should never go into version control. If you are using Git, you keep this folder from being added to your repository by creating a file named .gitignore at the top-level of your project and adding this line:


Many JavaScript-based frameworks are built around npm. You will see it used to build server-side applications and also client-side applications like React apps.