This is just enough info to get you up and running.
Much more info available via
npm help once it's installed.
You need node v4 or higher to run this program.
To install an old and unsupported version of npm that works on node v0.12 and prior, clone the git repo and dig through the old tags and branches.
npm is configured to use npm, Inc.'s public package registry at https://registry.npmjs.org by default.
You can configure npm to use any compatible registry you like, and even run your own registry. Check out the doc on registries.
Super Easy Install
npm is bundled with node.
Get the MSI. npm is in it.
Apple Macintosh Computers
Get the pkg. npm is in it.
Other Sorts of Unices
make install. npm will be installed with node.
If you want a more fancy pants install (a different version, customized paths, etc.) then read on.
Fancy Install (Unix)
There's a pretty robust install script at https://www.npmjs.com/install.sh. You can download that and run it.
Here's an example using curl:
curl -L https://www.npmjs.com/install.sh | sh
You can set any npm configuration params with that script:
npm_config_prefix=/some/path sh install.sh
Or, you can run it in uber-debuggery mode:
npm_debug=1 sh install.sh
Get the code with git. Use
make to build the docs and do other stuff.
If you plan on hacking on npm,
make link is your friend.
If you've got the npm source code, you can also semi-permanently set
arbitrary config keys using the
./configure --key=val ..., and then
run npm commands by doing
node bin/npm-cli.js <command> <args>. (This is helpful
for testing, or running stuff without actually installing npm itself.)
Windows Install or Upgrade
Many improvements for Windows users have been made in npm 3 - you will have a better experience if you run a recent version of npm. To upgrade, either use Microsoft's upgrade tool, download a new version of Node, or follow the Windows upgrade instructions in the npm Troubleshooting Guide.
If that's not fancy enough for you, then you can fetch the code with git, and mess with it directly.
Installing on Cygwin
So sad to see you go.
sudo npm uninstall npm -g
Or, if that fails,
sudo make uninstall
More Severe Uninstalling
Usually, the above instructions are sufficient. That will remove npm, but leave behind anything you've installed.
If you would like to remove all the packages that you have installed,
then you can use the
npm ls command to find them, and then
npm rm to
To remove cruft left behind by npm 0.x, you can use the included
clean-old.sh script file. You can run it conveniently like this:
npm explore npm -g -- sh scripts/clean-old.sh
npm uses two configuration files, one for per-user configs, and another for global (every-user) configs. You can view them by doing:
npm config get userconfig # defaults to ~/.npmrc npm config get globalconfig # defaults to /usr/local/etc/npmrc
Uninstalling npm does not remove configuration files by default. You must remove them yourself manually if you want them gone. Note that this means that future npm installs will not remember the settings that you have chosen.
Check out the docs.
You can use the
npm help command to read any of them.
If you're a developer, and you want to use npm to publish your program, you should read this.
When you find issues, please report them:
Be sure to include all of the output from the npm command that didn't work
as expected. The
npm-debug.log file is also helpful to provide.
You can also find npm people in
#npm on https://package.community/ or
on Twitter. Whoever responds will no
doubt tell you to put the output in a gist or email.
Help us keep the lights on
v6.0.0-next.0 - Mar 23, 2018
Sometimes major releases are a big splash, sometimes they're something smaller. This is the latter kind. That said, we expect to keep this in release candidate status until Node 10 ships at the end of April. There will likely be a few more features for the 6.0.0 release line between now and then. We do expect to have a bigger one later this year though, so keep an eye out for
BREAKING AVOID DEPRECATED
When selecting versions to install, we now avoid deprecated versions if possible. For example:
Module: example Versions: 1.0.0 1.1.0 1.1.2 1.1.3 (deprecated) 1.2.0 (latest)
If you ask
npm to install
npm will now give you
By contrast, if you installed
example@~1.1.3 then you'd get
1.1.3, as it's the only version that can match the range.
BREAKING UPDATE AND OUTDATED
npm install is finding a version to install, it first checks to see if the specifier you requested matches the
latest tag. If it doesn't, then it looks for the highest version that does. This means you can do release candidates on tags other than
latest and users won't see them unless they ask for them. Promoting them is as easy as setting the
latest tag to point at them.
npm update and
npm outdated worked differently. They just looked for the most recent thing that matched the semver range, disregarding the
latest tag. We're changing it to match
npm install's behavior.
3aaa6ef42Make update and outdated respect latest interaction with semver as install does. (@iarna)
PLUS ONE SMALLER PATCH
Technically this is a bug fix, but the change in behavior is enough of an edge case that I held off on bringing it in until a major version.
When we extract a binary and it starts with a shebang (or "hash bang"), that is, something like:
If the file has Windows line endings we strip them off of the first line. The reason for this is that shebangs are only used in Unix-like environments and the files with them can't be run if the shebang has a Windows line ending.
Previously we converted ALL line endings from Windows to Unix. With this patch we only convert the line with the shebang. (Node.js works just fine with either set of line endings.)
email@example.com: Only rewrite the CR after a shebang (if any) when fixing up CR/LFs. (@iarna)
BREAKING SUPPORTED NODE VERSIONS
Per our supported Node.js policy, we're dropping support for both Node 4 and Node 7, which are no longer supported by the Node.js project.
v5.9.0-next.0 - Mar 23, 2018
Coming to you this week are a fancy new package view, pack/publish previews and a handful of bug fixes! Let's get right in!
NEW PACKAGE VIEW
There's a new
npm view in town. You might it as
npm info or
npm show. The new output gives you a nicely summarized view that for most packages fits on one screen. If you ask it for
--json you'll still get the same results, so your scripts should still work fine.
143cdbf13#19910 Add humanized default view. (@zkat)
PACK AND PUBLISH PREVIEWS
npm pack and
npm publish commands print out a summary of the files included in the package. They also both now take the
--dry-run flag, so you can double check your
.npmignore settings before doing a publish.
116e9d827#19908 Add package previews to pack and publish. Also add --dry-run and --json flags. (@zkat)
MERGE CONFLICT, SMERGE CONFLICT
If you resolve a
package-lock.json merge conflict with
npm install we now suggest you setup a merge driver to handle these automatically for you. If you're reading this and you'd like to set it up now, run:
npx npm-merge-driver install -g
a05e27b71Going forward, record requested ranges not versions in the package-lock. (@iarna)
f721eec59Add 10 to Node.js supported version list. It's not out yet, but soon my pretties... (@iarna)
firstname.lastname@example.org: Fix bugs on docker and with some
npm ci. Fix a bug where script hooks wouldn't be called with
npm ci. Fix a bug where
--prefixweren't compatible. (@isaacseymour) (@umarov) (@mikeshirov) (@billjanitsch)
email@example.com: Switch to safe-buffer and Buffer.from. (@isaacs) (@ChALkeR)
v5.8.0 - Mar 23, 2018
Hey again, everyone! While last release was focused largely around PRs from the CLI team, this release is mostly pulling in community PRs in npm itself and its dependencies! We've got a good chunk of wonderful contributions for y'all, and even new features and performance improvements! 🎉
We're hoping to continue our biweekly (as in every-other-week biweekly) release schedule from now on, so you should be seeing more steady npm releases from here on out. And that's good, 'cause we've got a ton of new stuff on our roadmap for this year. Keep an eye out for exciting news. 👀
2f513fe1c#19904 Make a best-attempt at preserving line ending style when saving
npm-shrinkwrap.json. This goes hand-in-hand with a previous patch to preserve detected indentation style. (@tuananh)
- Retry git-based operations on certain types of failure.
ecfbb16dc#19929 Add support for the
NO_COLORstandard. This gives a cross-application, consistent way of disabling ANSI color code output. Note that npm already supported this through
npm_config_color='false'configurations, so this is just another way to do it. (@chneukirchen)
fc8761daf#19629 Give more detailed, contextual information when npm fails to parse
npm-shrinkwrap.json, instead of saying
JSON parse errorand leaving you out in the cold. (@JoshuaKGoldberg)
--no-proxyconfig option. Previously, you needed to use the
NO_PROXYenvironment variable to use this feature -- now it's an actual npm option. (@Saturate)
f0e998daa#18426 Do environment variable replacement in config files even for config keys or fragments of keys. (@misak113)
9847c82a8#18384 Better error messaging and suggestions when users get
I hope y'all have been having fun with
npm ci so far! Since this is the first release since that went out, we've had a few fixes and improvements now that folks have actually gotten their hands on it! Benchmarks have been super promising so far, and I've gotten messages from a lot of you saying you've sped up your CI work by 2-5x in some cases! Have a good example? Tell us on Twitter!
npm ci is, right now, the fastest installer you can use in CI situations, so go check it out if you haven't already! We'll continue doing performance improvements on it, and a lot of those will help make
npm install fast as well. 🏎😎
libcipm release includes a number of improvements:
- PERFORMANCE Reduce calls to
read-package-jsonand separate JSON update phase from man/bin linking phase.
npm cishould be noticeably faster.
- FEATURE Progress bar now fills up as packages are installed, instead of sitting there doing nothing.
- BUGFIX Add support for
- BUFGIX Linking binaries and running scripts in parallel was causing packages to sometimes clobber each other when hoisted, as well as potentially running too many run-sripts in parallel. This is now a serial operation, and it turns out to have had relatively little actual performance impact.
- BUGFIX Stop adding
_fromto directory deps (aka
58d2aa58d#20027 Use a specific mtime when packing tarballs instead of the beginning of epoch time. This should allow
npm packto generate tarballs with identical hashes for identical contents, while fixing issues with some
zipimplementations that do not support pre-1980 timestamps. (@isaacs)
4f319de1dDon't fall back to couch adduser if we didn't try couch login. (@iarna)
c8230c9bb#19608 Fix issue where using the npm-bundled
npxon Windows was invoking
npx prefix(and downloading that package). (@laggingreflex)
d70c01970#18953 Avoid using code that depends on
unsupportedcheck, so npm can report the issue normally instead of syntax-crashing. (@deployable)
firstname.lastname@example.org: Fixes issue preventing correct rendering of backticked strings. man pages should be rendering correctly now instead of having empty spaces wherever backticks were used. (@joshbruce)
71076ebda#19950 Add a note to install --production. (@kyranet)
3a33400b8#19957 nudge around some details in ci docs (@zkat)
06038246a#19893 Add a common open reason to the issue template. (@MrStonedOne)
7376dd8af#19870 Fix typo in
5390ed4fa#19858 Fix documented default value for config save option. It was still documented as
false, even though
email@example.com it to
trueby default. (@nalinbhardwaj)
npm updatedocs now that
--saveis on by default. (@selbekk)
5ec5dffc8#19726 Clarify that
versionfields are optional if your package is not supposed to be installable as a dependency. (@ngarnier)
046500994#19676 Fix documented cache location on Windows. (@VladRassokhin)
ffa84cd0f#19475 Added example for
de72d9a18#19307 Document the
npm help package-lock.json. (@jcrben)
35c4abded#18976 Typo fix in coding style documentation. (@rinfan)
editsection to description in
c2bbaaa58#19194 Tiny style fix in
d7ff07135#18514 Make it so
7a8705113#18407 Clarify the mechanics of the
package.jsona bit. (@bmacnaughton)
b2a1cf084#18382 Document the
b8a48a959#19907 Consolidate code for stringifying
package.jsonand package locks. Also adds tests have been added to test that
package[-lock].jsonfiles are written to disk with their original line endings. (@nwoltman)
b4f707d9f#19879 Remove unused devDependency
8150dd5f7#16540 Stop doing an
make clean. (@metux)
OTHER DEPENDENCY BUMPS
firstname.lastname@example.org: Support git packed refs
v5.8.0-next.0 - Mar 13, 2018
v5.7.1 - Feb 22, 2018
This release reverts a patch that could cause some ownership changes on system files when running from some directories when also using
Thankfully, it only affected users running
npm@next, which is part of our staggered release system, which we use to prevent issues like this from going out into the wider world before we can catch them. Users on
latest would have never seen this!
The original patch was added to increase consistency and reliability of methods npm uses to avoid writing files as
root in places it shouldn't, but the change was applied in places that should have used regular mkdirp`. This release reverts that patch.