First Contact: Understanding Any Codebase FastLesson 1.2
What package.json and dependency files tell you about a project
dependencies vs devDependencies, version pinning, scripts block, peer dependencies, lockfiles, tech stack inference
Dependencies Are a Tech Stack Declaration
package.json is a project's rΓ©sumΓ©. Before reading any source file, scan it for 90 seconds to understand what the project is built with.
What Each Section Tells You
- dependencies β what runs in production. React here means a frontend app. Express means a web server.
- devDependencies β build tools, linters, test runners. Jest means there are tests. Webpack means a build step exists.
- scripts β the verbs of the project: how to run, build, test, and lint it.
- engines β required Node/npm versions, critical for local setup.
// Reading the stack from dependencies
{
"dependencies": {
"express": "^4.18.2", // Node web server
"mongoose": "^7.3.0", // MongoDB ORM
"jsonwebtoken": "^9.0.0" // JWT auth
},
"devDependencies": {
"jest": "^29.5.0", // test runner
"nodemon": "^3.0.1" // dev reload
}
}
// Conclusion: Express REST API with MongoDB and JWT authCheck the Lockfile for Reality
The lockfile (package-lock.json or yarn.lock) shows the exact versions installed. When debugging a "works on my machine" issue, compare lockfiles first. Never commit dependency upgrades without reviewing the lockfile diff.