npm ci vs. npm install — Which Should You Use in Your Node.js Projects?

And what exactly is the difference?

Ali Kamalizade
Jul 2, 2019 · 2 min read
Image for post
Image for post

npm is the default package manager for Node.js projects.

Installing and updating dependencies is easy with npm. A dependency listed on npmjs, for example the Vue.js framework, even shows the installation command that you can copy and paste into your terminal.

If you have been working with npm for a while, you’d use npm install (or the shorter npm i) to install or update dependencies.

While that still works, a new command was introduced in npm v6 - npm ci.

In this article, I want to highlight the differences between the two, and the different use cases in which you’d use these commands.

npm install (in Short: npm i)

npm install, or npm i, is used to install dependencies:

  • It will install all the dependencies.
  • If you use ^ or ~ when you specify the version of your dependency, npm may not install the exact version you specified.
  • npm install can update your package-lock.json when there are changes such as when you install a new dependency.

npm ci

npm ci will do the following things:

  1. It will delete your node_modules folder to ensure a clean state.
  2. It will look in your package-lock.json to install all the dependencies with the exact version.
  3. Unlike npm install, npm ci will never modify your package-lock.json. It does however expect a package-lock.json file in your project — if you do not have this file, npm ci will not work and you have to use npm install instead.

If you use npm ci, you’ll get reliable builds. This is useful when you’re running in a continuous integration tool like Jenkins or GitLab CI.

npm ci vs. npm Install — Which to Use?

If you are on npm v6 or higher:

  • Use npm install to install new dependencies, or to update existing dependencies (e.g. going from version 1 to version 2).
  • Use npm ci when running in continuous integration, or if you want to install dependencies without modifying the package-lock.json.

If you are on NPM v5 or lower:

  • You can only use npm install to install or update dependencies.
  • Try to upgrade to the latest npm version. In addition to npm ci, it also features the npm audit command, which should make identifying and fixing security vulnerabilities of dependencies easier. Furthermore, installing dependencies should be faster with npm v6.

Conclusion

Thanks for reading this article. As you can see, both commands have their valid use cases. I’d recommend using npm ci if possible, as it does its job reliably, and use npm install for installing new dependencies or updating existing ones.

Better Programming

Advice for programmers.

By Better Programming

A weekly newsletter sent every Friday with the best articles we published that week. Code tutorials, advice, career opportunities, and more! Take a look

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.

Check your inbox
Medium sent you an email at to complete your subscription.

Ali Kamalizade

Written by

Senior Software Engineer @LeanIX. Co-founder of Sedeo. Passion for software engineering and startups. Looking forward to build great things. 有難うございます。🚀

Better Programming

Advice for programmers.

Ali Kamalizade

Written by

Senior Software Engineer @LeanIX. Co-founder of Sedeo. Passion for software engineering and startups. Looking forward to build great things. 有難うございます。🚀

Better Programming

Advice for programmers.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store