npm ci vs. npm install — Which Should You Use in Your Node.js Projects?

And what exactly is the difference?

npm is the default package manager for Node.js projects.

Installing and updating dependencies is easy with npm. A dependency listed on npmjs, for example the Vue.js framework, even shows the installation command that you can copy and paste into your terminal.

If you have been working with npm for a while, you’d use npm install (or the shorter npm i) to install or update dependencies.

While that still works, a new command was introduced in npm v6 - npm ci.

In this article, I want to highlight the differences between the two, and the different use cases in which you’d use these commands.

npm install (in Short: npm i)

npm install, or npm i, is used to install dependencies:

• It will install all the dependencies.
• If you use ^ or ~ when you specify the version of your dependency, npm may not install the exact version you specified.
• npm install can update your package-lock.json when there are changes such as when you install a new dependency.

npm ci

npm ci will do the following things:

1. It will delete your node_modules folder to ensure a clean state.
2. It will look in your package-lock.json to install all the dependencies with the exact version.
3. Unlike npm install, npm ci will never modify your package-lock.json. It does however expect a package-lock.json file in your project — if you do not have this file, npm ci will not work and you have to use npm install instead.

If you use npm ci, you’ll get reliable builds. This is useful when you’re running in a continuous integration tool like Jenkins or GitLab CI.

npm ci vs. npm Install — Which to Use?

If you are on npm v6 or higher:

• Use npm install to install new dependencies, or to update existing dependencies (e.g. going from version 1 to version 2).
• Use npm ci when running in continuous integration, or if you want to install dependencies without modifying the package-lock.json.

If you are on NPM v5 or lower:

• You can only use npm install to install or update dependencies.
• Try to upgrade to the latest npm version. In addition to npm ci, it also features the npm audit command, which should make identifying and fixing security vulnerabilities of dependencies easier. Furthermore, installing dependencies should be faster with npm v6.

Conclusion

Thanks for reading this article. As you can see, both commands have their valid use cases. I’d recommend using npm ci if possible, as it does its job reliably, and use npm install for installing new dependencies or updating existing ones.