npm
Files
SKILL.mdagentsreferences
Install
Install only this skill with npx skills
npx skills add alisonaquinas/llm-ci-dev --skill 'npm' -g -y
Install the containing skill bundle
/plugin install ci-cd@llm-skills
This skill is bundled inside ci-cd. Use
npx skills when you only want this skill, or install the bundle once to make every included skill available through the plugin marketplace flow. Browse the full skill bundle repository at github.com/alisonaquinas/llm-ci-dev.Invoke
Invoke this skill after installation
/ci-cd:npm
SKILL.md
name: npm description: Manage Node.js packages, run scripts, and publish with npm. Use when tasks mention npm commands, package.json configuration, dependency management, scripts, workspaces, or Node.js package operations.
npm
Intent Router
| Request | Reference | Load When |
|---|---|---|
| Install Node.js, set up npm, configure .npmrc | references/install-and-setup.md | Node.js or npm needs to be installed or configured |
| package.json fields, version specifiers, scripts | references/package-json.md | package.json structure or fields are the topic |
| CLI commands, workflows | references/command-cookbook.md | Specific npm commands are needed |
| Monorepo workspaces, hoisting | references/workspaces.md | Workspace or monorepo setup is the topic |
Quick Start
# 1. Initialize a new package
npm init -y
# 2. Install all dependencies from package.json
npm install
# 3. Run a script defined in package.json
npm run <script>
# 4. Preview what would be published (no side effects)
npm publish --dry-run
Core Command Tracks
- Initialise:
npm init [-y]— creates package.json - Install deps:
npm install/npm ci(clean, reproducible) - Add a package:
npm install <pkg>,npm install --save-dev <pkg> - Run scripts:
npm run <script>,npm test,npm start - Publish:
npm publish [--dry-run] [--tag <tag>] - Audit:
npm audit,npm audit fix - Update:
npm update,npm outdated - Execute binaries:
npm exec <cmd>/npx <cmd>
Safety Guardrails
- Run
npm publish --dry-runbefore any real publish to verify the file list. - Run
npm auditregularly and address high-severity advisories before releasing. - Commit
package-lock.jsonto version control; never delete it unless regenerating. - Use
npm ciin CI pipelines instead ofnpm install— it respects the lock file exactly and fails if it is out of sync. - Avoid
--forceor--legacy-peer-depsunless the root cause of the conflict is understood. - Keep
.npmrcsecrets (auth tokens) out of version control; use environment variables instead.
Workflow
- Add or update dependencies with
npm install <pkg>. - Update scripts in
package.jsonas needed. - Run
npm run <script>to verify the change locally. - Run
npm auditto check for known vulnerabilities. - In CI, use
npm cifor a clean, reproducible install. - Publish with
npm publish --dry-runfirst, thennpm publishafter confirming the output.
# Troubleshoot peer dependency conflicts and fix audit issues
npm install --legacy-peer-deps
npm audit fix
npm ls <package-name>
Related Skills
- yarn — alternative package manager with Berry and Classic modes
- pnpm — disk-efficient package manager using a content-addressable store
- ci-architecture — integrating npm into CI/CD pipelines
References
references/install-and-setup.mdreferences/package-json.mdreferences/command-cookbook.mdreferences/workspaces.md- Official docs: https://docs.npmjs.com
- npm CLI reference: https://docs.npmjs.com/cli/v10/commands
- package.json spec: https://docs.npmjs.com/cli/v10/configuring-npm/package-json
- Workspaces guide: https://docs.npmjs.com/cli/v10/using-npm/workspaces