Home
Docs
GitHub
Pricing
Blog
Log In
DOCS
GITHUB
PRICING
BLOG
Log In

Run Sandworm Audit for your App

Get started
Hold on, we're currently generating a fresh version of this report
Generated on Sep 30, 2023 via pnpm
Repo
Npm
Home

npm 4.0.2

a package manager for JavaScript
install
modules
package manager
package.json
Package summary
Share
39
issues
1
critical severity
vulnerability
1
27
high severity
vulnerability
12
license
2
meta
13
6
moderate severity
vulnerability
6
5
low severity
vulnerability
2
license
3
13
licenses
128
MIT
69
ISC
8
Apache-2.0
22
other licenses
BSD-3-Clause
7
BSD-2-Clause
5
(WTFPL OR MIT)
3
(MIT OR Apache-2.0)
1
+ 6 more
Package created
12 Jul 2013
Version published
4 Nov 2016
Maintainers
5
Total versions
531
License
Artistic-2.0

Issues

39

1 critical severity issue

critical
cryptiles@2.0.5
Insufficient Entropy in cryptiles
Recommendation: Upgrade to version 4.1.2 or later
via: node-gyp@3.4.0 & others
Collapse
Expand

27 high severity issues

high
npm@4.0.2
Incorrect Permission Assignment for Critical Resource in NPM
Recommendation: Upgrade to version 5.7.1 or later
via: npm@4.0.2
npm@4.0.2
npm Vulnerable to Global node_modules Binary Overwrite
Recommendation: Upgrade to version 6.13.4 or later
via: npm@4.0.2
npm@4.0.2
npm symlink reference outside of node_modules
Recommendation: Upgrade to version 6.13.3 or later
via: npm@4.0.2
npm@4.0.2
Arbitrary File Write in npm
Recommendation: Upgrade to version 6.13.3 or later
via: npm@4.0.2
tar@2.2.2
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
Recommendation: Upgrade to version 3.2.2 or later
via: node-gyp@3.4.0 & others
npm-user-validate@0.1.5
Regular expression denial of service in npm-user-validate
Recommendation: Upgrade to version 1.0.1 or later
via: npm-user-validate@0.1.5
tar@2.2.2
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
Recommendation: Upgrade to version 3.2.3 or later
via: node-gyp@3.4.0 & others
tar@2.2.2
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Recommendation: Upgrade to version 4.4.16 or later
via: node-gyp@3.4.0 & others
tar@2.2.2
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
Recommendation: Upgrade to version 4.4.18 or later
via: node-gyp@3.4.0 & others
hawk@3.1.3
Uncontrolled Resource Consumption in Hawk
Recommendation: Upgrade to version 9.0.1 or later
via: node-gyp@3.4.0 & others
tar@2.2.2
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Recommendation: Upgrade to version 4.4.18 or later
via: node-gyp@3.4.0 & others
hoek@2.16.3
Prototype Pollution in hoek
Recommendation: Upgrade to version 4.2.1 or later
via: node-gyp@3.4.0 & others
sntp@1.0.9
Package uses an invalid SPDX license ("BSD")
Recommendation: Validate that the package complies with your license policy
via: node-gyp@3.4.0 & others
spdx-exceptions@2.3.0
Package uses an atypical license ("CC-BY-3.0")
Recommendation: Read and validate the license terms
via: init-package-json@1.9.6 & others
boom@2.10.1
Deprecated package
via: node-gyp@3.4.0 & others
cryptiles@2.0.5
Deprecated package
via: node-gyp@3.4.0 & others
es5-ext@0.10.62
Package uses postinstall script: " node -e "try{require('./_postinstall')}catch(e){}" || exit 0"
via: node-gyp@3.4.0
fs-vacuum@1.2.10
Deprecated package
via: fs-vacuum@1.2.10
har-validator@2.0.6
Deprecated package
via: node-gyp@3.4.0 & others
hawk@3.1.3
Deprecated package
via: node-gyp@3.4.0 & others
hoek@2.16.3
Deprecated package
via: node-gyp@3.4.0 & others
node-uuid@1.4.8
Deprecated package
via: node-gyp@3.4.0 & others
read-package-tree@5.1.6
Deprecated package
via: read-package-tree@5.1.6
readdir-scoped-modules@1.1.0
Deprecated package
via: read-installed@4.0.3 & others
request@2.78.0
Deprecated package
via: node-gyp@3.4.0 & others
sntp@1.0.9
Deprecated package
via: node-gyp@3.4.0 & others
tar@2.2.2
Deprecated package
via: node-gyp@3.4.0 & others
Collapse
Expand

6 moderate severity issues

moderate
npm@4.0.2
npm CLI exposing sensitive information through logs
Recommendation: Upgrade to version 6.14.6 or later
via: npm@4.0.2
tunnel-agent@0.4.3
Memory Exposure in tunnel-agent
Recommendation: Upgrade to version 0.6.0 or later
via: node-gyp@3.4.0 & others
hosted-git-info@2.1.5
Regular Expression Denial of Service in hosted-git-info
Recommendation: Upgrade to version 2.8.9 or later
via: hosted-git-info@2.1.5 & others
tough-cookie@2.3.4
tough-cookie Prototype Pollution vulnerability
Recommendation: Upgrade to version 4.1.3 or later
via: node-gyp@3.4.0 & others
request@2.78.0
Server-Side Request Forgery in Request
Recommendation: None
via: node-gyp@3.4.0 & others
semver@5.3.0
semver vulnerable to Regular Expression Denial of Service
Recommendation: Upgrade to version 5.7.2 or later
via: init-package-json@1.9.6 & others
Collapse
Expand

5 low severity issues

low
npm-user-validate@0.1.5
Regular Expression Denial of Service in npm-user-validate
Recommendation: Upgrade to version 1.0.1 or later
via: npm-user-validate@0.1.5
chownr@1.0.1
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr
Recommendation: Upgrade to version 1.1.0 or later
via: chownr@1.0.1
sntp@1.0.9
Package uses a license that is not OSI approved ("BSD")
Recommendation: Read and validate the license terms
via: node-gyp@3.4.0 & others
spdx-exceptions@2.3.0
Package uses a license that is not OSI approved ("CC-BY-3.0")
Recommendation: Read and validate the license terms
via: init-package-json@1.9.6 & others
spdx-license-ids@3.0.15
Package uses a license that is not OSI approved ("CC0-1.0")
Recommendation: Read and validate the license terms
via: init-package-json@1.9.6 & others
Collapse
Expand

Licenses

MIT
128
ISC
69
Apache-2.0
8
BSD-3-Clause
7
BSD-2-Clause
5
(WTFPL OR MIT)
3
(MIT OR Apache-2.0)
1
(AFL-2.1 OR BSD-3-Clause)
1
(BSD-2-Clause OR MIT)
1
BSD
1
CC-BY-3.0
1
CC0-1.0
1
Unlicense
1

MIT License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
Cannot
hold-liable
Must
include-copyright
include-license
Packages
ansi-regex@2.1.1
ansi-styles@2.2.1
ansicolors@0.3.2
ansistyles@0.1.3
archy@1.0.0
array-index@1.0.0
asap@2.0.6
asn1@0.2.6
assert-plus@0.2.0
assert-plus@1.0.0
asynckit@0.4.0
aws4@1.12.0
balanced-match@1.0.2
brace-expansion@1.1.11
buffer-from@1.1.2
buffer-shims@1.0.0
builtin-modules@1.1.1
builtins@0.0.7
builtins@1.0.3
chalk@1.1.3
clone@1.0.4
code-point-at@1.1.0
columnify@1.5.4
combined-stream@1.0.8
commander@2.20.3
concat-map@0.0.1
concat-stream@1.6.2
config-chain@1.1.13
core-util-is@1.0.2
core-util-is@1.0.3
dashdash@1.14.1
debug@2.6.9
debuglog@1.0.1
defaults@1.0.4
delayed-stream@1.0.0
delegates@1.0.0
duplexify@3.7.1
ecc-jsbn@0.1.2
editor@1.0.0
end-of-stream@1.4.4
es6-iterator@2.0.3
escape-string-regexp@1.0.5
extend@3.0.2
extsprintf@1.3.0
flush-write-stream@1.1.1
form-data@2.1.4
from2@1.3.0
from2@2.3.0
generate-function@2.3.1
generate-object-property@1.2.0
getpass@0.1.7
has-ansi@2.0.0
has-color@0.1.7
http-signature@1.1.1
iferr@0.1.5
imurmurhash@0.1.4
is-builtin-module@1.0.0
is-fullwidth-code-point@1.0.0
is-my-ip-valid@1.0.1
is-my-json-valid@2.20.6
is-property@1.0.2
is-typedarray@1.0.0
isarray@0.0.1
isarray@1.0.0
isstream@0.1.2
jsbn@0.1.1
json-parse-better-errors@1.0.2
jsonparse@1.3.1
jsonpointer@5.0.1
jsprim@1.4.2
lodash._baseuniq@4.6.0
lodash._createset@4.0.3
lodash._root@3.0.1
lodash.clonedeep@4.5.0
lodash.union@4.6.0
lodash.uniq@4.5.0
lodash.without@4.4.0
mime-db@1.52.0
mime-types@2.1.35
minimist@1.2.8
mkdirp@0.5.6
ms@2.0.0
node-gyp@3.4.0
node-uuid@1.4.8
number-is-nan@1.0.1
object-assign@4.1.1
os-homedir@1.0.2
os-tmpdir@1.0.2
path-array@1.0.1
path-is-absolute@1.0.1
pinkie-promise@2.0.1
pinkie@2.0.4
process-nextick-args@1.0.7
process-nextick-args@2.0.1
pump@1.0.3
pump@2.0.1
pumpify@1.5.1
punycode@1.4.1
readable-stream@1.1.14
readable-stream@2.1.5
readable-stream@2.3.8
retry@0.10.1
safe-buffer@5.1.2
safer-buffer@2.1.2
slash@1.0.0
sorted-union-stream@2.1.3
spdx-expression-parse@3.0.1
sshpk@1.17.0
stream-each@1.2.3
stream-iterate@1.2.0
stream-shift@1.0.1
string-width@1.0.2
string_decoder@0.10.31
string_decoder@1.1.1
stringstream@0.0.6
strip-ansi@3.0.1
supports-color@2.0.0
text-table@0.2.0
through@2.3.8
through2@2.0.5
typedarray@0.0.6
umask@1.1.0
unpipe@1.0.0
util-deprecate@1.0.2
util-extend@1.0.3
verror@1.10.0
wcwidth@1.0.1
xtend@4.0.2

ISC License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
Cannot
hold-liable
Must
include-copyright
include-license
Packages
abbrev@1.0.9
aproba@1.0.4
are-we-there-yet@1.1.7
block-stream@0.0.9
chownr@1.0.1
console-control-strings@1.1.0
d@1.0.1
dezalgo@1.0.4
es5-ext@0.10.62
es6-symbol@3.1.3
ext@1.7.0
fs-vacuum@1.2.10
fs-write-stream-atomic@1.0.10
fs.realpath@1.0.0
fstream-ignore@1.0.5
fstream-npm@1.2.1
fstream@1.0.12
gauge@2.6.0
gauge@2.7.4
glob@7.1.7
graceful-fs@4.1.15
har-validator@2.0.6
has-unicode@2.0.1
hosted-git-info@2.1.5
inflight@1.0.6
inherits@2.0.4
ini@1.3.8
init-package-json@1.9.6
isexe@2.0.0
json-stringify-safe@5.0.1
lockfile@1.0.4
minimatch@3.1.2
mute-stream@0.0.8
next-tick@1.1.0
nopt@3.0.6
normalize-git-url@3.0.2
npm-cache-filename@1.0.2
npm-package-arg@4.2.1
npm-registry-client@7.3.0
npmlog@3.1.2
npmlog@4.0.2
once@1.4.0
osenv@0.1.5
promzard@0.3.0
proto-list@1.2.4
read-cmd-shim@1.0.5
read-installed@4.0.3
read-package-json@2.0.13
read-package-tree@5.1.6
read@1.0.7
readdir-scoped-modules@1.1.0
realize-package-specifier@3.0.3
rimraf@2.5.4
semver@5.3.0
set-blocking@2.0.0
signal-exit@3.0.7
slide@1.1.6
tar@2.2.2
type@1.2.0
type@2.7.2
uid-number@0.0.6
unique-filename@1.1.1
unique-slug@2.0.2
validate-npm-package-name@2.2.2
validate-npm-package-name@3.0.0
which@1.2.14
wide-align@1.1.5
wrappy@1.0.2
write-file-atomic@1.2.0

Apache License 2.0

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
use-patent-claims
place-warranty
Cannot
hold-liable
use-trademark
Must
include-copyright
include-license
state-changes
include-notice
Packages
aws-sign2@0.6.0
caseless@0.11.0
forever-agent@0.6.1
oauth-sign@0.8.2
request@2.78.0
spdx-correct@3.2.0
tunnel-agent@0.4.3
validate-npm-package-license@3.0.4

BSD 3-Clause "New" or "Revised" License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
place-warranty
Cannot
use-trademark
hold-liable
Must
include-copyright
include-license
Packages
bcrypt-pbkdf@1.0.2
boom@2.10.1
cryptiles@2.0.5
hawk@3.1.3
hoek@2.16.3
qs@6.3.3
tough-cookie@2.3.4

BSD 2-Clause "Simplified" License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
place-warranty
Cannot
hold-liable
Must
include-copyright
include-license
Packages
cmd-shim@2.0.2
mississippi@1.2.0
normalize-package-data@2.3.8
npm-install-checks@3.0.2
npm-user-validate@0.1.5

(WTFPL OR MIT)

Permissive
Packages
opener@1.4.3
path-is-inside@1.0.2
sorted-object@2.0.1

(MIT OR Apache-2.0)

Permissive
Packages
JSONStream@1.2.1

(AFL-2.1 OR BSD-3-Clause)

Permissive
Packages
json-schema@0.4.0

(BSD-2-Clause OR MIT)

Permissive
Packages
sha@2.0.1

BSD

Invalid
Not OSI Approved
Packages
sntp@1.0.9

Creative Commons Attribution 3.0 Unported

Uncategorized
Not OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
Cannot
Must
Packages
spdx-exceptions@2.3.0

Creative Commons Zero v1.0 Universal

Public Domain
Not OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
Cannot
Must
Packages
spdx-license-ids@3.0.15

The Unlicense

Public Domain
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
private-use
modify
Cannot
include-copyright
hold-liable
Must
Packages
tweetnacl@0.14.5
Disclaimer

This deed highlights only some of the key features and terms of the actual license. It is not a license and has no legal value. You should carefully review all of the terms and conditions of the actual license before using the licensed material.

Sandworm is not a law firm and does not provide legal services. Distributing, displaying, or linking to this deed or the license that it summarizes does not create a lawyer-client or any other relationship.

Dependencies

227
Get CSV
Name Version Size License Type Vulnerabilities
JSONStream 1.2.1 135.32 kB (MIT OR Apache-2.0) prod
abbrev 1.0.9 1.76 kB ISC prod
ansi-regex 2.1.1 2.29 kB MIT prod dev
ansi-styles 2.2.1 2.39 kB MIT prod
ansicolors 0.3.2 2.8 kB MIT prod
ansistyles 0.1.3 2.57 kB MIT prod
aproba 1.0.4 2.45 kB ISC prod
archy 1.0.0 2.95 kB MIT prod
are-we-there-yet 1.1.7 5.11 kB ISC prod
array-index 1.0.0 5.52 kB MIT prod 1
asap 2.0.6 11.14 kB MIT prod
asn1 0.2.6 5.84 kB MIT prod
assert-plus 0.2.0 3.72 kB MIT prod
assert-plus 1.0.0 3.85 kB MIT prod
asynckit 0.4.0 7.92 kB MIT prod dev
aws-sign2 0.6.0 5.05 kB Apache-2.0 prod dev
aws4 1.12.0 8.06 kB MIT prod dev
balanced-match 1.0.2 2.61 kB MIT prod
bcrypt-pbkdf 1.0.2 10.85 kB BSD-3-Clause prod
block-stream 0.0.9 3.64 kB ISC prod
boom 2.10.1 38.57 kB BSD-3-Clause prod 3
brace-expansion 1.1.11 4.14 kB MIT prod
buffer-from 1.1.2 2.26 kB MIT prod
buffer-shims 1.0.0 2.11 kB MIT prod
builtin-modules 1.1.1 1.93 kB MIT prod
builtins 0.0.7 877 B MIT prod
builtins 1.0.3 1.59 kB MIT prod
caseless 0.11.0 5.05 kB Apache-2.0 prod dev
chalk 1.1.3 5.11 kB MIT prod dev
chownr 1.0.1 1.45 kB ISC prod 1
clone 1.0.4 4.35 kB MIT prod
cmd-shim 2.0.2 4.96 kB BSD-2-Clause prod
code-point-at 1.1.0 1.73 kB MIT prod dev
columnify 1.5.4 9.47 kB MIT prod
combined-stream 1.0.8 3.97 kB MIT prod dev
commander 2.20.3 18.26 kB MIT prod
concat-map 0.0.1 2.21 kB MIT prod
concat-stream 1.6.2 3.72 kB MIT prod dev
config-chain 1.1.13 5.84 kB MIT prod
console-control-strings 1.1.0 3.26 kB ISC prod
core-util-is 1.0.2 6.85 kB MIT prod
core-util-is 1.0.3 1.85 kB MIT prod
cryptiles 2.0.5 2.84 kB BSD-3-Clause prod 14
d 1.0.1 6.28 kB ISC prod dev 1
dashdash 1.14.1 22.99 kB MIT prod
debug 2.6.9 16.13 kB MIT prod dev peer
debuglog 1.0.1 1.88 kB MIT prod
defaults 1.0.4 1.93 kB MIT prod dev
delayed-stream 1.0.0 3.38 kB MIT prod
delegates 1.0.0 2.78 kB MIT prod
dezalgo 1.0.4 1.65 kB ISC prod
duplexify 3.7.1 4.92 kB MIT prod
ecc-jsbn 0.1.2 7.91 kB MIT prod
editor 1.0.0 1.82 kB MIT prod
end-of-stream 1.4.4 2.33 kB MIT prod
es5-ext 0.10.62 92.79 kB ISC prod dev 1
es6-iterator 2.0.3 8.07 kB MIT prod dev
es6-symbol 3.1.3 7.21 kB ISC prod dev 1
escape-string-regexp 1.0.5 1.54 kB MIT prod dev
ext 1.7.0 8.35 kB ISC prod
extend 3.0.2 7.09 kB MIT prod dev
extsprintf 1.3.0 8.8 kB MIT prod
flush-write-stream 1.1.1 2.47 kB MIT prod
forever-agent 0.6.1 4.92 kB Apache-2.0 prod dev
form-data 2.1.4 7.4 kB MIT prod dev
from2 1.3.0 3.26 kB MIT prod
from2 2.3.0 3.65 kB MIT prod
fs-vacuum 1.2.10 5.69 kB ISC prod 1
fs-write-stream-atomic 1.0.10 5.49 kB ISC prod
fs.realpath 1.0.0 4.33 kB ISC prod
fstream-ignore 1.0.5 3.81 kB ISC prod
fstream-npm 1.2.1 6.6 kB ISC prod
fstream 1.0.12 16.61 kB ISC prod
gauge 2.6.0 20.13 kB ISC prod
gauge 2.7.4 15.64 kB ISC prod
generate-function 2.3.1 3.55 kB MIT prod
generate-object-property 1.2.0 1.6 kB MIT prod
getpass 0.1.7 2.54 kB MIT prod
glob 7.1.7 15.41 kB ISC prod dev
graceful-fs 4.1.15 8 kB ISC prod dev optional
har-validator 2.0.6 5.76 kB ISC prod dev 1
has-ansi 2.0.0 1.66 kB MIT prod
has-color 0.1.7 986 B MIT prod
has-unicode 2.0.1 1.92 kB ISC prod
hawk 3.1.3 118.94 kB BSD-3-Clause prod dev 181
hoek 2.16.3 63.68 kB BSD-3-Clause prod 2
hosted-git-info 2.1.5 4.39 kB ISC prod 1
http-signature 1.1.1 14.87 kB MIT prod dev
iferr 0.1.5 2.47 kB MIT prod
imurmurhash 0.1.4 4.21 kB MIT prod
inflight 1.0.6 1.99 kB ISC prod dev
inherits 2.0.4 1.98 kB ISC prod dev
ini 1.3.8 3.9 kB ISC prod
init-package-json 1.9.6 7.75 kB ISC prod 122
is-builtin-module 1.0.0 1.51 kB MIT prod
is-fullwidth-code-point 1.0.0 2.07 kB MIT prod dev
is-my-ip-valid 1.0.1 4.54 kB MIT prod
is-my-json-valid 2.20.6 9.57 kB MIT prod dev
is-property 1.0.2 4.39 kB MIT prod
is-typedarray 1.0.0 1.84 kB MIT prod dev
isarray 0.0.1 2.68 kB MIT prod
isarray 1.0.0 1.97 kB MIT prod dev
isexe 2.0.0 3.67 kB ISC prod
isstream 0.1.2 3.67 kB MIT prod dev
jsbn 0.1.1 13.39 kB MIT prod
json-parse-better-errors 1.0.2 2.98 kB MIT prod
json-schema 0.4.0 8.73 kB (AFL-2.1 OR BSD-3-Clause) prod
json-stringify-safe 5.0.1 3.92 kB ISC prod dev
jsonparse 1.3.1 8.35 kB MIT prod
jsonpointer 5.0.1 2.71 kB MIT prod
jsprim 1.4.2 10.63 kB MIT prod
lockfile 1.0.4 9.4 kB ISC prod
lodash._baseuniq 4.6.0 6.13 kB MIT prod
lodash._createset 4.0.3 4.02 kB MIT prod
lodash._root 3.0.1 2.08 kB MIT prod
lodash.clonedeep 4.5.0 11.36 kB MIT prod
lodash.union 4.6.0 8.31 kB MIT prod
lodash.uniq 4.5.0 6.78 kB MIT prod
lodash.without 4.4.0 7.59 kB MIT prod
mime-db 1.52.0 26.36 kB MIT prod
mime-types 2.1.35 5.46 kB MIT prod dev
minimatch 3.1.2 11.66 kB ISC prod dev
minimist 1.2.8 15.16 kB MIT prod dev
mississippi 1.2.0 4.37 kB BSD-2-Clause prod
mkdirp 0.5.6 2.95 kB MIT prod dev
ms 2.0.0 2.81 kB MIT prod
mute-stream 0.0.8 2.6 kB ISC prod
next-tick 1.1.0 3.67 kB ISC prod
node-gyp 3.4.0 394.7 kB MIT prod 11841
node-uuid 1.4.8 13.8 kB MIT prod 1
nopt 3.0.6 10.07 kB ISC prod
normalize-git-url 3.0.2 3.09 kB ISC prod
normalize-package-data 2.3.8 8.49 kB BSD-2-Clause prod 122
npm-cache-filename 1.0.2 1.69 kB ISC prod
npm-install-checks 3.0.2 3.24 kB BSD-2-Clause prod 1
npm-package-arg 4.2.1 4.33 kB ISC prod 2
npm-registry-client 7.3.0 104.28 kB ISC prod 11253
npm-user-validate 0.1.5 2.35 kB BSD-2-Clause prod 11
npmlog 3.1.2 6.08 kB ISC prod optional
npmlog 4.0.2 6.28 kB ISC prod
number-is-nan 1.0.1 1.43 kB MIT prod
oauth-sign 0.8.2 5.01 kB Apache-2.0 prod dev
object-assign 4.1.1 2.61 kB MIT prod dev
once 1.4.0 1.93 kB ISC prod dev
opener 1.4.3 2.84 kB (WTFPL OR MIT) prod dev
os-homedir 1.0.2 1.72 kB MIT prod dev
os-tmpdir 1.0.2 1.75 kB MIT prod
osenv 0.1.5 2.25 kB ISC prod
path-array 1.0.1 3.9 kB MIT prod 1
path-is-absolute 1.0.1 1.84 kB MIT prod dev
path-is-inside 1.0.2 1.78 kB (WTFPL OR MIT) prod dev
pinkie-promise 2.0.1 1.5 kB MIT prod
pinkie 2.0.4 3.84 kB MIT prod
process-nextick-args 1.0.7 1.88 kB MIT prod
process-nextick-args 2.0.1 1.62 kB MIT prod
promzard 0.3.0 8.95 kB ISC prod
proto-list 1.2.4 2.04 kB ISC prod
pump 1.0.3 2.92 kB MIT prod
pump 2.0.1 3.06 kB MIT prod
pumpify 1.5.1 3.4 kB MIT prod
punycode 1.4.1 7.87 kB MIT prod dev
qs 6.3.3 22.99 kB BSD-3-Clause prod dev
read-cmd-shim 1.0.5 2.07 kB ISC prod
read-installed 4.0.3 8.1 kB ISC prod 222
read-package-json 2.0.13 6.32 kB ISC prod 122
read-package-tree 5.1.6 3.9 kB ISC prod 322
read 1.0.7 2.61 kB ISC prod
readable-stream 1.1.14 20.15 kB MIT prod
readable-stream 2.1.5 36.75 kB MIT prod dev optional
readable-stream 2.3.8 25.14 kB MIT prod
readdir-scoped-modules 1.1.0 1.85 kB ISC prod 1
realize-package-specifier 3.0.3 4.95 kB ISC prod 2
request 2.78.0 55.95 kB Apache-2.0 prod dev 11131
retry 0.10.1 9.13 kB MIT prod
rimraf 2.5.4 5 kB ISC prod
safe-buffer 5.1.2 9.59 kB MIT prod
safer-buffer 2.1.2 11.75 kB MIT prod
semver 5.3.0 14.74 kB ISC prod 1
set-blocking 2.0.0 2.16 kB ISC prod
sha 2.0.1 3.49 kB (BSD-2-Clause OR MIT) prod
signal-exit 3.0.7 3.76 kB ISC prod dev
slash 1.0.0 1020 B MIT prod
slide 1.1.6 4.29 kB ISC prod
sntp 1.0.9 6.69 kB BSD prod 41
sorted-object 2.0.1 1.5 kB (WTFPL OR MIT) prod
sorted-union-stream 2.1.3 2.71 kB MIT prod
spdx-correct 3.2.0 7.07 kB Apache-2.0 prod 12
spdx-exceptions 2.3.0 1.34 kB CC-BY-3.0 prod 11
spdx-expression-parse 3.0.1 4.32 kB MIT prod 12
spdx-license-ids 3.0.15 3.89 kB CC0-1.0 prod 1
sshpk 1.17.0 54.41 kB MIT prod
stream-each 1.2.3 2.7 kB MIT prod
stream-iterate 1.2.0 2.36 kB MIT prod
stream-shift 1.0.1 1.8 kB MIT prod
string-width 1.0.2 2.03 kB MIT prod dev
string_decoder 0.10.31 3.52 kB MIT prod
string_decoder 1.1.1 4.72 kB MIT prod
stringstream 0.0.6 2.4 kB MIT prod dev
strip-ansi 3.0.1 1.69 kB MIT prod dev
supports-color 2.0.0 1.91 kB MIT prod peer
tar 2.2.2 211.58 kB ISC prod 6
text-table 0.2.0 3.81 kB MIT prod dev
through 2.3.8 4.36 kB MIT prod dev
through2 2.0.5 3.96 kB MIT prod
tough-cookie 2.3.4 61.15 kB BSD-3-Clause prod dev 1
tunnel-agent 0.4.3 5.64 kB Apache-2.0 prod dev 1
tweetnacl 0.14.5 48.5 kB Unlicense prod
type 1.2.0 17.68 kB ISC prod
type 2.7.2 19.86 kB ISC prod dev
typedarray 0.0.6 7.31 kB MIT prod
uid-number 0.0.6 2 kB ISC prod
umask 1.1.0 4.04 kB MIT prod
unique-filename 1.1.1 13.26 kB ISC prod
unique-slug 2.0.2 1.57 kB ISC prod
unpipe 1.0.0 2.05 kB MIT prod dev
util-deprecate 1.0.2 2.19 kB MIT prod
util-extend 1.0.3 1.57 kB MIT prod dev
validate-npm-package-license 3.0.4 5.54 kB Apache-2.0 prod 12
validate-npm-package-name 2.2.2 3.36 kB ISC prod
validate-npm-package-name 3.0.0 5.25 kB ISC prod
verror 1.10.0 11.99 kB MIT prod
wcwidth 1.0.1 5.68 kB MIT prod
which 1.2.14 4.06 kB ISC prod dev
wide-align 1.1.5 1.95 kB ISC prod
wrappy 1.0.2 1.64 kB ISC prod
write-file-atomic 1.2.0 2.56 kB ISC prod
xtend 4.0.2 2.47 kB MIT prod dev

Visualizations

Tree
Treemap

Frequently Asked Questions

What does npm do?

NPM, or Node Package Manager, is a powerful tool catering to the JavaScript programming community. It serves as a package manager for JavaScript, providing a convenient platform for programmers to share and reuse code components. Aside from being an online repository of open-source projects, NPM also features command-line utility for interacting with said repository. It facilitates the installation of packages, version management, and dependency management of Node.js software packages, making it an essential tool for JavaScript developers.

How do you use npm?

Using NPM is quite straightforward. It comes bundled with Node.js installations so make sure to install Node.js first. To verify if it's installed correctly, simply run node -v and npm -v in your terminal. Both commands should return version numbers. Once set up, you can begin using NPM by including npm followed by the desired command in your terminal. For instance, to install a package, you would use npm install <package-name>. This code utilises the install command to download the specified package. Similarly, you can remove packages with npm uninstall <package-name>, update with npm update <package-name> and so forth.

# install a package
npm install <package-name>

# remove a package
npm uninstall <package-name>

# update a package
npm update <package-name>

Where are the npm docs?

The official NPM documentation, an extensive repository of guides, how-tos, and reference materials around the functionalities of NPM, can be found at https://docs.npmjs.com/. Users can find information varying from introduction to advanced topics, aiding both beginners and experienced developers in mastering the tool. This documentation is the central place for knowledge and advice on all things NPM, from installing packages to troubleshooting errors. Finally, remember that you can also search the docs locally with the command npm help-search <query>.

Recent Versions

Ready to start?

Get real-time protection against malicious scripts

Get started with Sandworm
Install Sandworm Audit
Sandworm Audit
Getting Started Issue Types Resolve Issues License Policies Npm Package List Composer Package List
Sandworm GUARD
Getting Started Supported Methods Describing Permissions Enforcing Permissions
TOS
Terms of Use Privacy Policy Security Cybersecurity Glossary
Get in touch
Sponsor Discuss Contact
More from Sandworm
Newsletter Blog