Just Frontend Things

Npm 7 is now the standard, here is what you'll get



Finally npm 7 is generally available and published as latest in the npm registry. Read up on the differences, new features and performance boosts compared to npm 6.

With version 7 of npm they've reduced their dependencies by roughly 54%, while increasing the code test coverage by about 17%. It should also include a performance boost in multiple areas according to their own benchmarks.

Npm 7 is now the `latest` version in the npm registry and therefore default. To install the new version of npm, you'll can run the following in your command line interpreter of choice.

npm install --global npm@latest

The new major version comes with a couple of new great features and improvements, including Workspaces, peer dependencies and a new lock file. It also comes with some breaking changes. Let's get in to those things!

New features

Version 2 of package-lock

With the new package-lock.json file we'll unlock the ability to do deterministically reproducible builds. It should now include everything npm needs to install the packages needed. Before npm 7 yarn.lock was ignored by npm, but this is no longer the case. It can now use it to keep itself up to date with the package tree.

The new lock file should be backwards compatible with users of npm 6. Though, when you run npm install in a project with a version 1 lock file it will replace that file with the new structure. This can be avoided by running npm install --no-save when installing.


This is one of the new features that I'm most excited about. It includes a set of features which will make the management of multiple packages a lot better. It lets you handle packages from a singular top-level root package. This has already been possible to do with for example yarn, Lerna or Pnpm.

In order to make npm aware that the current project is a workspace you have to add the workspaces key in your package.json. This can be done by adding every single sub-folder or by using a glob, like in the example below.

{ "name": "example", "version": "1.33.7", "workspaces": [ "packages/*" ] }

Read more about workspaces in the rfc and in the npm docs.

Automatically installing peer dependencies

In versions before npm 7 developers had to install the peer dependencies. Now npm will use a new algorithm to ensure the dependencies is installed properly. If a peer dependency, that is not compatible with the specified one, is installed npm 7 will now block the installation.

Breaking changes

Since the new version is considered a major version it'll come with a couple of breaking changes. Here are some:

  • You can no longer use require() npm's internal modules. Npm now uses the package.exports field.
  • The team has completely rewritten npx to internally use npm exec, the npx CLI will still be available. Some functionality changes is to expect. One is that you'll now be prompted if you try to run a module that is not installed yet.
  • The changes mentiod above regarding peer dependencies might disturb some workflows.
  • npm audit has a new output.
  • npm 6 showed all packages by default when running npm ls. With npm 7 it will only show the top level packages. Run npm ls --all to mimic the behaviour from npm 6.