Generated on May 9, 2024 via pnpm

Npm

Home

npm 6.14.18

a package manager for JavaScript

install

modules

package manager

package.json

Package summary

issues

licenses

Package created

12 Jul 2013

Version published

21 Dec 2022

Maintainers

Total deps

454

Direct deps

116

License

Artistic-2.0

Issues

15 high severity issues

high

http-cache-semantics@3.8.1

http-cache-semantics vulnerable to Regular Expression Denial of Service

Recommendation: Upgrade to version 4.1.1 or later

via: libcipm@4.0.8 & others

qrcode-terminal@0.12.0

Package uses an invalid SPDX license ("Apache 2.0")

Recommendation: Validate that the package complies with your license policy

via: qrcode-terminal@0.12.0

rc@1.2.8

Package uses a custom license expression: `(BSD-2-Clause OR MIT OR Apache-2.0)`

Recommendation: Validate that the license expression complies with your license policy

via: libnpx@10.2.4 & others

spdx-exceptions@2.5.0

Package uses an atypical license ("CC-BY-3.0")

Recommendation: Read and validate the license terms

via: init-package-json@1.10.3 & others

fs-vacuum@1.2.10

Deprecated package

via: bin-links@1.1.8 & others

gentle-fs@2.3.1

Deprecated package

via: bin-links@1.1.8 & others

har-validator@5.1.5

Deprecated package

via: libcipm@4.0.8 & others

libcipm@4.0.8

Deprecated package

via: libcipm@4.0.8

libnpmconfig@1.2.1

Deprecated package

via: libnpm@3.0.1

node-fetch-npm@2.0.4

Deprecated package

via: libcipm@4.0.8 & others

read-package-tree@5.3.1

Deprecated package

via: read-package-tree@5.3.1

readdir-scoped-modules@1.1.0

Deprecated package

via: read-installed@4.0.3 & others

request@2.88.2

Deprecated package

via: libcipm@4.0.8 & others

stringify-package@1.0.1

Deprecated package

via: libnpm@3.0.1 & others

uuid@3.4.0

Deprecated package

via: libcipm@4.0.8 & others

Collapse

Expand

5 moderate severity issues

moderate

got@6.7.1

Got allows a redirect to a UNIX socket

Recommendation: Upgrade to version 11.8.5 or later

via: libnpx@10.2.4 & others

ip@1.1.5

NPM IP package incorrectly identifies some private IP addresses as public

Recommendation: Upgrade to version 1.1.9 or later

via: libcipm@4.0.8 & others

tough-cookie@2.5.0

tough-cookie Prototype Pollution vulnerability

Recommendation: Upgrade to version 4.1.3 or later

via: libcipm@4.0.8 & others

request@2.88.2

Server-Side Request Forgery in Request

Recommendation: None

via: libcipm@4.0.8 & others

tar@4.4.19

Denial of service while parsing a tar file due to lack of folders count validation

Recommendation: Upgrade to version 6.2.1 or later

via: libcipm@4.0.8 & others

Collapse

Expand

3 low severity issues

low

qrcode-terminal@0.12.0

Package uses a license that is not OSI approved ("Apache 2.0")

Recommendation: Read and validate the license terms

via: qrcode-terminal@0.12.0

spdx-exceptions@2.5.0

Package uses a license that is not OSI approved ("CC-BY-3.0")

Recommendation: Read and validate the license terms

via: init-package-json@1.10.3 & others

spdx-license-ids@3.0.17

Package uses a license that is not OSI approved ("CC0-1.0")

Recommendation: Read and validate the license terms

via: init-package-json@1.10.3 & others

Collapse

Expand

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

315 Packages, Including:

@types/keyv@3.1.4

@types/node@20.12.11

@types/responselike@1.0.3

agent-base@4.2.1

agent-base@4.3.0

agentkeepalive@3.5.3

ajv@6.12.6

ansi-regex@2.1.1

ansi-regex@3.0.1

ansi-regex@4.1.1

ansi-styles@3.2.1

ansicolors@0.3.2

ansistyles@0.1.3

archy@1.0.0

array-buffer-byte-length@1.0.1

array.prototype.reduce@1.0.7

arraybuffer.prototype.slice@1.0.3

asap@2.0.6

asn1@0.2.6

assert-plus@1.0.0

asynckit@0.4.0

available-typed-arrays@1.0.7

aws4@1.12.0

balanced-match@1.0.2

bluebird@3.7.2

boxen@1.3.0

brace-expansion@1.1.11

buffer-from@1.1.2

builtins@1.0.3

byline@5.0.0

byte-size@5.0.1

call-bind@1.0.7

camelcase@4.1.0

camelcase@5.3.1

capture-stack-trace@1.0.2

chalk@2.4.2

ci-info@1.6.0

ci-info@2.0.0

cli-boxes@1.0.0

cli-columns@3.1.2

cli-table3@0.5.1

clone@1.0.4

code-point-at@1.1.0

color-convert@1.9.3

color-name@1.1.3

colors@1.4.0

columnify@1.5.4

combined-stream@1.0.8

concat-map@0.0.1

concat-stream@1.6.2

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

102 Packages, Including:

@iarna/cli@2.1.0

abbrev@1.1.1

ansi-align@2.0.0

aproba@1.2.0

aproba@2.0.0

are-we-there-yet@1.1.7

cacache@12.0.4

call-limit@1.1.1

chownr@1.1.4

cliui@5.0.0

cmd-shim@3.0.3

console-control-strings@1.1.0

copy-concurrently@1.0.5

dezalgo@1.0.4

figgy-pudding@3.5.2

find-npm-prefix@1.0.2

fs-minipass@1.2.7

fs-vacuum@1.2.10

fs-write-stream-atomic@1.0.10

fs.realpath@1.0.0

gauge@2.7.4

get-caller-file@2.0.5

glob@7.2.3

graceful-fs@4.2.11

har-schema@2.0.0

has-unicode@2.0.1

hosted-git-info@2.8.9

ignore-walk@3.0.4

infer-owner@1.0.4

inflight@1.0.6

inherits@2.0.4

ini@1.3.8

init-package-json@1.10.3

isexe@2.0.0

json-stringify-safe@5.0.1

libnpm@3.0.1

libnpmaccess@3.0.2

libnpmconfig@1.2.1

libnpmhook@5.0.3

libnpmorg@1.0.1

libnpmpublish@1.1.3

libnpmsearch@2.0.2

libnpmteam@1.0.2

libnpx@10.2.4

lock-verify@2.2.2

lockfile@1.0.4

lru-cache@4.1.5

lru-cache@5.1.1

make-fetch-happen@5.0.2

minimatch@3.1.2

BSD 2-Clause "Simplified" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

hold-liable

Must

include-copyright

include-license

11 Packages, Including:

cidr-regex@2.0.10

configstore@3.1.5

dotenv@5.0.1

http-cache-semantics@3.8.1

is-cidr@3.1.1

mississippi@3.0.0

normalize-package-data@2.5.0

npm-install-checks@3.0.2

npm-user-validate@1.0.1

update-notifier@2.5.0

uri-js@4.4.1

Apache License 2.0

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

use-patent-claims

place-warranty

Cannot

hold-liable

use-trademark

Must

include-copyright

include-license

state-changes

include-notice

8 Packages, Including:

aws-sign2@0.7.0

caseless@0.12.0

forever-agent@0.6.1

oauth-sign@0.9.0

request@2.88.2

spdx-correct@3.2.0

tunnel-agent@0.6.0

validate-npm-package-license@3.0.4

BSD 3-Clause "New" or "Revised" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

4 Packages, Including:

bcrypt-pbkdf@1.0.2

duplexer3@0.1.5

qs@6.5.3

tough-cookie@2.5.0

Artistic License 2.0

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

use-trademark

hold-liable

Must

rename

state-changes

include-original

include-install-instructions

3 Packages, Including:

bin-links@1.1.8

gentle-fs@2.3.1

npm-lifecycle@3.1.5

(WTFPL OR MIT)

Permissive

3 Packages, Including:

opener@1.5.2

path-is-inside@1.0.2

sorted-object@2.0.1

(MIT OR Apache-2.0)

Permissive

1 Packages, Including:

JSONStream@1.3.5

(AFL-2.1 OR BSD-3-Clause)

Permissive

1 Packages, Including:

json-schema@0.4.0

Apache 2.0

Invalid

Not OSI Approved

1 Packages, Including:

qrcode-terminal@0.12.0

(BSD-2-Clause OR MIT OR Apache-2.0)

Expression

1 Packages, Including:

rc@1.2.8

(BSD-2-Clause OR MIT)

Permissive

1 Packages, Including:

sha@3.0.0

Creative Commons Attribution 3.0 Unported

Uncategorized

Not OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

Cannot

Must

1 Packages, Including:

spdx-exceptions@2.5.0

Creative Commons Zero v1.0 Universal

Public Domain

Not OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

Cannot

Must

1 Packages, Including:

spdx-license-ids@3.0.17

The Unlicense

Public Domain

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

private-use

modify

Cannot

include-copyright

hold-liable

Must

1 Packages, Including:

tweetnacl@0.14.5

Direct Dependencies

116

All Dependencies CSV

ⓘ This is a list of npm 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
JSONStream	1.3.5	136.16 kB	(MIT OR Apache-2.0)	prod
abbrev	1.1.1	2.25 kB	ISC	prod
ansicolors	0.3.2	2.8 kB	MIT	prod
ansistyles	0.1.3	2.57 kB	MIT	prod
aproba	2.0.0	3.6 kB	ISC	prod
archy	1.0.0	2.95 kB	MIT	prod dev
bin-links	1.1.8	7.59 kB	Artistic-2.0	prod	2
bluebird	3.7.2	136.03 kB	MIT	prod peer
byte-size	5.0.1	4.22 kB	MIT	prod
cacache	12.0.4	31.81 kB	ISC	prod
call-limit	1.1.1	2.57 kB	ISC	prod
chownr	1.1.4	2.17 kB	ISC	prod dev
ci-info	2.0.0	4.75 kB	MIT	prod
cli-columns	3.1.2	3.48 kB	MIT	prod
cli-table3	0.5.1	12.28 kB	MIT	prod
cmd-shim	3.0.3	4.11 kB	ISC	prod
columnify	1.5.4	9.47 kB	MIT	prod
config-chain	1.1.13	5.84 kB	MIT	prod
detect-indent	5.0.0	3.04 kB	MIT	prod
detect-newline	2.1.0	1.65 kB	MIT	prod
dezalgo	1.0.4	1.65 kB	ISC	prod
editor	1.0.0	1.82 kB	MIT	prod
figgy-pudding	3.5.2	6.26 kB	ISC	prod
find-npm-prefix	1.0.2	2.52 kB	ISC	prod
fs-vacuum	1.2.10	5.69 kB	ISC	prod	1
fs-write-stream-atomic	1.0.10	5.49 kB	ISC	prod
gentle-fs	2.3.1	10.21 kB	Artistic-2.0	prod	2
get-stream	4.1.0	3.36 kB	MIT	prod dev
glob	7.2.3	15.08 kB	ISC	prod dev
graceful-fs	4.2.11	9.57 kB	ISC	prod dev optional
has-unicode	2.0.1	1.92 kB	ISC	prod
hosted-git-info	2.8.9	7.92 kB	ISC	prod
iferr	1.0.2	1.72 kB	MIT	prod
infer-owner	1.0.4	2.01 kB	ISC	prod
inflight	1.0.6	1.99 kB	ISC	prod
inherits	2.0.4	1.98 kB	ISC	prod dev
ini	1.3.8	3.9 kB	ISC	prod
init-package-json	1.10.3	5.37 kB	ISC	prod	1 2
is-cidr	3.1.1	2.04 kB	BSD-2-Clause	prod
json-parse-better-errors	1.0.2	2.98 kB	MIT	prod dev
lazy-property	1.0.0	1.8 kB	MIT	prod
libcipm	4.0.8	10.67 kB	MIT	prod	9 4 2
libnpm	3.0.1	3.77 kB	ISC	prod	10 4 2
libnpmaccess	3.0.2	18.91 kB	ISC	prod	2 1
libnpmhook	5.0.3	4.55 kB	ISC	prod	2 1
libnpmorg	1.0.1	15.56 kB	ISC	prod	2 1
libnpmsearch	2.0.2	16.25 kB	ISC	prod	2 1
libnpmteam	1.0.2	15.96 kB	ISC	prod	2 1
libnpx	10.2.4	32.38 kB	ISC	prod	1 1
lock-verify	2.2.2	2.32 kB	ISC	prod
lockfile	1.0.4	9.4 kB	ISC	prod
lodash._baseuniq	4.6.0	6.13 kB	MIT	prod
lodash.clonedeep	4.5.0	11.36 kB	MIT	prod
lodash.union	4.6.0	8.31 kB	MIT	prod
lodash.uniq	4.5.0	6.78 kB	MIT	prod dev
lodash.without	4.4.0	7.59 kB	MIT	prod
lru-cache	5.1.1	5.69 kB	ISC	prod
meant	1.0.3	2.7 kB	MIT	prod
mississippi	3.0.0	5.89 kB	BSD-2-Clause	prod
mkdirp	0.5.6	2.95 kB	MIT	prod dev
move-concurrently	1.0.1	2.86 kB	ISC	prod
node-gyp	5.1.1	407.82 kB	MIT	prod	3 3
nopt	4.0.3	9.11 kB	ISC	prod
normalize-package-data	2.5.0	8.46 kB	BSD-2-Clause	prod dev	1 2
npm-audit-report	1.3.3	5.74 kB	ISC	prod
npm-cache-filename	1.0.2	1.69 kB	ISC	prod
npm-install-checks	3.0.2	3.24 kB	BSD-2-Clause	prod
npm-lifecycle	3.1.5	11.58 kB	Artistic-2.0	prod	3 3
npm-package-arg	6.1.1	5.79 kB	ISC	prod
npm-packlist	1.4.8	5.11 kB	ISC	prod
npm-pick-manifest	3.0.2	4.84 kB	ISC	prod
npm-profile	4.0.4	8.06 kB	ISC	prod	2 1
npm-registry-fetch	4.0.7	13.95 kB	ISC	prod	2 1
npm-user-validate	1.0.1	1.77 kB	BSD-2-Clause	prod
npmlog	4.1.2	6.36 kB	ISC	prod dev
once	1.4.0	1.93 kB	ISC	prod dev
opener	1.5.2	3 kB	(WTFPL OR MIT)	prod dev
osenv	0.1.5	2.25 kB	ISC	prod
pacote	9.5.12	32.51 kB	MIT	prod	3 2 2
path-is-inside	1.0.2	1.78 kB	(WTFPL OR MIT)	prod dev
promise-inflight	1.0.1	1.63 kB	ISC	prod
qrcode-terminal	0.12.0	51.46 kB	Apache 2.0	prod	1 1
query-string	6.14.1	8.07 kB	MIT	prod
qw	1.0.2	1.68 kB	ISC	prod
read-cmd-shim	1.0.5	2.07 kB	ISC	prod
read-installed	4.0.3	8.1 kB	ISC	prod	2 2
read-package-json	2.1.2	6.58 kB	ISC	prod	1 2
read-package-tree	5.3.1	5.14 kB	ISC	prod dev	3 2
read	1.0.7	2.61 kB	ISC	prod
readable-stream	3.6.2	32.46 kB	MIT	prod dev
readdir-scoped-modules	1.1.0	1.85 kB	ISC	prod dev	1
request	2.88.2	57.83 kB	Apache-2.0	prod dev	3 2
retry	0.12.0	10.19 kB	MIT	prod
rimraf	2.7.1	5.53 kB	ISC	prod dev
safe-buffer	5.2.1	9.74 kB	MIT	prod dev
semver	5.7.2	17.45 kB	ISC	prod dev
sha	3.0.0	2.8 kB	(BSD-2-Clause OR MIT)	prod
slide	1.1.6	4.29 kB	ISC	prod
sorted-object	2.0.1	1.5 kB	(WTFPL OR MIT)	prod
sorted-union-stream	2.1.3	2.71 kB	MIT	prod
ssri	6.0.2	12.04 kB	ISC	prod
stringify-package	1.0.1	2.28 kB	ISC	prod	1
tar	4.4.19	38.02 kB	ISC	prod	1
text-table	0.2.0	3.81 kB	MIT	prod dev
tiny-relative-date	1.3.0	4.73 kB	MIT	prod
uid-number	0.0.6	2 kB	ISC	prod
umask	1.1.0	4.04 kB	MIT	prod
unique-filename	1.1.1	13.26 kB	ISC	prod
unpipe	1.0.0	2.05 kB	MIT	prod
update-notifier	2.5.0	5.47 kB	BSD-2-Clause	prod	1 1
uuid	3.4.0	11.87 kB	MIT	prod dev	1
validate-npm-package-license	3.0.4	5.54 kB	Apache-2.0	prod	1 2
validate-npm-package-name	3.0.0	5.25 kB	ISC	prod
which	1.3.1	4.08 kB	ISC	prod dev
worker-farm	1.7.0	13.88 kB	MIT	prod
write-file-atomic	2.4.3	4.39 kB	ISC	prod dev

Tree

Treemap

Frequently Asked Questions

What does npm do?

NPM, or Node Package Manager, is a powerful tool catering to the JavaScript programming community. It serves as a package manager for JavaScript, providing a convenient platform for programmers to share and reuse code components. Aside from being an online repository of open-source projects, NPM also features command-line utility for interacting with said repository. It facilitates the installation of packages, version management, and dependency management of Node.js software packages, making it an essential tool for JavaScript developers.

How do you use npm?

Using NPM is quite straightforward. It comes bundled with Node.js installations so make sure to install Node.js first. To verify if it's installed correctly, simply run node -v and npm -v in your terminal. Both commands should return version numbers. Once set up, you can begin using NPM by including npm followed by the desired command in your terminal. For instance, to install a package, you would use npm install <package-name>. This code utilises the install command to download the specified package. Similarly, you can remove packages with npm uninstall <package-name>, update with npm update <package-name> and so forth.

# install a package
npm install <package-name>

# remove a package
npm uninstall <package-name>

# update a package
npm update <package-name>

Where are the npm docs?

The official NPM documentation, an extensive repository of guides, how-tos, and reference materials around the functionalities of NPM, can be found at https://docs.npmjs.com/. Users can find information varying from introduction to advanced topics, aiding both beginners and experienced developers in mastering the tool. This documentation is the central place for knowledge and advice on all things NPM, from installing packages to troubleshooting errors. Finally, remember that you can also search the docs locally with the command npm help-search <query>.