Modules, Runtime & Tooling

Package Managers, Lockfiles & Scripts

Package managers install dependency graphs, run scripts, maintain lockfiles, and shape reproducible builds. npm, pnpm, Yarn, and Bun differ in details, but the core concerns are dependency boundaries and repeatability.
  • A package manifest declares intent
  • A lockfile records resolution
  • Dependency categories matter
  • Scripts are project API
  • pnpm-style strictness exposes hidden dependency assumptions
Useful package scripts
{
  "scripts": {
    "dev": "vite",
    "build": "tsc -b && vite build",
    "typecheck": "tsc --noEmit",
    "test": "vitest run",
    "lint": "eslint .",
    "format:check": "prettier --check ."
  }
}
Scripts are the command surface for humans and CI.
Dependency categories
FieldMeaningExample
dependenciesNeeded at runtimereact, express
devDependenciesNeeded to build/test/devvite, vitest, typescript
peerDependenciesProvided by consumerreact for a React library
optionalDependenciesMay be absentplatform-specific package
workspace depsLocal packagesmonorepo modules
Sources
  • npm Documentationnpm package management
  • pnpm Documentationpnpm workspaces and lockfiles
  • Node.js Documentation and Learn Node.jsPackage management