npm (Node Package Manager) is the primary package manager for JavaScript and the default package distribution platform for Node.js. It hosts the world’s largest software registry, containing millions of open-source packages used across web development, backend services, CLIs, build tools, and modern JavaScript frameworks.

Developers use npm to install libraries, manage project dependencies, and publish their own packages. It supports semantic versioning, dependency resolution, scoped packages, and audit features for identifying vulnerabilities. npm also provides organizational tools, including workspaces for monorepos, private package hosting, and automation through `npm scripts`.

As a central pillar of the JavaScript ecosystem, npm plays a critical role in the software supply chain, enabling rapid innovation but also introducing security challenges such as dependency confusion, malicious package uploads, and large-scale supply chain attacks. Its integration with Node.js and widespread adoption make it a foundational component of modern JavaScript development.

DevSecOps in Practice