install
npm install
Installs a package (and its dependencies), adding it to package.json and refreshing package-lock.json. Without arguments, installs everything already declared in the current project's package.json.
npm install [<@scope>/]<pkg>[@<version>] [--save-dev|--save-optional|--global|--force|--legacy-peer-deps] Common flags
| Flag | Purpose |
|---|---|
| --save-prod (-P) | Save to dependencies (default since npm 5) |
| --save-dev (-D) | Save to devDependencies (build tools, linters, tests, typings) |
| --save-optional (-O) | Save to optionalDependencies |
| --save-exact (-E) | Pin exact version instead of a ^ range |
| --global (-g) | Install into the global prefix instead of local node_modules |
| --force (-f) | Force fetch, overwrite cache, bypass conflicts |
| --legacy-peer-deps | Ignore npm 7+ peerDependencies conflict checks |
| --no-save | Install without touching package.json |
Examples
npm install Install all deps declared in package.json
npm install react react-dom Install packages and save to dependencies
npm install -D typescript eslint vitest Add tooling to devDependencies
npm install --legacy-peer-deps Bypass strict peer dependency conflicts
Gotcha
Since npm 5, --save is the default — package.json is always updated unless you pass --no-save. For reproducible installs in CI or Docker use `npm ci` instead: it respects the lockfile strictly and is faster.
Related commands
npm ci
Performs a clean, deterministic install straight from package-lock.json (or npm-shrinkwrap.json) intended for CI environments. It deletes any existing node_modules and refuses to run if package.json and the lockfile are out of sync.
npm install --global
Installs a package into the global prefix so its bin scripts are on your PATH system-wide. Global installs live outside any project's node_modules.
npm uninstall
Removes a package from node_modules and drops it from the matching section of package.json and the lockfile. Aliases: `remove`, `rm`, `r`, `un`.
npm update
Updates packages to the newest version that still satisfies the semver range in package.json and refreshes package-lock.json. Without arguments, it tries every listed dependency.