identify-package-manager
Advanced tools
Check the used package manager in a given repository (npm, yarn classic, yarn berry, pnpm, bun)
Detect the package manager used by a repository from any nested directory.
The package works as a CLI and as a library. It inspects packageManager metadata when present and falls back to common lockfiles such as package-lock.json, yarn.lock, pnpm-lock.yaml, bun.lock, and bun.lockb.
npm install identify-package-manager
You can also run it without a global install:
npx identify-package-manager
Run the command anywhere inside the repository you want to inspect:
identify-package-manager [options] [directory]
Without any flag, the CLI prints the package manager name plus version info when it can determine one:
{
"name": "yarn-berry",
"version": {
"simple": "4.6.1",
"detailed": {
"major": 4,
"minor": 6,
"patch": 1
}
}
}
Use --nameonly if you only need the normalized package manager name.
| option | explanation |
|---|---|
-h / --help | Display this package's help + usage info. |
-v / --version | Display this package's version number. |
-n / --nameonly | If set, the CLI only returns the package manager name (npm, yarn-classic, yarn-berry, pnpm, bun, or unknown). |
import { identifyPackageManager } from "identify-package-manager";
const packageManagerInfo = identifyPackageManager();
console.log(packageManagerInfo);
const packageManagerName = identifyPackageManager(true);
console.log(packageManagerName);
You may also pass an explicit starting directory instead of relying on process.cwd():
const packageManagerInfo = identifyPackageManager(false, "/path/inside/repository");
This repository uses npm, not Yarn or pnpm.
Useful commands:
npm test
npm run build
npm run verify
Commits are expected to use conventional commit messages. Local raw git commit is blocked by Husky on purpose; use the interactive helper instead:
npm run commit
That helper is intentionally a small local script instead of commitizen to avoid extra transitive maintenance and vulnerability surface.
Releases are automated with semantic-release in GitHub Actions.
npm ci and npm run verify.main or master, plus manual workflow dispatch.package.json version committed on main can lag behind the latest published version.NPM_TOKEN should be required once the npm package is configured for trusted publishing.vX.Y.Z tag to the latest already-published commit before the first automated release so semantic-release has the correct baseline.npm run release:dry-run intentionally skips npm and GitHub publishing plugins and uses the local checkout as the release repository so you can preview release calculation without GitHub push credentials or npm auth.You can preview the release process locally with:
npm run release:dry-run
FAQs
Check the used package manager in a given repository (npm, yarn classic, yarn berry, pnpm, bun)
We found that identify-package-manager demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub Actions checkout now blocks risky pull_request_target checkouts by default to help prevent pwn request supply chain attacks.
Product
Socket now supports Custom Roles and Repository Access Permissions so organizations can control who can access specific repositories and actions.
Product
Socket MCP now lets AI assistants review org alerts, investigate threats using the Socket threat feed, and inspect package files in addition to dependency scoring.