Security News
The Push to Ban Ransom Payments Is Gaining Momentum
Ransomware costs victims an estimated $30 billion per year and has gotten so out of control that global support for banning payments is gaining momentum.
npm
Advanced tools
Package description
The npm package 'npm' is the package manager for Node.js. It allows users to install, update, and manage dependencies for Node.js applications. It also provides tools for package discovery, publishing, and managing a local development environment.
Package Installation
Installs the 'express' package and its dependencies into the node_modules directory.
npm install express
Package Update
Updates the 'lodash' package to the latest version according to the versioning in package.json.
npm update lodash
Package Removal
Removes the 'moment' package from the node_modules directory and updates the package.json.
npm uninstall moment
Listing Installed Packages
Lists the top-level packages installed in the node_modules directory.
npm list --depth=0
Running Scripts
Runs the 'test' script specified in the package.json file.
npm run test
Publishing a Package
Publishes the current package to the npm registry, making it available for others to install.
npm publish
Yarn is a package manager that provides faster, more reliable, and more secure dependency management compared to npm. It uses a lockfile to ensure that the same package versions are installed across different environments.
pnpm is a fast, disk space efficient package manager that works by creating a single copy of a package version and linking it in the node_modules of every project that uses it. This approach saves disk space and improves installation speed compared to npm.
Bower is a package manager primarily for front-end web development. It manages components that contain HTML, CSS, JavaScript, fonts, or even image files. Bower is less commonly used now due to npm and Yarn's ability to handle front-end packages as well.
Changelog
10.8.0 (2024-05-15)
d5c3289
#7513 refactor: use output buffer and error for more commands (#7513) (@lukekarrys)12f103c
#7533 add first param titles to logs where missing (#7533) (@lukekarrys)badeac2
#7521 config: use redact on config output (#7521) (@lukekarrys)76aef74
#7520 view: refactor exec and execWorkspaces to call same methods (#7520) (@lukekarrys)b54cdb8
#7515 refactor: create new error output primitives (#7515) (@lukekarrys)e40454c
#7506 view: dont unwrap arrays in json mode (#7506) (@lukekarrys)6f64148
require stdout to be a TTY for progress (#7507) (@lukekarrys)db62910
#7504 config: be more aggressive about hiding protected values (#7504) (@wraithgar)6d456bb
#7497 dont write log file for completion commands (#7497) (@lukekarrys)722c0fa
#7463 limit packument cache size based on heap size (@wraithgar)ca1a68d
#7474 log if npm deprecate
does not match any version (#7474) (@mbtools)261ea19
#7457 run input.start around help and openining urls (@lukekarrys)4ab6cf4
#7459 publish: validate dist-tag (#7459) (@reggi)b2ce025
#7518 suggest correct bin entry (#7518) (@Santoshraj2)bdd2aae
#7502 remove obsolete removal using make uninstall (#7502) (@avinal)c3d2819
#7496 npm help json/global command on windows (#7496) (@klm-turing, @lukekarrys)268303c
#7479 add npm version to every local help output (#7479) (@klm-turing)e39d422
#7473 suggest "npm repo" for showing the repo of a package (#7473) (@full-stop)f6fff32
#7433 clarify what peerDependenciesMeta does (#7433) (@xuhdev, @wraithgar)1cdc662
#7522 @tufjs/repo-mock@2.0.1
898bcfd
#7522 @sigstore/protobuf-specs@0.3.2
fec3c94
#7522 path-scurry@1.11.1
cb85973
#7522 glob@10.3.15
e189873
#7498 @sigstore/sign@2.3.1
c2b28f9
#7498 minipass@7.1.1
9064ffc
#7498 @sigstore/tuf@2.3.3
fd42986
#7498 @npmcli/fs@3.1.1
4e53e33
#7498 semver@7.6.2
f078c82
#7495 glob@10.3.14
58f773c
#7495 path-scurry@1.11.0
ea0b07d
#7482 pacote@18.0.6
8d161a4
#7482 semver@7.6.1
5b2317b
#7463 add lru-cache26fefb8
#7480 promzard@1.0.2
2146e1f
#7480 npm-bundled@3.0.1
ff6c5d1
#7480 minipass-fetch@3.0.5
419f9b9
#7480 cmd-shim@6.0.3
dade2c8
#7480 minipass@7.1.0
18e5312
#7480 validate-npm-package-name@5.0.1
d440011
#7480 npm-user-validate@2.0.1
552113e
#7480 ignore-walk@6.0.5
7e15b6d
#7480 @npmcli/metavuln-calculator@7.1.1
8b20f8c
#7480 ssri@10.0.6
a9a6dcd
#7480 pacote@18.0.5
e2fdb65
#7480 npm-pick-manifest@9.0.1
310a7a5
#7480 normalize-package-data@6.0.1
e71f541
#7480 nopt@7.2.1
18c3b40
#7480 json-parse-even-better-errors@3.0.2
4c5bf77
#7480 init-package-json@6.0.3
714e3e1
#7480 hosted-git-info@7.0.2
f94d672
#7480 cacache@18.0.3
43331e4
#7480 bin-links@4.0.4
8234412
#7480 @npmcli/promise-spawn@7.0.2
6dfaebb
#7480 @npmcli/git@5.0.7
63ef498
#7457 npm-registry-fetch@17.0.1
4cbc2d4
#7457 npm-profile@10.0.0
Readme
One of the following versions of Node.js must be installed to run npm
:
18.x.x
>= 18.17.0
20.5.0
or highernpm
comes bundled with node
, & most third-party distributions, by default. Officially supported downloads/distributions can be found at: nodejs.org/en/download
You can download & install npm
directly from npmjs.com using our custom install.sh
script:
curl -qL https://www.npmjs.com/install.sh | sh
If you're looking to manage multiple versions of Node.js
&/or npm
, consider using a node version manager
npm <command>
npm help-search <query>
npm
is configured to use the npm Public Registry at https://registry.npmjs.org by default; Usage of this registry is subject to Terms of Use available at https://npmjs.com/policies/termsnpm
to use any other compatible registry you prefer. You can read more about configuring third-party registries herenpm
should never be capitalized unless it is being displayed in a location that is customarily all-capitals (ex. titles on man
pages).
Contrary to popular belief, npm
is not in fact an acronym for "Node Package Manager"; It is a recursive bacronymic abbreviation for "npm is not an acronym" (if the project was named "ninaa", then it would be an acronym). The precursor to npm
was actually a bash utility named "pm", which was the shortform name of "pkgmakeinst" - a bash function that installed various things on various platforms. If npm
were to ever have been considered an acronym, it would be as "node pm" or, potentially "new pm".
FAQs
a package manager for JavaScript
We found that npm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Ransomware costs victims an estimated $30 billion per year and has gotten so out of control that global support for banning payments is gaining momentum.
Application Security
New SEC disclosure rules aim to enforce timely cyber incident reporting, but fear of job loss and inadequate resources lead to significant underreporting.
Security News
The Python Software Foundation has secured a 5-year sponsorship from Fastly that supports PSF's activities and events, most notably the security and reliability of the Python Package Index (PyPI).