| name | npm-helper |
| description | NPM and Node.js package management, project configuration, and dependency troubleshooting. |
NPM Package Management Assistant Skill
NPM and Node.js package management, project configuration, and dependency troubleshooting.
Instructions
You are a Node.js and NPM ecosystem expert. When invoked:
Package Management:
- Install and manage npm packages
- Handle package.json configuration
- Manage lock files (package-lock.json)
- Use npm, yarn, or pnpm effectively
- Configure workspaces and monorepos
Project Setup:
- Initialize new Node.js projects
- Configure scripts and lifecycle hooks
- Set up project structure
- Configure development tools
- Manage multiple package managers
Dependency Management:
- Handle version ranges and semver
- Resolve dependency conflicts
- Audit for security vulnerabilities
- Update dependencies safely
- Manage peer dependencies
Troubleshooting:
- Fix module resolution errors
- Resolve version conflicts
- Debug installation issues
- Clear cache and rebuild
- Handle platform-specific issues
Best Practices: Provide guidance on package management, versioning, security, and performance optimization
Package Manager Comparison
npm (Default)
# Pros: Default in Node.js, widely supported
# Cons: Slower than alternatives
# Initialize project
npm init
npm init -y # Skip prompts
# Install dependencies
npm install express
npm install --save-dev jest
# Install all dependencies
npm install
# Update dependencies
npm update
npm update express
# Remove package
npm uninstall express
# Run scripts
npm run build
npm test # Shorthand for npm run test
npm start # Shorthand for npm run start
# List installed packages
npm list
npm list --depth=0 # Only top-level
# Check for outdated packages
npm outdated
Yarn (v1 Classic)
# Pros: Faster, better UX, workspaces
# Cons: Extra tool to install
# Install Yarn
npm install -g yarn
# Initialize project
yarn init
yarn init -y
# Install dependencies
yarn add express
yarn add --dev jest
# Install all dependencies
yarn install
yarn # Shorthand
# Update dependencies
yarn upgrade
yarn upgrade express
# Remove package
yarn remove express
# Run scripts
yarn build
yarn test
yarn start
# List installed packages
yarn list
yarn list --depth=0
# Check for outdated packages
yarn outdated
# Interactive upgrade
yarn upgrade-interactive
pnpm (Fast & Efficient)
# Pros: Fastest, disk space efficient, strict
# Cons: Less common, some compatibility issues
# Install pnpm
npm install -g pnpm
# Initialize project
pnpm init
# Install dependencies
pnpm add express
pnpm add -D jest
# Install all dependencies
pnpm install
# Update dependencies
pnpm update
pnpm update express
# Remove package
pnpm remove express
# Run scripts
pnpm build
pnpm test
pnpm start
# List installed packages
pnpm list
pnpm list --depth=0
# Check for outdated packages
pnpm outdated
Yarn v3 (Berry)
# Pros: Zero-installs, Plug'n'Play, smaller size
# Cons: Different from v1, migration needed
# Enable Yarn Berry
yarn set version berry
# Install dependencies
yarn add express
yarn add -D jest
# Use Plug'n'Play (default in v3)
# No node_modules folder
# Or use node_modules
echo "nodeLinker: node-modules" >> .yarnrc.yml
# Zero-installs (commit .yarn/cache)
echo "enableGlobalCache: false" >> .yarnrc.yml
Usage Examples
@npm-helper
@npm-helper --init-project
@npm-helper --fix-dependencies
@npm-helper --audit-security
@npm-helper --migrate-to-pnpm
@npm-helper --troubleshoot
Project Initialization
Basic Project Setup
# Initialize package.json
npm init -y
# Install common dependencies
npm install express dotenv
# Install dev dependencies
npm install --save-dev \
nodemon \
eslint \
prettier \
jest \
@types/node \
typescript
# Create basic structure
mkdir -p src tests
touch src/index.js tests/index.test.js
# Create .gitignore
cat > .gitignore << EOF
node_modules/
.env
.env.local
dist/
build/
coverage/
.DS_Store
*.log
EOF
# Create .nvmrc for Node version
node -v > .nvmrc
TypeScript Project Setup
# Initialize project
npm init -y
# Install TypeScript and types
npm install --save-dev \
typescript \
@types/node \
@types/express \
ts-node \
nodemon
# Initialize TypeScript
npx tsc --init
# Configure tsconfig.json
cat > tsconfig.json << EOF
{
"compilerOptions": {
"target": "ES2020",
"module": "commonjs",
"lib": ["ES2020"],
"outDir": "./dist",
"rootDir": "./src",
"strict": true,
"esModuleInterop": true,
"skipLibCheck": true,
"forceConsistentCasingInFileNames": true,
"resolveJsonModule": true,
"moduleResolution": "node",
"declaration": true,
"declarationMap": true,
"sourceMap": true
},
"include": ["src/**/*"],
"exclude": ["node_modules", "dist"]
}
EOF
# Update package.json scripts
npm pkg set scripts.build="tsc"
npm pkg set scripts.dev="nodemon src/index.ts"
npm pkg set scripts.start="node dist/index.js"
Modern ESM Project Setup
{
"name": "my-esm-project",
"version": "1.0.0",
"type": "module",
"main": "dist/index.js",
"scripts": {
"dev": "node --watch src/index.js",
"build": "tsc",
"start": "node dist/index.js",
"test": "node --test"
},
"dependencies": {
"express": "^4.18.2"
},
"devDependencies": {
"@types/node": "^20.10.0",
"typescript": "^5.3.0"
}
}
package.json Configuration
Essential Fields
{
"name": "my-package",
"version": "1.0.0",
"description": "A helpful package",
"main": "dist/index.js",
"types": "dist/index.d.ts",
"type": "module",
"engines": {
"node": ">=18.0.0",
"npm": ">=9.0.0"
},
"scripts": {
"dev": "nodemon src/index.ts",
"build": "tsc",
"start": "node dist/index.js",
"test": "jest",
"test:watch": "jest --watch",
"test:coverage": "jest --coverage",
"lint": "eslint src/**/*.ts",
"lint:fix": "eslint src/**/*.ts --fix",
"format": "prettier --write \"src/**/*.ts\"",
"typecheck": "tsc --noEmit",
"prepare": "husky install",
"prepublishOnly": "npm run build && npm test"
},
"keywords": ["node", "javascript", "helper"],
"author": "Your Name <email@example.com>",
"license": "MIT",
"repository": {
"type": "git",
"url": "https://github.com/user/repo.git"
},
"bugs": {
"url": "https://github.com/user/repo/issues"
},
"homepage": "https://github.com/user/repo#readme"
}
Dependency Types
{
"dependencies": {
"express": "^4.18.2",
"dotenv": "^16.3.1"
},
"devDependencies": {
"typescript": "^5.3.0",
"jest": "^29.7.0",
"eslint": "^8.55.0",
"prettier": "^3.1.0"
},
"peerDependencies": {
"react": ">=16.8.0"
},
"peerDependenciesMeta": {
"react": {
"optional": true
}
},
"optionalDependencies": {
"fsevents": "^2.3.3"
},
"bundledDependencies": [
"internal-package"
]
}
Scripts Best Practices
{
"scripts": {
"// Development": "",
"dev": "nodemon src/index.ts",
"dev:debug": "nodemon --inspect src/index.ts",
"// Building": "",
"build": "npm run clean && tsc",
"clean": "rm -rf dist",
"prebuild": "npm run lint",
"postbuild": "echo 'Build complete!'",
"// Testing": "",
"test": "jest",
"test:unit": "jest --testPathPattern=unit",
"test:integration": "jest --testPathPattern=integration",
"test:e2e": "jest --testPathPattern=e2e",
"test:watch": "jest --watch",
"test:coverage": "jest --coverage",
"// Linting & Formatting": "",
"lint": "eslint . --ext .ts,.js",
"lint:fix": "eslint . --ext .ts,.js --fix",
"format": "prettier --write \"src/**/*.{ts,js,json}\"",
"format:check": "prettier --check \"src/**/*.{ts,js,json}\"",
"// Type Checking": "",
"typecheck": "tsc --noEmit",
"typecheck:watch": "tsc --noEmit --watch",
"// Combined": "",
"validate": "npm run lint && npm run typecheck && npm test",
"ci": "npm run validate && npm run build",
"// Release": "",
"prepare": "husky install",
"prepublishOnly": "npm run ci",
"version": "npm run build && git add -A dist",
"postversion": "git push && git push --tags"
}
}
Dependency Version Management
Semantic Versioning (semver)
{
"dependencies": {
"express": "4.18.2", // Exact version
"lodash": "^4.17.21", // Compatible (4.x.x, < 5.0.0)
"axios": "~1.6.0", // Approximately (1.6.x)
"react": ">=16.8.0", // At least
"vue": "<4.0.0", // Less than
"moment": "*", // Latest (not recommended)
"date-fns": "latest" // Latest (not recommended)
}
}
Version Range Examples
# Caret (^) - Compatible updates
^1.2.3 # >=1.2.3 <2.0.0
^0.2.3 # >=0.2.3 <0.3.0
^0.0.3 # >=0.0.3 <0.0.4
# Tilde (~) - Patch updates only
~1.2.3 # >=1.2.3 <1.3.0
~1.2 # >=1.2.0 <1.3.0
~1 # >=1.0.0 <2.0.0
# Advanced ranges
1.2.3 - 2.3.4 # >=1.2.3 <=2.3.4
1.2.x # 1.2.0, 1.2.1, etc.
* # Any version
Lock File Management
# npm - package-lock.json
# Always commit package-lock.json
npm ci # Install from lock file (CI/CD)
npm install # Updates lock file if needed
# Yarn - yarn.lock
# Always commit yarn.lock
yarn install --frozen-lockfile # Don't update lock file
# pnpm - pnpm-lock.yaml
# Always commit pnpm-lock.yaml
pnpm install --frozen-lockfile # Don't update lock file
Security and Auditing
Vulnerability Scanning
# npm audit
npm audit
npm audit --json # JSON output
npm audit --audit-level=moderate # Only moderate+
# Fix vulnerabilities
npm audit fix
npm audit fix --force # May install breaking changes
# Yarn audit
yarn audit
yarn audit --level moderate
# pnpm audit
pnpm audit
pnpm audit --audit-level moderate
pnpm audit --fix
Security Best Practices
# Install specific vulnerability fixes
npm install package@version
# Use npm-check-updates for safe updates
npx npm-check-updates
npx ncu -u # Update package.json
npm install
# Check for outdated packages
npm outdated
yarn outdated
pnpm outdated
# Use Snyk for deeper scanning
npx snyk test
npx snyk wizard
# Ignore specific vulnerabilities (use cautiously)
# Create .npmrc
echo "audit-level=moderate" >> .npmrc
Workspace and Monorepo Management
npm Workspaces
{
"name": "my-monorepo",
"private": true,
"workspaces": [
"packages/*",
"apps/*"
],
"scripts": {
"build": "npm run build --workspaces",
"test": "npm run test --workspaces",
"clean": "npm run clean --workspaces"
}
}
# Install dependencies for all workspaces
npm install
# Add dependency to specific workspace
npm install lodash --workspace=packages/utils
# Run script in specific workspace
npm run build --workspace=packages/utils
# Run script in all workspaces
npm run test --workspaces
# List workspaces
npm ls --workspaces
Yarn Workspaces
{
"name": "my-monorepo",
"private": true,
"workspaces": {
"packages": [
"packages/*",
"apps/*"
]
}
}
# Install all dependencies
yarn install
# Add dependency to workspace
yarn workspace @myorg/utils add lodash
# Run script in workspace
yarn workspace @myorg/utils build
# Run script in all workspaces
yarn workspaces run build
# Show workspace info
yarn workspaces info
pnpm Workspaces
# pnpm-workspace.yaml
packages:
- 'packages/*'
- 'apps/*'
# Install all dependencies
pnpm install
# Add dependency to workspace
pnpm add lodash --filter @myorg/utils
# Run script in workspace
pnpm --filter @myorg/utils build
# Run script in all workspaces
pnpm -r build
# Run in parallel
pnpm -r --parallel build
Common Issues & Solutions
Issue: Module Not Found
# Check if package is installed
npm list package-name
# Reinstall dependencies
rm -rf node_modules package-lock.json
npm install
# Clear npm cache
npm cache clean --force
npm install
# Check NODE_PATH
echo $NODE_PATH
# Fix: Ensure package is in dependencies
npm install package-name
Issue: Version Conflicts
# Check for conflicts
npm ls package-name
# Force resolution (package.json)
{
"overrides": {
"package-name": "1.2.3"
}
}
# Yarn resolutions
{
"resolutions": {
"package-name": "1.2.3"
}
}
# pnpm overrides
{
"pnpm": {
"overrides": {
"package-name": "1.2.3"
}
}
}
Issue: Peer Dependency Warnings
# npm 7+ treats peer dependencies as regular dependencies
# To use legacy behavior:
npm install --legacy-peer-deps
# Or set in .npmrc
echo "legacy-peer-deps=true" >> .npmrc
# Install peer dependencies manually
npm install peer-dependency-name
Issue: EACCES Permission Errors
# Don't use sudo! Fix permissions instead
# Option 1: Change npm directory
mkdir ~/.npm-global
npm config set prefix '~/.npm-global'
echo 'export PATH=~/.npm-global/bin:$PATH' >> ~/.bashrc
source ~/.bashrc
# Option 2: Fix ownership
sudo chown -R $(whoami) ~/.npm
sudo chown -R $(whoami) /usr/local/lib/node_modules
Issue: Corrupted node_modules
# Complete cleanup
rm -rf node_modules package-lock.json
npm cache clean --force
npm install
# Verify installation
npm list
npm doctor
# Check disk space
df -h
Issue: Slow Installation
# Use pnpm (fastest)
npm install -g pnpm
pnpm install
# Use offline cache
npm install --prefer-offline
# Skip optional dependencies
npm install --no-optional
# Parallel installation
npm install --legacy-peer-deps
# Use CI mode
npm ci # Faster, uses lock file
Performance Optimization
.npmrc Configuration
# .npmrc file
registry=https://registry.npmjs.org/
save-exact=true
progress=false
loglevel=error
engine-strict=true
legacy-peer-deps=false
fund=false
audit=true
Package Installation Optimization
# Use npm ci in CI/CD (10x faster)
npm ci
# Skip post-install scripts (when safe)
npm install --ignore-scripts
# Use production mode
npm install --production
# Prefer offline
npm install --prefer-offline
# Use package manager cache
# npm: ~/.npm
# yarn: ~/.yarn/cache
# pnpm: ~/.pnpm-store
Bundle Size Optimization
# Analyze bundle size
npx webpack-bundle-analyzer
# Check package size before installing
npx package-size lodash moment date-fns
# Find duplicate packages
npx find-duplicate-packages
# Use bundle size tools
npm install --save-dev bundle-size
npx bundle-size
# Alternative: Use bundlephobia
# https://bundlephobia.com
Publishing Packages
Prepare for Publishing
{
"name": "@myorg/package-name",
"version": "1.0.0",
"description": "Package description",
"main": "dist/index.js",
"types": "dist/index.d.ts",
"files": [
"dist",
"README.md",
"LICENSE"
],
"scripts": {
"prepublishOnly": "npm run build && npm test",
"prepare": "npm run build"
},
"publishConfig": {
"access": "public",
"registry": "https://registry.npmjs.org/"
}
}
Publishing Workflow
# Login to npm
npm login
# Check what will be published
npm pack --dry-run
# Update version
npm version patch # 1.0.0 -> 1.0.1
npm version minor # 1.0.0 -> 1.1.0
npm version major # 1.0.0 -> 2.0.0
# Publish
npm publish
# Publish scoped package
npm publish --access public
# Publish with tag
npm publish --tag beta
# View published package
npm view @myorg/package-name
Migration Between Package Managers
npm to Yarn
# Install Yarn
npm install -g yarn
# Import from package-lock.json
yarn import
# Or fresh install
rm package-lock.json
yarn install
npm to pnpm
# Install pnpm
npm install -g pnpm
# Import from package-lock.json
pnpm import
# Or fresh install
rm package-lock.json
pnpm install
Yarn to npm
# Remove Yarn files
rm yarn.lock
# Install with npm
npm install
Scripts and Automation
Complex Script Examples
{
"scripts": {
"// Parallel execution": "",
"dev": "concurrently \"npm:dev:*\"",
"dev:server": "nodemon src/server.ts",
"dev:client": "vite",
"// Sequential execution": "",
"build": "npm run clean && npm run build:tsc && npm run build:bundle",
"build:tsc": "tsc",
"build:bundle": "webpack",
"// Cross-platform commands": "",
"clean": "rimraf dist",
"copy": "copyfiles -u 1 src/**/*.json dist",
"// Environment-specific": "",
"start:dev": "NODE_ENV=development node dist/index.js",
"start:prod": "NODE_ENV=production node dist/index.js",
"// With arguments": "",
"test": "jest",
"test:file": "jest --",
"// Usage: npm run test:file path/to/test.js"
}
}
Custom npm Scripts
# Run with npm run
npm run build
# Pass arguments
npm run test -- --watch
npm run test:file -- src/utils.test.js
# Run multiple scripts
npm run build && npm test
# Run in parallel (with npm-run-all)
npm install --save-dev npm-run-all
npm-run-all --parallel dev:*
Best Practices Summary
Package Management
- Always commit lock files (package-lock.json, yarn.lock, pnpm-lock.yaml)
- Use exact versions in production (
npm install --save-exact) - Pin Node.js version with .nvmrc
- Use
npm ciin CI/CD for faster, reliable installs - Keep dependencies minimal (check bundle size)
- Separate dev and production dependencies
Security
- Run
npm auditregularly - Keep dependencies updated
- Review dependency changes before updating
- Use lock files for reproducible builds
- Don't commit node_modules or .env files
- Use
npxinstead of global installs when possible
Performance
- Use pnpm for fastest installation
- Leverage offline cache when possible
- Use
npm ciin CI/CD - Consider Yarn PnP for zero-installs
- Analyze and optimize bundle size
Project Organization
- Use clear, descriptive script names
- Document complex scripts in README
- Use workspaces for monorepos
- Follow semantic versioning
- Include engines field for Node version requirements
Quick Reference Commands
# Installation
npm install # Install all dependencies
npm install <package> # Install package
npm install -D <package> # Install as dev dependency
npm install -g <package> # Install globally
npm ci # Clean install from lock file
# Updating
npm update # Update all packages
npm update <package> # Update specific package
npm outdated # Check for outdated packages
# Removal
npm uninstall <package> # Remove package
npm prune # Remove unused packages
# Information
npm list # List installed packages
npm view <package> # View package info
npm search <package> # Search for packages
# Scripts
npm run <script> # Run script
npm test # Run tests
npm start # Start app
# Security
npm audit # Check for vulnerabilities
npm audit fix # Fix vulnerabilities
# Cache
npm cache clean --force # Clear cache
npm cache verify # Verify cache
# Publishing
npm login # Login to registry
npm publish # Publish package
npm version <type> # Bump version
Notes
- Use npm ci in CI/CD for consistent, fast installs
- Always commit lock files to version control
- Prefer exact versions for production dependencies
- Use workspaces for monorepo management
- Regularly audit dependencies for security
- Keep Node.js and package managers updated
- Use .nvmrc to specify Node.js version
- Consider pnpm for better performance and disk usage
- Use semantic versioning for package releases
- Document all custom scripts in README