Guide to Package.json file tutorial in Nodejs Applications

In this blog post, We are going to learn package.json tutorials with examples
You can also check other posts on npm command deprecate option is deprecated

Package.json file in Nodejs

package.json is a JSON configuration file of nodejs and javascript-based projects. It contains the key and value of Nodejs based applications. The location of this file is in the root folder of the application. This will be used by the npm command for building/starting/testing your javascript-based applications. This will help other developers track the application dependencies and versions This file can be created in many ways as follows

The npm command uses this to build, start, and test your javascript-based applications.

  • Angular/ReactJS/VueJS CLI automatically
  • npm init command
  • Manually create a file

the package JSON file contains the following properties

  • Project metadata like name, version, etc
  • Dependencies of application - dependencies,devDependencies, etc
  • npm command line automated Scripts
  • repositories, browser list, and engine support

the package.json file used in the below Nodejs Based application of the following types

  • Front-end-based apps using Angular, ReactJS and Vuejs, etc.
  • Backend applications using MEAN or MERN Stack

How to create a package.json file?

This example can explain different ways to create a file

  • package.json file creation with CLI prompt using npm init
  • default package.json creation with default values using npm init -yes command
B:\Workspace\blog\reactapp>npm init

This utility will walk you through creating a package.json file.

See npm help json for definitive documentation on these fields
and exactly what they do.

Use npm install afterward to install a package and
save it as a dependency in the package.json file.

Press ^C at any time to quit.  
package name: (reactapp) nodeapp  
version: (1.0.0)  
description: This is node based application  
entry point: (index.js)  
test command:  
git repository:  
license: (ISC)  
About to write to B:\Workspace\blog\reactapp\package.json:

 "name": "nodeapp",  
 "version": "1.0.0",  
 "description": "This is node based application",  
 "main": "index.js",  
 "scripts": {  
 "test": "echo \"Error: no test specified\" && exit 1"  
 "author": "",  
 "license": "ISC"  

Is this ok? (yes) yes

Example Minimal package.json file

This is a file created in the application root folder with a minimum configuration of an application

 "name": "nodeapp",  
 "version": "1.0.0",  
 "description": "This is node based application",  
 "main": "index.js",  
 "scripts": {  
 "test": "echo \"Error: no test specified\" && exit 1"  
 "author": "",  
 "license": "ISC"  

We have created a minimal package.json file

"engines": {  
 "node": ">= 8.0.0",  
 "npm": ">= 3.1.0",  
Namethe name of the application
versionthe current version of the application
Descriptionlong text description about Project
mainthis contains the entry point script code of the application
AuthorName of the developer
**License- license information of an application. This will be useful when you are publishing your project as an npm package so that other developers can use this project based on it
scriptsThis contains automated scripts which you can run using the name of the script specified. This contains npm commands to run via the command line
repositoryThis is pointed to the SCM code location of the application
enginesThis contains an array of entries that contains the nodejs/npm version that works for this application
Browser listThis will specify the list of supported browsers for your application

How to add a dependency to package.json - npm install command

Once the basic package.json file is created,

You can install the node package using the npm install --save package name command.

The below example explains about following things

  • How to install npm modules/packages in nodejs applications
  • How to add dependency and devdependencies to the nodejs project

The below command installs sweetalert and lodash modules to the nodejs project.

npm install --save sweetalert  
npm install --save-dev lodash

The above commands create one entry in the dependencies section and another entry in the devDependencies section of package.json.

Here is the updated package.json file

"dependencies": {  
 "sweetalert2": "^7.26.9"  
 "devDependencies": {  
 "lodash": "^4.17.10"  

How to remove the dependency in package.json using the npm uninstall command

You can uninstall dependencies from the application using the npm uninstall command.

The below example explains about following things

  • How to uninstall npm modules/packages in nodejs applications
  • How to remove dependency and devDependencies from the nodejs project

The below command uninstalls the sweet alert and lodash module to the nodejs project.

npm uninstall --save sweetalert  
npm uninstall --save-dev lodash

The above commands remove an entry from the dependencies and devDependencies sections of package.json

"dependencies": {  
 "devDependencies": {  

How to update dependencies to the latest versions automatically in a nodejs project

package.json contains all dependencies.

It is very painful to update each package to the latest version. There are many ways we can do that. one way, npm-check-updates is the command-line utility tool used to update all dependencies to the latest version and will update the latest versions in package.json.

Install npm-check-updates globally using npm install. Once installed, the ncu command will be available as a command. It updates all packages to the latest version using the ncu -u command. Finally, install all packages in an application using the npm install command

npm i -g npm-check-updates  
ncu -u  
npm install

Nodejs Dependencies Types

There are a lot of dependencies types in package.json

  • Dependencies for production build
  • devDependencies for a development build
  • peerDependencies for production build minus transitive dependency
  • optionalDependencies - optional or conditional dependencies

npm package versions

package.json dependencies contain package and version. The version can be configured or updated with below different options

Versions can be prefixed with a caret(^) and tilde(~) and other symbols as below

For example

  • ^2.1.0: This package can be updated to minor versions like 2.1.1 or 2.2.0
  • ~2.1.0: This package can be updated to minor versions like 2.1.1 but not 2.2.0
  • \* means any version can be updated
  • \>2.1.0 Any version which is greater than 2.1.0 can be updated
  • \>=2.1.0 Any version which is greater than or equal to 2.1.0 can be updated <2.1.0 Any version which is lesser than 2.1.0 can be updated
  • <=2.1.0 Any version which is lesser than equal to 2.1.0 can be updated

What is the difference between Dependencies, DevDependencies, and peerDependencies in package.json?

  • Dependencies: These are actual dependencies used to run your application and used for Production.

It installs `transitive dependencies. For example, when package 1 is dependent on package 2, package 3 is dependent on package 1. if package 1 is installed, package2 and package 3 are installed automatically.

npm, install —save command installs the dependencies. This always contains Angular/Vue/react l, libraries as dependencies

  • DevDependencies:

These dependencies are the development dependencies of an application. These are needed as a dependency during development like testing frameworks -mocha or karma.

This will not be published as part of the production build. This will not install transitive dependency

This will be installed using the npm install —save-dev command. This always contains testing frameworks or documentation libraries

  • peerDependencies:

These are dependencies like production but `transitive dependencies are not installed.

This will be installed using the npm install --save command.

what is the private key in package.json

package.json contains the private key, these key values are true/false

if private is true, the application cannot be published as an npm package. This is used to avoid publishing it to the repository accidentally.

What is the use of package-lock json?

package-lock.json contains the exact version and dependency tree information. It is generated automatically during the npm install command.

It is a lock file that helps to generate the exact version for production.


In this tutorial, Learned the package.json sample file with dependencies added and removed to an application.