Language: EN


What is the Package.json File of NPM

The package.json file is an essential component in the Node Package Manager (NPM) ecosystem used in the development of programs and applications with Node.js.

This file plays a fundamental role since it stores the data of the project, its dependencies, custom scripts, and important metadata.

Among the functions of this file are:

  • Dependency management: The use of package.json allows managing the project’s dependencies. By listing all the dependencies and their exact versions, it ensures that all project collaborators are using the same package versions.
  • Reproducibility: The combination of the package.json file with the package-lock.json file ensures that you can reproduce a project, for example to duplicate, copy to another machine, or create a project based on another.

  • Collaboration and distribution: To share a package with other developers, simply providing the package.json file and the commands to install the dependencies will be sufficient. This simplifies the publishing process and ensures that all users get the same required dependencies.

Basic structure of package.json

The structure of the package.json file is the JSON (JavaScript Object Notation) format. Therefore, it is very easy to understand by a person, and even to edit by hand without too much difficulty.

The package.json file consists of several keys and values that define the project’s features and dependencies. Let’s look at a simple example of a possible (invented) package.json file:

  "name": "npm-course",
  "version": "1.0.0",
  "description": "NPM Course - Learn to use Node Package Manager",
  "main": "index.js",
  "author": "",
  "license": "MIT",
  "scripts": {
    "start": "node index.js",
    "test": "echo \"No hay pruebas disponibles\""
  "dependencies": {
    "express": "^4.17.1",
    "lodash": "^4.17.21"
  "devDependencies": {
    "nodemon": "^2.0.12",
    "eslint": "^7.32.0"

Explanation of the main parts of the file:

  • name: Project name. In this case, “npm-course”.
  • version: Project version. In this example, “1.0.0”.
  • description: Brief description of the project.
  • main: Main file of the project, it is the entry point when the module is imported. In this example, the file is called “index.js”.
  • author: Name of the project author.
  • license: Project license. In this case, the MIT license is used, but you can choose another if you wish.
  • scripts: Defines commands that can be executed using npm run script-name.
  • dependencies: List of dependencies required for the project to function correctly in production. In this example, the project depends on “express” and “lodash”, with the specified minimum versions.
  • devDependencies: List of dependencies required only for development. In this case, we have “nodemon” and “eslint” that will help during development, but are not necessary in production.


The scripts key allows defining terminal commands that we can associate with a custom Alias so that it is more convenient to use for us or our collaborators.

These Scripts can be executed using the command

npm run <script_name>`

In the previous example, we had two scripts with Alias start and test. In that case,

  • start would execute the “index.js” file with Node.js
  • test displays a message indicating that there are no tests available.

These scripts can be used to perform tasks such as compilation, running tests, cleaning directories, and much more. They provide a simple way to automate various operations and improve workflow efficiency.

Dependencies and DevDependencies

The dependencies and devDependencies keys list the project’s dependencies. The difference between the two is that

  • dependencies are required for the program to function correctly in production
  • devDependencies are only required during development.

Separating these dependencies is very important to allow efficient distribution and compilation, avoiding unnecessary packages from being included in the final product.

For example, imagine you are using a library that helps you during development by highlighting syntax errors. You do not want that library to be part of the final product. In that case, you would add it to devDependencies.


The package-lock.json file is a file used by the Node Package Manager (NPM) that is automatically generated in operations where npm modifies the node_modules tree or the package.json file.

Its main function is to describe the exact dependency tree that was generated during an installation, allowing future installations to generate identical trees, regardless of intermediate updates to dependencies.

We should not manually touch the Package-lock file, it is an internal file used by NPM. Just get used to ignoring it 😉.