• What is pulling in a dep? npm ls selfsigned

Clearing Cache

  • npm cache clean --force
  • yarn cache clean


Constraining Versions

  • ~ means accept newer patch versions
  • ^ means accept newer minor versions

Creating a Package

$ yarn init package-name


Referencing an unpublished package locally

  "dependencies": {
    "foo": "file:../path/to/foo"

Installing a package from git

$ yarn add user/repo#branch

Referencing a git commit, tag, or branch of a package

Publishing a package

$ npm publish

Overriding a published package with a local copy

Opening a package’s source to view it

Look in node_modules

Updating Dependencies

When you have a transitive dependency that you want to force to update without updating anything else in the lockfile, use the resolutions field in package.json:

"resolutions": { "fsevents": "1.2.13" }

(NOTE: this may only be valid with yarn, not npm)