LLMpediaThe first transparent, open encyclopedia generated by LLMs

npm (software registry)

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: JetBrains Hop 3
Expansion Funnel Raw 74 → Dedup 11 → NER 10 → Enqueued 8
1. Extracted74
2. After dedup11 (None)
3. After NER10 (None)
Rejected: 1 (not NE: 1)
4. Enqueued8 (None)
Similarity rejected: 2
npm (software registry)
Namenpm
Developernpm, Inc.
Released2010
Programming languageJavaScript
Operating systemCross-platform
LicenseArtistic License 2.0

npm (software registry) npm is a package manager and software registry for JavaScript and Node.js created to facilitate module sharing among developers. It serves as a central repository for packages used by projects ranging from small libraries to major applications and is integral to ecosystems around Node.js, React, and Angular.

Overview

npm was designed as a registry and command-line client to manage packages used by projects such as Node.js, React (library), Angular (web framework), Electron (software framework), and Ionic (mobile framework). The service enables distribution similar to how Maven (software), RubyGems, Composer (software), PyPI, and CPAN operate within their respective ecosystems. npm is maintained by an organization originally founded as npm, Inc., and interacts with platforms such as GitHub, GitLab, Bitbucket, Travis CI, and Jenkins (software). Major technology companies including Microsoft, Google, Facebook, LinkedIn, and IBM rely on packages hosted through the registry.

History

npm's client and registry were created in 2010 during the era of rapid growth for Node.js and the broader JavaScript ecosystem, influenced by earlier package systems like CPAN and RubyGems. The project evolved alongside events such as the rise of AngularJS, the release of React (library), and Microsoft's acquisition of GitHub; corporate adoption increased with companies like PayPal, Netflix, and Walmart Labs advocating modular workflows. Governance and business milestones include the formation and funding of npm, Inc., acquisition discussions reported alongside entities like GitHub and Microsoft, and community responses comparable to controversies in projects such as systemd and OpenSSL. Security incidents affecting the registry echoed incidents in the histories of SolarWinds, Equifax data breach, and Left-pad (package) debates about supply-chain resilience.

Architecture and Package Registry

The npm architecture comprises a client, a central registry, and hosting infrastructure interoperable with services like Cloudflare, Amazon Web Services, Google Cloud Platform, Docker, and Kubernetes. Packages are published as tarballs containing manifests (package.json) and metadata similar to manifests used in Maven (software) and Composer (software). The registry supports semantic versioning practices popularized alongside projects such as Semantic Versioning and tools like Webpack, Babel (software), and Rollup (software). The system integrates with identity providers and access control mechanisms used by OAuth, OpenID, Active Directory, and platforms such as GitHub and GitLab. Mirrors, caching proxies, and private registries mirror approaches taken by Artifactory, Nexus Repository Manager, Sonatype, and Verdaccio.

Usage and Commands

The npm client exposes commands that echo conventions familiar from tools like Git, Make (software), Homebrew, and apt (software). Common commands include install, publish, init, test, and audit; these interact with package metadata and dependency trees similar to dependency management in Maven (software) and Gradle. Workflows using npm often interoperate with build systems such as Webpack, Gulp, Grunt, CI/CD platforms like Travis CI and Jenkins (software), and deployment targets including Heroku, Netlify, Vercel, and AWS Elastic Beanstalk. Advanced usage leverages features inspired by environments like Docker and orchestration via Kubernetes.

Security and Governance

Security concerns for the registry mirror issues encountered by supply-chain incidents including SolarWinds and package events like Left-pad (package). npm introduced features such as two-factor authentication, package auditing, and vulnerability advisories comparable to responses by GitHub and GitLab. Governance has balanced corporate stewardship by npm, Inc. with community oversight reminiscent of discussions in the Apache Software Foundation, Linux Foundation, and governance debates around projects like systemd and OpenSSL. Legal and policy considerations intersect with standards and licenses used across ecosystems, similar to matters involving MIT License, GNU General Public License, and corporate contributors like IBM and Google.

Community and Ecosystem

The npm registry underpins a vast developer community linked to organizations and projects like Node.js Foundation, OpenJS Foundation, Mozilla, Microsoft, Facebook, Google, Netflix, and PayPal. Educational resources, conferences, and events such as JSConf, NodeConf, React Conf, Google I/O, and Microsoft Build feature npm-centric talks and workshops. The broader tooling landscape includes package managers and registries like Yarn (package manager), pnpm, Bower (software), and private solutions such as Artifactory and Nexus Repository Manager. Community contributions are coordinated through platforms like GitHub, GitLab, and Bitbucket with continuous integration integrations via Travis CI, CircleCI, and Jenkins (software).

Category:JavaScript Category:Free software