Language: EN

que-es-fichero-package-json-npm

What is the Package.json File of NPM

The package.json file is an essential component within the functioning of NPM. This file plays a fundamental role as it stores project data, its dependencies, custom scripts, and important metadata.

Among the functions of this file are:

  • Dependency management: Using package.json allows managing the project’s dependencies.

  • Reproducibility: The combination of the package.json file along with the package-lock.json file ensures that you can reproduce a project (for example, to duplicate, copy to another machine).

  • Collaboration and distribution: To share a package with other developers, simply providing the package.json file and the commands to install the dependencies will be sufficient.

Basic structure of package.json

The structure of the package.json file is in JSON format (JavaScript Object Notation). Therefore, it is very easy for a person to understand, and even edit it manually without too much difficulty.

The package.json file consists of several keys and values that define the characteristics and dependencies of the project. Let’s look at a simple example of a possible (made up) package.json file:

{
  "name": "curso-npm",
  "version": "1.0.0",
  "description": "Curso de NPM - Aprende a utilizar Node Package Manager",
  "main": "index.js",
  "author": "LuisLlamas.es",
  "license": "MIT",
  "scripts": {
    "start": "node index.js",
    "test": "echo \"No tests available\""
  },
  "dependencies": {
    "express": "^4.17.1",
    "lodash": "^4.17.21"
  },
  "devDependencies": {
    "nodemon": "^2.0.12",
    "eslint": "^7.32.0"
  }
}

Explanation of the main parts of the file:

AttributeDescriptionExample
nameName of the project.“curso-npm”
versionVersion of the project.“1.0.0”
descriptionBrief description of the project.
mainMain file of the project, it is the entry point when importing the module.“index.js”
authorName of the project author.
licenseLicense of the project.“MIT”
scriptsDefines commands that can be executed using npm run script-name.
dependenciesList of dependencies required for the project to function correctly in production.“express”, “lodash”
devDependenciesList of dependencies required only for development.“nodemon”, “eslint”

Scripts

The scripts key allows defining terminal commands that we can associate with a custom Alias, making it more convenient for us or our collaborators to use.

These scripts can be executed using the command

npm run script_name

In the previous example, we had two scripts with Aliases start and test. In that case

  • start would execute the “index.js” file with Node.js
  • test displays a message indicating that no tests are available.

These scripts can be used to perform tasks such as process automation, compilation, running tests, cleaning directories (among many other examples).

Dependencies and DevDependencies

The dependencies and devDependencies keys list the project’s dependencies. The difference between the two is that

  • dependencies are necessary for the program to function correctly in production.
  • devDependencies are only required during development.

Separating these dependencies is important to allow using tools only in the development phase, while avoiding the inclusion of unnecessary packages in the distribution of the final application (the “real” one).

For example, imagine that you are using a library that helps you during development by highlighting syntax errors. You do not want that library to be part of the final product. In that case, you would add it to devDependencies.

Package-lock

The package-lock.json file is a file that is automatically generated by NPM* during operations that modify the node_modules tree or the package.json file.

Its main function is to describe the exact dependency tree that was generated during an installation, allowing future installations to generate identical trees, regardless of intermediate updates to the dependencies.

We should not manually touch the Package-lock file, it is an internal file used by NPM. Just get used to ignoring it 😉