Most developers use these config files daily — but few truly understand how they work, why they matter, and how small mistakes can break a project or waste hours of debugging time.
This post goes beyond definitions: we’ll explore how these files work, why they matter, best practices, and common real-world mistakes to avoid.
1️⃣ package.json
What it is:
The heart of any Node.js or React project.
It lists the project’s metadata, dependencies, scripts and configuration.How it works:
Acts as the project manifest — when you runnpm install
, it reads the dependencies and installs them.-
Important things to remember:
- Keep dependencies (
dependencies
) and dev tools (devDependencies
) separate. - Always update versions carefully — check changelogs when upgrading.
- Keep dependencies (
👉 Quick Difference:
dependencies
are needed to run the application in production, whiledevDependencies
are only needed for development, testing and build processes.
-
Best practices:
- Define clear
scripts
(e.g.,npm run test
,npm run lint
) to standardize tasks for all developers. - Use semantic versioning (
^
,~
, exact versions) wisely. The versioning symbols define the range of versions allowed, and npm/yarn automatically picks the newest allowed version (unless restricted by the lockfile).
- Define clear
Real-world tip:
Messy or outdatedpackage.json
often causes “it works on my machine” issues, especially in CI/CD. Always commit updated files!
2️⃣ package-lock.json
/ yarn.lock
How they work:
Record exact package versions (including nested dependencies) used at install time.Why they matter in CI/CD:
Without lock files, your CI pipeline might install newer versions of packages than local dev, causing unpredictable failures.-
Best practices:
- Always commit lock files to version control.
- Never manually edit lock files.
- Avoid deleting lock files just to “fix” install issues — this usually hides the real problem.
Real-world mistake:
A team skips committingpackage-lock.json
; their staging environment works, but production deploy breaks because a sub-dependency released a breaking change overnight.
🔑 Important to know:
The lockfile (package-lock.json or yarn.lock) pins the exact version after the first install. Even if your package.json allows a higher version, the lockfile keeps things stable until you explicitly update.
3️⃣ .yarnrc
/ .npmrc
How they work:
Customize the behavior of npm/yarn, e.g., set private registries or proxies.-
Important to remember:
- Keep sensitive tokens out of versioned
.npmrc
/.yarnrc
. - For private registries, use
.npmrc
in the CI/CD pipeline or environment variables.
- Keep sensitive tokens out of versioned
-
Best practices:
- Store per-user configs in your home directory (
~/.npmrc
), not in the project if they contain sensitive info.
- Store per-user configs in your home directory (
4️⃣ babel.config.js
/ .babelrc
How it works:
Transforms modern JavaScript (ES6+, JSX, TypeScript) into code browsers understand.-
Common mistakes:
- Missing or misconfigured presets cause build failures.
- Using incompatible Babel and Webpack versions leads to hours of confusing errors.
-
Best practices:
- Explicitly define presets (
@babel/preset-env
,@babel/preset-react
) in projects. - Keep Babel versions in sync with other tools.
- Explicitly define presets (
5️⃣ tsconfig.json
How it works:
Controls TypeScript’s compiler behavior and type checking.-
Critical settings:
-
strict
→ enables full type safety. -
target
→ defines output JS version. -
baseUrl
/paths
→ improve import paths and avoid ugly../../
imports.
-
-
Best practices:
- Use strict mode in production projects.
- Align
tsconfig.json
with CI/CD type-check steps.
Real-world issue:
You skip strict mode to save time, ship to production, and later discover subtle type bugs that could have been caught early.
6️⃣ .eslint.json
/ .eslintrc.js
How it works:
Defines code linting rules — runs in editors, CI pipelines, or as pre-commit hooks.-
Best practices:
- Use a shared team config or extend popular configs like Airbnb or StandardJS.
- Integrate linting into CI to prevent code quality regressions.
Real-world example:
Teams without enforced linting often waste time reviewing minor formatting issues in PRs.
7️⃣ .prettierrc
How it works:
Configures automatic code formatting.-
Best practices:
- Run Prettier in your editor + CI pipeline.
- Use
.prettierignore
to exclude large generated files.
8️⃣ .gitignore
How it works:
Tells Git which files/folders to skip tracking (likenode_modules
,.env
).-
Best practices:
- Keep your
.gitignore
up to date; accidentally committingnode_modules
can break builds or bloat the repo. - Check
.gitignore
on new clones to avoid pushing unwanted files.
- Keep your
💥 Why It All Matters in CI/CD
CI/CD systems rely on predictable, repeatable builds. These config files:
✅ Ensure consistent dependency versions
✅ Standardize linting and formatting
✅ Prevent committing sensitive or unwanted files
✅ Configure tools like Babel, TypeScript, Webpack correctly across environments
Without understanding them, you risk:
- Broken deploys
- Hard-to-debug environment differences
- Hours of wasted developer time chasing “mystery” bugs
💥 Common Mistakes to Avoid
Deleting lockfiles to “fix” install errors → leads to unpredictable builds.
Ignoring Babel or TypeScript warnings → causes runtime crashes.
Not updating scripts in package.json → CI pipelines skip critical checks.
💡 Final Thoughts
Understanding these config files isn’t just “setup work”—it’s the foundation of reliable, maintainable apps. Whether you’re a frontend dev or working on CI/CD, mastering these files will save hours of debugging and make you a stronger engineer.
Top comments (0)