What Is npm? Node Package Manager Explained (2026 Guide)
npm (Node Package Manager) is the default package manager for Node.js and the world’s largest software registry. It lets developers install, share, and manage reusable JavaScript packages — from tiny utility functions to complete UI component libraries like MUI and shadcn/ui.
If you work with modern web applications — whether you write code or collaborate with people who do — npm is part of your workflow. This guide explains what npm is, how it works, and why it matters for both developers and designers building digital products in 2026.
npm is also a key enabler of code-backed design workflows. With UXPin Merge, teams can bring npm-published React components directly into the design canvas — so designers work with the same components developers use in production. Try UXPin for free.
What Is npm (Node Package Manager)?
npm consists of three distinct components:
- The npm registry — a massive public database of JavaScript packages. As of 2026, the registry hosts over 2.5 million packages, making it the largest software registry in the world.
- The npm CLI (command-line interface) — the tool developers use to install, update, and manage packages from the registry.
- The npm website (npmjs.com) — where you can search for packages, read documentation, and manage organisation-scoped packages.
npm is installed automatically when you install Node.js. If Node.js is on your machine, you already have npm.
What Is a Package Manager?
A package manager automates the process of installing, updating, configuring, and removing software libraries (called “packages” or “dependencies”). Without a package manager, developers would need to manually download code, place it in the right directory, and keep track of versions — a process that doesn’t scale.
npm is the package manager for the JavaScript ecosystem. Other languages have their own: Python has pip, Ruby has gem, and PHP has Composer. In the JavaScript world, npm competes with alternatives like Yarn and pnpm, but npm remains the default and most widely used.
What Is the npm Registry?
The npm registry is a public database where developers publish reusable code packages. When you run npm install react, npm fetches the React package from this registry and installs it in your project.
The registry hosts packages of every kind:
- UI component libraries: React, MUI (Material UI), Ant Design, shadcn/ui
- Utility libraries: Lodash, date-fns, Axios
- Frameworks: Next.js, Express, NestJS
- Build tools: Webpack, Vite, ESBuild
- Testing tools: Jest, Vitest, Playwright
Organisations can also publish private packages scoped to their team — this is how many companies distribute internal component libraries. In fact, this is exactly how UXPin Merge’s Git integration works: your team publishes React components via npm, and Merge syncs them into UXPin’s design editor so designers can build with production code.
Key npm Concepts
Dependencies vs. DevDependencies
Dependencies are packages your application needs to run in production. They’re installed with npm install <package> and listed in the "dependencies" section of your package.json.
DevDependencies are packages needed only during development — things like testing frameworks, linters, and build tools. They’re installed with npm install --save-dev <package> and listed under "devDependencies".
When you deploy to production, you typically run npm install --production, which skips devDependencies to keep the production bundle lean.
The package.json File
package.json is the manifest file for every Node.js project. It contains:
- The project’s name, version, and description
- A list of all dependencies and their version ranges
- Scripts for common tasks (build, test, start, lint)
- Configuration for tools like ESLint, Babel, or Jest
You create a package.json by running npm init in your project directory. Every time you install a package, npm updates this file automatically.
The package-lock.json File
package-lock.json records the exact version of every installed package (and every sub-dependency). While package.json uses version ranges (e.g. "^18.2.0"), the lock file pins exact versions to ensure every developer and CI environment installs the identical dependency tree. Always commit package-lock.json to version control.
Essential npm Commands
Here are the commands you’ll use most often:
| Command | What It Does |
|---|---|
npm init |
Creates a new package.json file |
npm install |
Installs all dependencies listed in package.json |
npm install <package> |
Installs a specific package and adds it to dependencies |
npm install --save-dev <package> |
Installs a package as a devDependency |
npm update |
Updates all packages to the latest version within the specified range |
npm uninstall <package> |
Removes a package from the project |
npm run <script> |
Runs a script defined in package.json |
npm audit |
Checks installed packages for known security vulnerabilities |
npx <package> |
Runs a package without installing it globally |
Understanding npm as a Designer
If you’re a designer, you might wonder why npm matters to you. Here’s why: modern design-development collaboration increasingly relies on shared component libraries — and those libraries are distributed through npm.
When your development team publishes a React component library to npm, those components carry all of the production styling, behaviour, and accessibility features baked in. Traditionally, designers would work with static mockups that approximated these components — creating a persistent gap between design intent and production output.
This is the problem UXPin Merge solves. Merge syncs npm-published React components directly into UXPin’s design canvas. Designers drag and drop real production components — complete with props, states, and interactions — to build prototypes that are functionally identical to the production UI.
The result:
- Designers and developers share a single source of truth
- Prototypes behave like the real product (because they are the real components)
- Design handoff becomes trivial — the component names, props, and structure are already production-ready
- Enterprise teams like PayPal have used this approach to support 60+ products with a 5-person UX team
What Can You Do With npm in a Design Workflow?
Understanding npm unlocks several capabilities for design-development collaboration:
- Install and explore component libraries: Run
npm install @mui/materialto see exactly what components are available, their props, and their variants. - Run Storybook locally: Many component libraries include Storybook. Clone the repo, run
npm install && npm run storybook, and you can interact with every component in isolation. - Set up UXPin Merge: The UXPin Merge CLI tool is installed via npm. It’s how you push your component library into UXPin’s editor.
- Prototype with production components: Once Merge is set up, every component in your npm package is available on UXPin’s canvas — with full interactivity and real props.
npm vs. Yarn vs. pnpm
All three are JavaScript package managers. Here’s how they differ:
| Feature | npm | Yarn | pnpm |
|---|---|---|---|
| Default with Node.js | Yes | No | No |
| Speed | Good (improved significantly in v7+) | Fast | Fastest |
| Disk usage | Standard | Standard | Efficient (hard links) |
| Monorepo support | Workspaces | Workspaces | Native |
| Lock file | package-lock.json | yarn.lock | pnpm-lock.yaml |
For most teams, npm is the safe default. If you’re working on large monorepos or care deeply about install speed and disk efficiency, pnpm is worth evaluating.
Bridging Design and Development With UXPin Merge
npm is the backbone of modern JavaScript development — and increasingly, it’s the backbone of modern design systems too. When your component library is published as an npm package, it becomes the single source of truth that both designers and developers can work from.
UXPin Merge bridges the gap by bringing those npm-published components directly into the design environment. And with Forge, UXPin’s AI assistant, you can generate entire layouts by describing what you need — and Forge builds them using the real components from your npm-synced library. The output is production-ready JSX, not static mockups.
Try UXPin for free and experience what it’s like to design with real, npm-published components.
Frequently Asked Questions About npm
What does npm stand for?
npm stands for Node Package Manager. It is the default package manager for the Node.js JavaScript runtime environment. It provides a command-line tool for installing packages and a registry that hosts over 2.5 million reusable JavaScript packages.
Is npm free to use?
Yes. npm is free and open source for public packages. The npm CLI is included with every Node.js installation at no cost. npm also offers paid plans for organisations that need private package hosting, advanced security features, and team management.
What is the difference between npm and Node.js?
Node.js is a JavaScript runtime — it lets you execute JavaScript code outside a web browser. npm is the package manager that comes bundled with Node.js. Think of Node.js as the engine and npm as the tool that lets you install add-ons for that engine.
What is the difference between npm install and npx?
npm install downloads a package and saves it to your project. npx runs a package without installing it permanently — useful for one-off commands like npx create-react-app my-app. If the package isn’t installed locally, npx fetches it temporarily, runs it, and discards it.
How does npm relate to design systems?
Modern design systems are implemented as component libraries published to npm. This makes npm the distribution mechanism for production UI components. Tools like UXPin Merge can sync these npm-published components directly into a design tool, so designers prototype with the exact same code components developers use — creating a true single source of truth.
Should I use npm, Yarn, or pnpm?
For most projects, npm is the right choice — it’s the default, universally supported, and has improved significantly in recent versions. Consider pnpm if you work with large monorepos or want better disk efficiency. Yarn is also solid but has less momentum in 2026. All three are compatible with the same registry and package.json format.
