npm ci vs. npm i: Install Node Modules Faster

Node modules are code packages that may be installed and used in a Node.js project. Node modules can perform various jobs, from simple utilities to sophisticated frameworks and can be created by anyone.

The most common ways to install node modules are:

1. npm i / yarn: This installs all npm packages existing in the package.json file if any.
2. npm i / yarn add : This command adds a new node module package into the projects and updates the package-lock.json file.

We’re also going to discuss npm clean-install (npm ci) and compare it with npm install (npm i).

What Is npm install?

npm i installs Node.js packages and dependencies. When you run npm i in a Node.js project directory, npm searches the package.json file for a list of required packages and versions. It then installs these packages and their dependencies in your project’s node module’s directory from the npm registry.

More on Software EngineeringInstall Node.js: A Tutorial

How Does npm install Work?

npm i follows five steps:

1. Checks package.json for project-required packages and versions.
2. Resolves package.json dependencies.
3. Downloads npm packages and dependencies.
4. Installs your project’s node modules packages and dependencies.
5. Changes package-lock.json, which tracks installed packages and dependencies.

What Is npm ci?

npm ci stands for npm clean-install. The ci command is supported by any npm version six or later. npm ci reads the package-lock.json file to determine the project’s package versions and dependencies. Without changing package-lock.json, it will fetch and install these identical versions from the npm registry.

How Does npm ci Work?

npm ci executes in six stages:

1. Checks for a project-dir package-lock.json file. If it doesn’t exist, npm ci exits.
2. Removes node modules and installed packages.
3. Reads package-lock.json to determine project-specific package versions and dependencies.
4. Installs these versions from npm.
5. Verifies package integrity against package-lock.json.
6. Doesn’t update package-lock.json.

npm ci Tips

1. The command works only if package-lock.json or npm-shrinkwrap.json is present in the working directory.
2. If the package-lock file is missing, the program will not launch.
3. The packages in package-lock.json or npm-shrinkwrap.json should match the package.json file, else it will exit.

Is npm ci Faster Than npm install?

npm ci is faster than npm i for a few different reasons, including:

1. npm ci doesn’t check the node modules directory to determine which dependencies are installed and which need updating.
2. It doesn’t update the package-lock.json file.
3. It doesn’t need to download any metadata but just installs the exact dependencies enlisted in the package-lock.json file.

Still, it’s important to remember that the speed difference between the two commands isn’t often significant, especially for small projects with few dependencies.

More on Software EngineeringNode.js App Security: Let No One Through the (Digital) Gates

When to Use npm ci vs. npm install?

1. npm ci is handy for production scenarios and continuous integration and delivery pipelines where you must install and use the exact dependencies.
2. npm ci is best used to ensure a clean and consistent installation of dependencies.

npm ci just installs existing dependencies, in contrast to npm i, which attempts to update current dependencies, if possible. This ensures that the builds in continuous integration are reliable. It’s better to use npm i in development and npm ci for production.