npm ci vs npm install
When working on a JavaScript project, there are two common commands that are used to install dependencies: npm install and npm ci. While they seem similar, they serve different purposes and can have an impact on your workflow.
npm install
npm install installs dependencies listed inside of package.json.
If the version that gets installed is different to the version found inside of your package-lock.json file, then it will update the package-lock.json with the version. This can lead to variations in different environments and unexpected version bumps as part of your changes.
It's flexible, but can be problematic. I'd only recommend using this command when installing a new package in your project.
npm ci
npm ci will install the exact version of a package from the package-lock.json file. This is great as you can guarantee that the version you have installed is the same as your main branch and the rest of your team (assuming they also use npm ci).
If the package-lock.json file is out of sync with the package.json file, the command will fail to run to be certain that it is installing the correct thing.
This command is more deterministic and I'd recommend this when setting up a new project from Git, updating your local environment and checking you've got the right dependencies, or in CI where you normally see a good performance boost compared to npm install.
When to use each
To summarise the above:
npm installshould be used when you want to install or update a package.npm cishould be used to install dependencies from scratch, in CI/CD pipelines and for production builds where consistency and determinism is crucial.