NPM & Yarn Commands Cheatsheet

Complete side-by-side reference for npm and Yarn — from initializing projects and managing dependencies to publishing packages, workspaces, and cache management. Bookmark and never look up a command again.

Init & Setup

npmyarnDescription

npmnpm init

yarnyarn init

infoCreate a new package.json interactively

npmnpm init -y

yarnyarn init -y

infoCreate package.json with all defaults

npmnpm init @scope

yarnyarn create @scope

infoRun a create-* package scaffolder

npmnpx create-react-app my-app

yarnyarn dlx create-react-app my-app

infoExecute a package binary without installing globally

npmnpx <package>

yarnyarn dlx <package>

infoRun a one-off command from a package

npmnpm install

yarnyarn / yarn install

infoInstall all dependencies from lock file

npmnpm ci

yarnyarn install --frozen-lockfile

infoClean install — strict lock file, no updates (CI use)

npmnpm install --legacy-peer-deps

yarnyarn install --ignore-engines

infoBypass peer dependency / engine conflicts

npmnpm set init-author-name "Name"

yarnyarn config set init-author-name "Name"

infoSet default author name for new projects

npmnpm set init-license MIT

yarnyarn config set init-license MIT

infoSet default license for new projects

Dependencies

npmyarnDescription

npmnpm install <pkg>

yarnyarn add <pkg>

infoAdd a production dependency

npmnpm install <pkg> --save-dev

yarnyarn add <pkg> --dev

infoAdd a dev dependency

npmnpm install <pkg> --save-exact

yarnyarn add <pkg> --exact

infoPin to an exact version (no ^ or ~)

npmnpm install <pkg>@<version>

yarnyarn add <pkg>@<version>

infoInstall a specific version

npmnpm install <pkg> --global

yarnyarn global add <pkg>

infoInstall a package globally

npmnpm uninstall <pkg>

yarnyarn remove <pkg>

infoRemove a dependency

npmnpm uninstall <pkg> --global

yarnyarn global remove <pkg>

infoRemove a globally installed package

npmnpm update

yarnyarn upgrade

infoUpdate all packages to latest allowed by semver range

npmnpm update <pkg>

yarnyarn upgrade <pkg>

infoUpdate a specific package

npmnpm outdated

yarnyarn outdated

infoList packages with newer versions available

npmnpm audit

yarnyarn audit

infoCheck for known security vulnerabilities

npmnpm audit fix

yarnyarn audit (manual fix)

infoAuto-fix vulnerable dependencies

npmnpm fund

yarnyarn fund

infoList packages seeking funding

npmnpm install <pkg>@latest

yarnyarn add <pkg>@latest

infoForce install the latest version

npmnpm install <git-url>

yarnyarn add <git-url>

infoInstall from a Git repository URL

npmnpm install ./local-pkg

yarnyarn add file:./local-pkg

infoInstall from a local folder

npmnpm dedupe

yarnyarn dedupe

infoFlatten duplicate packages in node_modules

Scripts

npmyarnDescription

npmnpm run <script>

yarnyarn <script> / yarn run <script>

infoRun a script defined in package.json

npmnpm start

yarnyarn start

infoRun the start script (shortcut — no 'run' needed)

npmnpm test

yarnyarn test

infoRun the test script

npmnpm run build

yarnyarn build

infoRun the build script

npmnpm run lint

yarnyarn lint

infoRun the lint script

npmnpm run dev

yarnyarn dev

infoRun the dev / development server script

npmnpm run <script> -- --flag

yarnyarn <script> --flag

infoPass additional flags to a script

npmnpm run env

yarnyarn run env

infoList environment variables available to scripts

npmnpm restart

yarnyarn run restart

infoRun prerestart, restart, and postrestart scripts

npmnpm stop

yarnyarn run stop

infoRun the stop script

npmpre<script> / post<script>

yarnpre<script> / post<script>

infoLifecycle hooks — run before/after any script automatically

Publishing

npmyarnDescription

npmnpm login

yarnyarn login

infoAuthenticate with the npm registry

npmnpm logout

yarnyarn logout

infoLog out of the npm registry

npmnpm whoami

yarnyarn whoami (npm whoami)

infoShow the currently logged-in username

npmnpm publish

yarnyarn publish

infoPublish the package to the registry

npmnpm publish --access public

yarnyarn publish --access public

infoPublish a scoped package as public

npmnpm publish --tag next

yarnyarn publish --tag next

infoPublish with a specific dist-tag

npmnpm pack

yarnyarn pack

infoCreate a tarball of the package without publishing

npmnpm version <major|minor|patch>

yarnyarn version --<major|minor|patch>

infoBump the package version and create a Git tag

npmnpm version prerelease --preid=beta

yarnyarn version --prerelease

infoCreate a prerelease version

npmnpm deprecate <pkg>@<ver> "msg"

yarnnpm deprecate <pkg>@<ver> "msg"

infoMark a published version as deprecated

npmnpm unpublish <pkg>@<ver>

yarnnpm unpublish <pkg>@<ver>

infoRemove a specific version from the registry

npmnpm dist-tag add <pkg>@<ver> latest

yarnyarn tag add <pkg>@<ver> latest

infoManage distribution tags for published packages

npmnpm owner add <user> <pkg>

yarnyarn owner add <user> <pkg>

infoAdd a maintainer to a package

Registry & Config

npmyarnDescription

npmnpm config list

yarnyarn config list

infoShow all configuration settings

npmnpm config get <key>

yarnyarn config get <key>

infoGet a specific config value

npmnpm config set <key> <value>

yarnyarn config set <key> <value>

infoSet a config value

npmnpm config delete <key>

yarnyarn config delete <key>

infoRemove a config value

npmnpm config set registry <url>

yarnyarn config set registry <url>

infoChange the default registry URL

npmnpm config set //registry/:_authToken=<t>

yarnyarn config set npmAuthToken <t>

infoSet an authentication token for a registry

npm.npmrc (project or user)

yarn.yarnrc.yml (Yarn Berry)

infoConfig file for persistent settings

npmnpm config set save-exact true

yarnyarn config set save-prefix ""

infoAlways pin exact versions by default

npmnpm config set engine-strict true

yarnyarn config set enableStrictEngine true

infoEnforce engine constraints in package.json

npmnpm token create

yarnnpm token create

infoCreate a new authentication token

npmnpm token list

yarnnpm token list

infoList all active authentication tokens

Workspace & Monorepo

npmyarnDescription

npm"workspaces": ["packages/*"]

yarn"workspaces": ["packages/*"]

infoDeclare workspaces in root package.json

npmnpm install (from root)

yarnyarn install (from root)

infoInstall deps for all workspaces and hoist shared packages

npmnpm run <script> -w <pkg>

yarnyarn workspace <pkg> <script>

infoRun a script in a specific workspace

npmnpm run <script> --workspaces

yarnyarn workspaces foreach run <script>

infoRun a script across all workspaces

npmnpm install <dep> -w <pkg>

yarnyarn workspace <pkg> add <dep>

infoAdd a dependency to a specific workspace

npmnpm ls --all --workspaces

yarnyarn workspaces list

infoList all workspaces and their locations

npmnpm exec -w <pkg> -- <cmd>

yarnyarn workspace <pkg> exec <cmd>

infoExecute a command in a workspace context

npmnpm publish --workspaces

yarnyarn workspaces foreach npm publish

infoPublish all workspace packages

npmnpx lerna init

yarnnpx lerna init

infoInitialize Lerna for monorepo management

npmnpx lerna run build

yarnnpx lerna run build

infoRun build across all Lerna packages

npmnpx lerna version

yarnnpx lerna version

infoBump versions for changed Lerna packages

Cache & Cleanup

npmyarnDescription

npmnpm cache clean --force

yarnyarn cache clean

infoClear the local package cache

npmnpm cache verify

yarnyarn cache list

infoVerify / list contents of the cache

npmnpm cache ls

yarnyarn cache list --pattern <pkg>

infoList cached packages

npmnpm prune

yarnyarn autoclean --force

infoRemove extraneous packages not in dependencies

npmrm -rf node_modules && npm install

yarnrm -rf node_modules && yarn

infoFull clean reinstall

npmnpm cache clean --force && rm -rf node_modules

yarnyarn cache clean && rm -rf node_modules

infoNuclear option — clear cache and reinstall everything

npmnpm config get cache

yarnyarn cache dir

infoShow the path to the cache directory

Info & Inspection

npmyarnDescription

npmnpm ls

yarnyarn list

infoList installed packages as a dependency tree

npmnpm ls --all

yarnyarn list --all

infoShow full dependency tree including nested

npmnpm ls <pkg>

yarnyarn list --pattern <pkg>

infoCheck if and where a package is installed

npmnpm info <pkg>

yarnyarn info <pkg>

infoShow registry metadata for a package

npmnpm view <pkg> versions

yarnyarn info <pkg> versions

infoList all published versions of a package

npmnpm view <pkg> dependencies

yarnyarn info <pkg> dependencies

infoShow a package's dependencies

npmnpm why <pkg>

yarnyarn why <pkg>

infoExplain why a package is installed (dependency chain)

npmnpm explain <pkg>

yarnyarn why <pkg>

infoDetailed explanation of dependency resolution path

npmnpm doctor

yarn(no equivalent)

infoRun diagnostics — checks node, registry, cache, permissions

npmnpm bin

yarnyarn bin

infoShow the path to the local bin directory

npmnpm bin --global

yarnyarn global bin

infoShow the path to the global bin directory

npmnpm root

yarnyarn root (custom)

infoShow the path to node_modules

npmnpm prefix

yarn(pwd)

infoShow the closest parent with a package.json

npmnpm -v

yarnyarn -v

infoShow the installed package manager version

npmnpm help <command>

yarnyarn help <command>

infoShow documentation for a specific command

npmnpm search <term>

yarnnpm search <term>

infoSearch the registry for packages

FAQ

What are the main differences between npm, Yarn, and pnpm?

npm is the default Node.js package manager — universal and well-supported. Yarn (by Facebook) introduced lock files, workspaces, and parallel installs before npm caught up. Yarn Berry (v2+) uses Plug'n'Play for zero node_modules. pnpm uses a content-addressable store with hard links, saving disk space and enforcing strict dependency isolation. All three share the same registry. Choose npm for simplicity, Yarn for workspaces/PnP features, and pnpm for speed and disk efficiency in monorepos.

What are lock files and why are they important?

Lock files (package-lock.json for npm, yarn.lock for Yarn, pnpm-lock.yaml for pnpm) record the exact resolved version of every installed dependency. They ensure that every developer and CI environment gets identical node_modules. Always commit lock files to version control. Without them, different installs can resolve different versions, leading to 'works on my machine' bugs.

How do peer dependencies work?

Peer dependencies declare that your package is compatible with a specific version of another package, but expects the consuming project to provide it. For example, a React component library might list react as a peerDependency. npm 7+ auto-installs peer deps (with warnings on conflicts). Yarn and pnpm show warnings but don't auto-install. Use --legacy-peer-deps (npm) to bypass strict resolution if you hit conflicts.

What is the difference between npx and yarn dlx?

Both execute a package binary without permanently installing it. npx (bundled with npm 5.2+) first checks local node_modules/.bin, then global installs, then downloads temporarily. yarn dlx (Yarn Berry) always downloads to a temp folder and runs — it never uses locally installed packages. Both are perfect for scaffolding tools (create-react-app, create-next-app) and one-off utilities you don't want cluttering your global installs.

Related Resources

Bash Commands Git Commands TypeScript Types React Hooks