Difference between npm ci and npm install

Updated: 2023-06-24

When working with Angular projects, managing dependencies efficiently is crucial.

The Node Package Manager (npm) is a popular tool for managing packages and dependencies in JavaScript projects.

However, when it comes to installing packages, you may come across two similar-looking commands:
npm installor npm i and npm ci.

In this post, we will explore the key differences between these two commands and understand when to use them appropriately in your Angular project.

Developer summary

In your development environment use: npm install, it reads package.json and it writes package-lock.json.

In your CI / Pipeline use: npm ci, it reads package-lock.json.

Overview of 'npm install'

The npm install command is the most commonly used command for installing packages and dependencies in an Angular project.

It reads the package.json file of your project and installs the dependencies specified in it.

During installation, npm install saves the installed packages in the node_modules directory within your project.

It also updates the package-lock.json file (or 'npm-shrinkwrap.json' in earlier versions of npm) to record the exact versions of the installed packages.

Understanding 'npm ci'

npm ci is a command designed to provide faster and more reliable installations, particularly in continuous integration (CI) environments.

The 'ci' stands for continuous integration. Unlike npm install, npm ci disregards the package.json file's devDependencies and installs only the packages specified under dependencies.

One of the key advantages of npm ci is its ability to guarantee reproducible builds.

It achieves this by relying only on the package-lock.json (or 'npm-shrinkwrap.json') file and completely ignoring any modifications or additions in node_modules.

This approach ensures that the installation strictly follows the exact package versions specified in the lock file.

Moreover, npm ci is significantly faster than npm install due to its optimized installation process.

It leverages parallelization to install packages in a deterministic and efficient manner.

By bypassing the package cache and directly fetching dependencies, npm ci eliminates any potential discrepancies between the package.json file and the lock file, resulting in a more consistent and predictable environment.

Use cases and best practices

  • Use npm install during local development when you need to install or update packages.
    It is suitable for most cases and allows for flexibility when working with development and testing dependencies.
  • Use npm ci in continuous integration (CI) environments or automated build pipelines. Since npm ci ignores devDependencies and guarantees reproducible builds, it ensures consistent results across different environments and avoids any unexpected issues due to mismatched dependencies.
  • If you need to set up a project for the first time or are switching between branches, 'npm ci' is preferable. It ensures that the dependencies are installed based on the lock file.
  • When working on a collaborative project, npm install is the preferred choice. It allows developers to easily update or add new dependencies according to their specific requirements. This flexibility is especially useful during the development phase when you may need to experiment with different packages or versions.
  • Projects with large dependencies or numerous collaborators can experience challenges with 'npm install'. The process can be slow, especially when fetching packages from remote registries. In such cases, 'npm ci' can significantly improve installation times by utilizing parallelization and skipping the package cache.

What is the 'package-lock.json' file? Should I include it in the commit?

The package-lock.json file is an important component of Node.js and npm's dependency management system.
It serves as a lock file that records the precise versions of every installed package and its dependencies.

When you run npm install, npm uses the package-lock.json file to ensure that the same versions of packages are installed across different environments.

This guarantees that every developer working on the project, as well as the production environment, uses the exact same set of dependencies, reducing the risk of compatibility issues or unexpected behavior.

The 'package-lock.json' file also provides deterministic and reproducible builds, making it easier to track and manage dependencies in a consistent manner.

It is recommended to include the 'package-lock.json' file in version control systems to ensure consistent installations across development teams and deployment environments.


You could be interested in

Right click context menu with Angular

Right click custom menu inside dynamic lists with Angular Material
2020-05-31

Enums in Angular templates

How to use enum in the html template
2019-01-21
Fullstack Angular / Java application quick start guide.
WebApp built by Marco using SpringBoot 3.2.4 and Java 21. Hosted in Switzerland (GE8).