npm ci vs npm install - Run faster and more reliable builds with package-lock.json in 2024

Starting MARCH 5, 2018, all npm users can take advantage of a new install command called npm ci.

npm install :- install new dependencies, or update existing dependencies (e.g. going from version 1 to version 2).

npm ci :- when you want to run continuous integration tools like Jenkins or GitLab, etc., it doesn’t modify the package-lock.json file. It’s meant to be used in automated environments such as test platforms, continuous integration, and deployment – or any situation where you want to make sure you’re doing a clean install of your dependencies.

Essentially, npm install reads package.json to create a list of dependencies and uses package-lock.json to inform which versions of these dependencies to install. If a dependency is not in package-lock.json it will be added by npm install. If you use ^ or ~ when you specify the version of your dependency, npm may not install the exact version you specified. It can update the package-lock.json file. If doesn’t exist, it will create it

npm ci (named after Continuous Integration) installs dependencies directly from package-lock.json and uses package.json only to validate that there are no mismatched versions. If any dependencies are missing or have incompatible versions, it will throw an error.

npm ci offers massive improvements to both the performance and reliability of builds for continuous integration / continuous deployment processes, providing a consistent and fast experience for developers using CI/CD in their workflow.

npm ci is fast—in some cases, twice as fast as using npm i, representing a significant performance improvement for all developers using continuous integration.

This added speed and reliability reduces wasted time and promotes best practices. If it’s faster and easier to run tests, developers run them more often and catch errors sooner.

If you are on NPM v5 or lower:

• You can only use npm install to install or update dependencies.
• Try to upgrade to the latest npm version. In addition to npm ci, it also features the npm audit command, which should make identifying and fixing security vulnerabilities of dependencies easier. Furthermore, installing dependencies should be faster with npm v6.

Reliability

npm ci also provides additional ways to improve the reliability of your application builds. As an additional installation command, npm ci can be used as a fallback installer in case npm i fails, and vice versa. This hugely reduces the likelihood of a failed installation.

Ending Note

• npm ci is available immediately by updating to the latest build of npm: run npm install -g npm @latest.
• I’d recommend using npm ci if possible, as it does its job reliably, and use npm install for installing new dependencies or updating existing ones.