Open Ticket 
+373 79 600002 
Telegram Live Chat 
F.A.Q 
English
Π ΡΡΡΠΊΠΈΠΉ 
RomΓ’nΔ 
Deutsch 
Français 
Türkçe 
EspaΓ±ol 
PortuguΓͺs 
Π£ΠΊΡΠ°ΡΠ½ΡΡΠΊΠ° 
Π±ΡΠ»Π³Π°ΡΡΠΊΠΈ 
Polski 
Indonesia 
δΈζ (δΈε½) 
WindowsHow to Install and Configure Node.js and NPM on Windows
Node.js is an open-source, cross-platform JavaScript runtime built on Chrome's V8 engine that executes JavaScript code outside a browser. NPM (Node Package Manager) is the default package manager bundled with Node.js, providing access to over two million reusable packages. Together, they form the foundational toolchain for building server-side applications, CLI tools, REST APIs, and full-stack JavaScript projects on Windows.
This guide covers the complete installation, verification, configuration, and first-application workflow for Node.js and NPM on Windows β including version management, PATH troubleshooting, global vs. local package scoping, and production-grade considerations that most tutorials omit.
Choosing the Right Node.js Version Before You Install
The Node.js release schedule follows a predictable cadence that directly affects your choice:
| Release Type | Stability | Use Case | Support Window |
|---|
| — | — | — | — |
|---|
| **LTS (Long-Term Support)** | High | Production workloads, team environments | 30 months |
|---|
| **Current** | Moderate | Accessing latest V8 engine features | 6 months |
|---|
| **Nightly / RC** | Experimental | Core contributors, bleeding-edge testing | No guarantee |
|---|
LTS versions carry even major version numbers (e.g., 20.x, 22.x) and receive critical security patches for 30 months. Current releases carry odd major version numbers and transition to LTS status after six months if they meet stability criteria.
For most developers and server deployments β including applications hosted on VPS Hosting β LTS is the correct choice. The Current branch is appropriate only when you specifically need a V8 feature or a Node.js API that has not yet landed in the active LTS line.
NVM for Windows: The Professional Alternative to Direct Installation
Before proceeding with the MSI installer, consider whether you need nvm-for-windows (Node Version Manager for Windows). The direct installer binds your system to a single Node.js version. NVM allows you to install multiple versions side by side and switch between them per-project β critical when maintaining legacy codebases alongside modern ones.
Install nvm-for-windows from its official GitHub releases page, then use:
“`
nvm install 20.14.0
nvm use 20.14.0
nvm list
“`
If you are managing a single project or learning Node.js for the first time, the MSI installer is sufficient. For professional environments, NVM is strongly recommended.
Step 1: Download the Node.js Installer
- Navigate to the official Node.js website at nodejs.org.
- Select the LTS tab and download the Windows Installer (`.msi`) for your architecture. Nearly all modern Windows machines are 64-bit (`node-v20.x.x-x64.msi`). ARM64 builds are available for Windows on ARM devices.
- Verify the downloaded file's SHA-256 checksum against the values published on the Node.js downloads page before executing the installer. This step is non-negotiable in any security-conscious environment.
To verify the checksum in PowerShell:
“`powershell
Get-FileHash .node-v20.14.0-x64.msi -Algorithm SHA256
“`
Compare the output against the published hash. A mismatch indicates a corrupted or tampered download.
Step 2: Install Node.js and NPM
- Double-click the downloaded `.msi` file to launch the Setup Wizard.
- Click Next on the welcome screen.
- Accept the End-User License Agreement and click Next.
- The default installation path is `C:Program Filesnodejs`. Unless you have a specific reason to change this (e.g., a non-system drive for disk space management), leave it as-is.
- On the Custom Setup screen, confirm that npm package manager is selected. It is enabled by default.
- On the Tools for Native Modules screen, you will see an option to automatically install Chocolatey, Python, and Visual Studio Build Tools. Check this box if you anticipate installing NPM packages that include native C++ addons (e.g., `bcrypt`, `sharp`, `node-gyp`-dependent packages). This step installs several gigabytes of tooling β skip it if you only need pure-JavaScript packages.
- Click Install, then Finish.
The installer automatically registers `node.exe` and `npm.cmd` in your system `PATH` environment variable under `C:Program Filesnodejs`.
What the Installer Actually Does to Your System
Understanding the side effects prevents future debugging headaches:
- Adds `C:Program Filesnodejs` to the System PATH (available to all users).
- Creates `C:Users<username>AppDataRoamingnpm` as the default global package prefix.
- Registers Node.js in the Windows registry under `HKLMSOFTWARENode.js`.
- Installs `npx` (the NPM package runner) alongside `npm`.
Step 3: Verify the Installation
Open a new Command Prompt or PowerShell window. The "new" qualifier matters β existing terminal sessions cache the old PATH and will not reflect the installer's changes.
“`
node -v
“`
Expected output: `v20.14.0` (or your installed version)
“`
npm -v
“`
Expected output: `10.x.x`
“`
npx -v
“`
Expected output: matches or is close to the npm version
If `node` is not recognized, the PATH was not updated correctly. Fix it manually:
- Open System Properties > Advanced > Environment Variables.
- Under System variables, find `Path` and click Edit.
- Add `C:Program Filesnodejs` if it is absent.
- Click OK, close all terminal windows, and reopen.
Diagnosing Common Post-Install Issues
Problem: `npm` is recognized but `node` is not (or vice versa).
Cause: A partial PATH entry or a conflicting installation from Chocolatey or a previous NVM setup.
Fix: Run `where node` and `where npm` to identify which binaries are being resolved. Remove stale entries.
Problem: `EACCES` permission errors when running `npm install -g`.
Cause: The global prefix directory lacks write permissions for the current user.
Fix: Change the global prefix to a user-owned directory (covered in Step 5).
Problem: `node` opens the Microsoft Store instead of running Node.js.
Cause: Windows 10/11 ships with an App Execution Alias for `node` that redirects to the Store.
Fix: Go to Settings > Apps > App execution aliases and disable the aliases for `python.exe` and `node.exe` (if present).
Step 4: Update NPM to the Latest Version
The NPM version bundled with a Node.js installer is typically one or two minor versions behind the current release. Update it immediately after installation:
“`
npm install -g npm@latest
“`
The `-g` flag installs the package into the global prefix directory, making it available system-wide. After the update, re-verify:
“`
npm -v
“`
Important edge case: On Windows, updating NPM globally can occasionally leave a stale `npm.cmd` in `C:Program Filesnodejs` pointing to the old version while the new version is installed in `C:Users<username>AppDataRoamingnpm`. If `npm -v` still shows the old version after updating, check which binary is first in PATH:
“`
where npm
“`
The path under `AppDataRoamingnpm` should appear before `C:Program Filesnodejs` in the output. If not, reorder the PATH entries accordingly.
Step 5: Configure NPM for Your Environment
NPM's configuration is stored in a `.npmrc` file, which can exist at three levels: per-project, per-user (`C:Users<username>.npmrc`), and global (`C:Program Filesnodejsnode_modulesnpmnpmrc`). Per-project settings override per-user settings, which override global settings.
Change the Global Package Prefix
The default global prefix (`AppDataRoamingnpm`) works for most users, but on shared servers or when disk quotas apply, you may want to redirect it:
“`
npm config set prefix "D:NodeGlobal"
“`
After changing the prefix, add the new `bin` subdirectory to your PATH:
“`
setx PATH "%PATH%;D:NodeGlobal"
“`
Configure a Private or Mirror Registry
Corporate environments and air-gapped servers frequently use a private NPM registry (Verdaccio, Nexus, Artifactory):
“`
npm config set registry "https://your-private-registry.example.com/"
“`
To authenticate against a private registry:
“`
npm login –registry=https://your-private-registry.example.com/
“`
For scoped packages only (e.g., `@mycompany/*`), you can route just that scope to a private registry while leaving the public registry intact:
“`
npm config set @mycompany:registry "https://your-private-registry.example.com/"
“`
Configure an HTTP Proxy
If your Windows machine sits behind a corporate proxy:
“`
npm config set proxy "http://proxy.company.com:8080"
npm config set https-proxy "http://proxy.company.com:8080"
“`
Audit All Current Settings
“`
npm config list
npm config list –json
“`
The `–json` flag outputs machine-readable configuration, useful for scripting and CI/CD pipeline diagnostics.
Useful NPM Configuration Reference
| Configuration Key | Default Value | Purpose |
|---|
| — | — | — |
|---|
| `prefix` | `%APPDATA%npm` | Global package install location |
|---|
| `registry` | `https://registry.npmjs.org/` | Package source registry |
|---|
| `cache` | `%APPDATA%npm-cache` | Local package cache directory |
|---|
| `save-exact` | `false` | Pin exact versions in `package.json` |
|---|
| `fund` | `true` | Show funding messages after install |
|---|
| `audit` | `true` | Run security audit on install |
|---|
Step 6: Create and Run a Node.js Application
Initialize the Project
“`
mkdir my-node-app
cd my-node-app
npm init -y
“`
`npm init -y` generates a `package.json` with defaults derived from the directory name and your NPM user configuration. The `package.json` file is the manifest of your application β it defines the entry point, scripts, dependencies, and metadata.
Build a Basic HTTP Server
Create `app.js` in the project directory:
“`javascript
// app.js
const http = require('http');
const hostname = '127.0.0.1';
const port = 3000;
const server = http.createServer((req, res) => {
res.statusCode = 200;
res.setHeader('Content-Type', 'text/plain');
res.end('Hello, World!n');
});
server.listen(port, hostname, () => {
console.log(`Server running at http://${hostname}:${port}/`);
});
“`
Run it:
“`
node app.js
“`
Navigate to `http://127.0.0.1:3000/` in your browser. You should see `Hello, World!`.
Technical note: Node.js uses a single-threaded event loop backed by libuv for I/O operations. The `http.createServer` callback fires on each incoming request without blocking the loop. This architecture makes Node.js highly efficient for I/O-bound workloads but unsuitable for CPU-intensive tasks without worker threads or child processes.
Add the Express Framework
Express is the de facto standard HTTP framework for Node.js, providing routing, middleware support, and a clean request/response abstraction:
“`
npm install express
“`
This installs Express locally (into `node_modules/`) and records it as a dependency in `package.json`. Update `app.js`:
“`javascript
const express = require('express');
const app = express();
const port = 3000;
app.get('/', (req, res) => {
res.send('Hello from Express!');
});
app.listen(port, () => {
console.log(`Server running at http://localhost:${port}`);
});
“`
“`
node app.js
“`
Visit `http://localhost:3000/` to confirm the response.
Understanding `node_modules` and `.gitignore`
The `node_modules` directory can contain hundreds of megabytes of files. Never commit it to version control. Create a `.gitignore` file:
“`
node_modules/
.env
“`
Collaborators and deployment pipelines restore dependencies by running `npm install`, which reads `package.json` and `package-lock.json` to reproduce the exact dependency tree.
Step 7: Managing Packages β Local vs. Global
Understanding the distinction between local and global package installation is one of the most common sources of confusion for Node.js newcomers.
| Scope | Install Command | Location | Use Case |
|---|
| — | — | — | — |
|---|
| **Local** | `npm install <pkg>` | `./node_modules/` | Application dependencies |
|---|
| **Local Dev** | `npm install –save-dev <pkg>` | `./node_modules/` | Build tools, test runners |
|---|
| **Global** | `npm install -g <pkg>` | `%APPDATA%npm` | CLI tools (e.g., `nodemon`, `pm2`) |
|---|
Key rule: If a package provides a command-line tool you want available everywhere (e.g., `nodemon`, `eslint`, `typescript`), install it globally. If it is a library your application imports with `require()` or `import`, install it locally.
Running Applications in Production with PM2
For any Node.js application deployed on a server β whether on a VPS Hosting instance or a Dedicated Server β running `node app.js` directly is insufficient. The process will terminate if the terminal closes or an unhandled exception occurs.
PM2 is the standard process manager for Node.js in production:
“`
npm install -g pm2
pm2 start app.js –name "my-app"
pm2 startup
pm2 save
“`
`pm2 startup` generates a command to configure PM2 to restart your application automatically on system reboot. `pm2 save` persists the current process list.
Step 8: Security Hardening and Audit
Run a Dependency Audit
“`
npm audit
“`
NPM cross-references your installed packages against the GitHub Advisory Database. Any known vulnerabilities are reported with severity levels (low, moderate, high, critical) and remediation paths.
“`
npm audit fix
“`
This automatically upgrades vulnerable packages to the nearest non-breaking patched version. For breaking changes, review the output and upgrade manually.
Pin Dependency Versions
In `package.json`, NPM uses semantic versioning ranges by default (`^1.2.3` allows minor and patch updates). In production, pin exact versions to prevent supply-chain surprises:
“`
npm config set save-exact true
“`
Or manually replace `^` prefixes with exact version strings in `package.json` and commit the `package-lock.json` file.
Avoid Running NPM as Administrator
Running `npm install -g` with elevated privileges writes files owned by the Administrator account, which can cause permission errors for subsequent non-elevated operations. Configure a user-owned global prefix (see Step 5) to eliminate the need for elevated privileges entirely.
Deploying Node.js Applications to a Server
Local development is only the first stage. Production deployment introduces additional requirements: process management, reverse proxying, TLS termination, and environment variable management.
A typical production stack on a Linux VPS Hosting instance pairs Node.js with Nginx as a reverse proxy. Nginx handles TLS termination (using certificates from a provider like SSL Certificates) and forwards requests to the Node.js process listening on a local port.
For teams that prefer a managed control panel environment, VPS with cPanel provides Node.js application management through the cPanel interface, simplifying deployment without requiring direct SSH configuration.
Environment-specific configuration (database credentials, API keys, port numbers) should never be hardcoded. Use a `.env` file with the `dotenv` package:
“`
npm install dotenv
“`
“`javascript
require('dotenv').config();
const port = process.env.PORT || 3000;
“`
Decision Matrix: When to Use Each Installation Method
| Scenario | Recommended Approach |
|---|
| — | — |
|---|
| Single project, learning Node.js | MSI installer, LTS version |
|---|
| Multiple projects with different Node.js versions | nvm-for-windows |
|---|
| CI/CD pipeline on Windows Server | MSI installer or Chocolatey (`choco install nodejs-lts`) |
|---|
| Production Linux server | Package manager (apt/yum) or nvm |
|---|
| Containerized application | Official `node` Docker image |
|---|
| Air-gapped corporate environment | Offline MSI + private NPM registry (Verdaccio) |
|---|
Key Technical Takeaways
- Always install the LTS version for production and team environments. Use the Current release only when a specific V8 or Node.js API feature is required.
- Use nvm-for-windows in any environment where multiple Node.js versions must coexist.
- Verify the installer's SHA-256 checksum before execution.
- Change the global NPM prefix to a user-owned directory to avoid permission errors and eliminate the need for elevated privileges.
- Never commit `node_modules/` to version control. Always commit `package-lock.json`.
- Run `npm audit` after every `npm install` in production pipelines.
- Use PM2 for process management on any server deployment β never run `node app.js` directly in production.
- Terminate TLS at the reverse proxy layer (Nginx, Caddy) rather than inside the Node.js process for better performance and certificate management.
- Store secrets in environment variables loaded via `dotenv`, never in source code.
Frequently Asked Questions
What is the difference between Node.js LTS and Current on Windows?
LTS versions receive security and stability patches for 30 months and carry even major version numbers (18, 20, 22). Current versions include the latest language and runtime features but are supported for only six months before transitioning to LTS or being dropped. For production Windows deployments, always use LTS.
Why does `npm install -g` fail with a permissions error on Windows?
The default global prefix (`C:Users<username>AppDataRoamingnpm`) occasionally lacks write permissions due to UAC policies or prior installations run as Administrator. The fix is to either run the terminal as Administrator (not recommended long-term) or reconfigure the global prefix to a directory your user account owns with `npm config set prefix "C:yourpath"`.
Can I run multiple Node.js versions simultaneously on Windows?
Yes, using nvm-for-windows. Install it, then use `nvm install <version>` and `nvm use <version>` to switch the active runtime. Each version maintains its own global package directory, preventing cross-version conflicts.
What is `package-lock.json` and should I commit it?
`package-lock.json` is an exact, deterministic record of the entire dependency tree resolved during `npm install`. It ensures that every developer and every CI/CD run installs identical package versions. Always commit it to version control and never edit it manually.
How do I run a Node.js application automatically on Windows startup without a server?
For development machines, use PM2 with `pm2 startup` and `pm2 save`. For Windows Service integration, tools like `node-windows` wrap a Node.js process as a native Windows Service, enabling management through the Services MMC snap-in and automatic restart on failure or reboot.