Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
@openzeppelin/cli
Advanced tools
OpenZeppelin SDK Command-Line Interface (@openzeppelin/cli)
Command-line interface for the OpenZeppelin smart contract platform.
OpenZeppelin SDK is a platform to develop, deploy and operate smart contract projects on Ethereum and every other EVM and eWASM-powered blockchain.
This is the repository for the OpenZeppelin commmand-line interface, the recommended way to use the OpenZeppelin SDK.
Install
First, install Node.js and npm. Then, install the OpenZeppelin SDK running:
npm install --global @openzeppelin/cli
Usage
To start, create a directory for the project and access it:
mkdir my-project
cd my-project
Use npm to create a package.json file:
npm init
And initialize the OpenZeppelin SDK project:
openzeppelin init my-project
Now it is possible to add contracts to the project with the openzeppelin add command,
push these contracts to a blockchain network with openzeppelin push, use
openzeppelin deploy to create instances for these contracts that later can be
upgraded, and many more things.
Run openzeppelin --help for more details about this and all the other functions of
the OpenZeppelin CLI.
The
OpenZeppelin SDK documentation
explains how to use the openzeppelin command-line interface to build a project, to
upgrade contracts and to share packages for other projects to reuse. It also
explains how to operate the project with the OpenZeppelin JavaScript libraries
instead of this openzeppelin command.
Security
If you find a security issue, please contact us at security@openzeppelin.com. We give rewards for reported issues, according to impact and severity.
Maintainers
Contribute
To contribute, join our community channel on Telegram where you can talk to all the OpenZeppelin developers, contributors, partners and users.
You can also follow the recent developments of the project in our blog and Twitter account.
License
MIT © OpenZeppelin
FAQs
Command-line interface for the OpenZeppelin smart contract platform
The npm package @openzeppelin/cli receives a total of 119 weekly downloads. As such, @openzeppelin/cli popularity was classified as not popular.
We found that @openzeppelin/cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 13 Apr 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025