Modules, Runtime & Tooling
Package Managers, Lockfiles & Scripts
Package managers install dependency graphs, run scripts, maintain lockfiles, and shape reproducible builds. npm, pnpm, Yarn, and Bun differ in details, but the core concerns are dependency boundaries and repeatability.
- A package manifest declares intent
- A lockfile records resolution
- Dependency categories matter
- Scripts are project API
- pnpm-style strictness exposes hidden dependency assumptions
{
"scripts": {
"dev": "vite",
"build": "tsc -b && vite build",
"typecheck": "tsc --noEmit",
"test": "vitest run",
"lint": "eslint .",
"format:check": "prettier --check ."
}
}| Field | Meaning | Example |
|---|---|---|
| dependencies | Needed at runtime | react, express |
| devDependencies | Needed to build/test/dev | vite, vitest, typescript |
| peerDependencies | Provided by consumer | react for a React library |
| optionalDependencies | May be absent | platform-specific package |
| workspace deps | Local packages | monorepo modules |