Backend projects depend on libraries: HTTP servers, database drivers, auth helpers. A package manager installs these from a registry (e.g. npmjs.com, PyPI, Maven Central), resolves version ranges, and puts code in a place your app can import.

You declare dependencies in a file (package.json, requirements.txt, go.mod, pom.xml). The tool reads that file and installs (or updates) dependencies. Without a lockfile, two installs at different times can get different versions and cause "works on my machine" bugs.

Node (npm): npm install reads package.json and creates node_modules/; npm install express adds express to dependencies and installs it. Use npm ci in CI for reproducible installs from package-lock.json.

Python (pip): pip install -r requirements.txt installs from a list; pip install flask adds to the environment. Prefer pip freeze > requirements.txt to pin versions, or use pip-tools / Poetry for a lockfile.

Go: go mod init creates go.mod; go get github.com/gin-gonic/gin adds the module and updates go.mod and go.sum (checksums). go build downloads missing modules. No global install; modules live in a cache.

Java (Maven): Dependencies go in pom.xml; mvn install downloads them to a local repo. Gradle uses build.gradle and a similar model.

A lockfile (e.g. package-lock.json, go.sum, poetry.lock) records the exact versions (and sometimes checksums) of every dependency. Everyone and every CI run then get the same tree. Always commit the lockfile; never commit node_modules or __pycache__.

Version ranges in the manifest (e.g. "^1.2.3" in npm means "1.x.x >= 1.2.3") allow updates within bounds. The lockfile stores the resolved version. To refresh: npm update, pip install -U -r requirements.txt, go get -u, mvn versions:use-latest-releases (or similar), then test and commit the updated lockfile.

Package managers let you define scripts in the manifest. npm uses scripts in package.json: "start": "node server.js", "test": "jest". You run npm start, npm test. Same idea in Makefile or mvn phases (mvn test, mvn package).

Use scripts for: run app, run tests, run linter, build for production. That way one command (npm run build, mvn package) is the standard way to produce an artifact.

Project dependencies are for the app: they go in node_modules, venv, or the module cache. Only the current project uses them.

Global installs (e.g. npm install -g nodemon) put a tool on your PATH for use across projects. Prefer project-local tools where possible (e.g. npx nodemon or a script in package.json) so the version is pinned and the team shares the same setup.