Taking a look at package.json
If you worked with JavaScript, Node, React, etc. and used npm (Node Package Manager) at all, you may have noticed a file generated in the root of your project’s directory called package.json.
Clicking into it will reveal a whole bunch of information about your current project like the name, description, author, and other metadata. Now of course, it’s common sense for information like that to be contained somewhere within the project, but there’s also other things in package.json
that let your project work with npm.
Node Package Manager
Before we even get into package.json
, we need to know exactly what npm is. Node Package Manager is, as you may have guessed, a package manager for Node! Well then what’s a package manager?! A package manager is a tool for handling software packages. These software packages often come in the form of libraries you most likely may have used before such as Bootstrap, axios, React Router, etc. Although it’s called Node Package Manager, in reality you can use npm with all JavaScript projects. You normally access npm via your Command Line Interface, but you can also check out the website and search for packages that way. Installing a package via npm is as easy as literally typing npm install PackageNameHere.
Package.json
So onto this file now. As I’ve stated earlier, package.json
contains metadata relating to your project like the name and author as well as version number and license documentation. Of course, this sort of information is important to anyone working on the project, but it is also important to npm itself. Let’s take a look at the package.json
of a project I’m working on:
We can create our own scripts within the file to make things easier for us, too. For example, if I run npm run dev
, I’m able to utilize the concurrently
and nodemon
libraries I have installed. We also have the link to our repository documented as well as the issues page.
We then finally the dependencies
and devDependencies.
These are the libraries we’ve downloaded to use for our project. As you can see, dependencies
contain the dotenv
and express
libraries. These are the same names you type into the CLI when wanting to download them, like npm install dotenv
. devDependencies
is the same thing as dependencies
except they’re only to be used in the development environment for the project. This is typically where testing libraries are downloaded to.
Package-lock.json
You’re inevitably going to run into package-lock.json
if you’ve seen package.json
. Let’s take a look at it from my project:
The file is much, much bigger than this. As a matter of fact, it goes on like this to 1845 lines. What package-lock.json
for is simply to lock the version numbers of the dependencies in your project. This ensures that everyone is on the same page when working on the project if they clone it to their machines.