npm logo

npm

npm is the world's largest software registry, hosting over two million JavaScript packages for the Node.js ecosystem. Their developer platform provides APIs for searching and retrieving package metadata, managing access tokens, subscribing to registry event webhooks, and publishing packages with supply chain provenance verification.

5 APIs 0 Features
PackagesJavaScriptNode.jsPackage ManagementRegistrySecurity

APIs

npm Registry API

The npm Registry API provides programmatic access to the npm package registry, the largest software registry in the world hosting over two million JavaScript packages. Developer...

npm Public API

The npm Public API provides authenticated endpoints for managing npm access tokens, configuring trusted publishers, and exchanging OIDC tokens for short-lived registry access. I...

npm Hooks API

The npm Hooks API allows developers to subscribe to notifications about changes in the npm registry. Hooks send HTTP POST payloads to a configured URI whenever a package is chan...

npm CLI

The npm CLI is the official command-line interface for the npm package manager, providing developers with tools to install, publish, and manage JavaScript packages and their dep...

npm Provenance

npm Provenance provides supply chain security for JavaScript packages by establishing a verifiable link between a published package and its source code repository and build envi...

Event Specifications

npm Hooks Events

The npm Hooks event system delivers HTTP POST payloads to subscriber endpoints whenever changes occur in the npm registry. Hooks can be configured to watch for changes to indivi...

ASYNCAPI

Semantic Vocabularies

Npm Context

0 classes · 8 properties

JSON-LD

Resources

🔗
LinkedIn
LinkedIn
🌐
Portal
Portal
🔗
Documentation
Documentation
📰
Blog
Blog
🔗
Login
Login
💬
Support
Support
📜
PrivacyPolicy
PrivacyPolicy
📜
TermsOfService
TermsOfService
🔗
Website
Website
👥
GitHubOrg
GitHubOrg
🟢
StatusPage
StatusPage

Sources

Raw ↑ 
aid: npm
name: npm
description: >-
  npm is the world's largest software registry, hosting over two million JavaScript packages for the Node.js ecosystem.
  Their developer platform provides APIs for searching and retrieving package metadata, managing access tokens,
  subscribing to registry event webhooks, and publishing packages with supply chain provenance verification.
kind: contract
position: Consuming
access: 3rd-Party
image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg
tags:
  - Packages
  - JavaScript
  - Node.js
  - Package Management
  - Registry
  - Security
url: https://raw.githubusercontent.com/api-evangelist/npm/refs/heads/main/apis.yml
created: '2026-03-20'
modified: '2026-05-19'
specificationVersion: '0.19'
apis:
  - aid: npm:registry
    name: npm Registry API
    description: >-
      The npm Registry API provides programmatic access to the npm package registry, the largest software registry in
      the world hosting over two million JavaScript packages. Developers can query package metadata, download tarballs,
      search for packages, and retrieve version-specific information. The API follows CouchDB-based conventions and
      serves package manifests in JSON format, enabling tools and services to integrate with the npm ecosystem for
      dependency resolution, package discovery, and automated workflows.
    humanURL: https://github.com/npm/registry/blob/main/docs/REGISTRY-API.md
    baseURL: https://registry.npmjs.org
    tags:
      - Packages
      - JavaScript
      - Registry
      - Package Management
      - Node.js
    properties:
      - type: Documentation
        url: https://github.com/npm/registry/blob/main/docs/REGISTRY-API.md
      - type: OpenAPI
        url: openapi/npm-registry-api-openapi.yml
      - type: JSONSchema
        url: json-schema/npm-package-schema.json
  - aid: npm:public
    name: npm Public API
    description: >-
      The npm Public API provides authenticated endpoints for managing npm access tokens, configuring trusted
      publishers, and exchanging OIDC tokens for short-lived registry access. It supports creating, listing, and
      deleting npm access tokens with customizable permissions, scope restrictions, expiration settings, and CIDR IP
      range limitations. The API also enables CI/CD providers like GitHub Actions, GitLab CI, and CircleCI to publish
      packages securely through OIDC token exchange without requiring long-lived npm tokens.
    humanURL: https://api-docs.npmjs.com/
    baseURL: https://npm.pkg.github.com
    tags:
      - Packages
      - Tokens
      - Authentication
      - Security
      - OIDC
      - Access Control
    properties:
      - type: Documentation
        url: https://api-docs.npmjs.com/
      - type: OpenAPI
        url: openapi/npm-public-api-openapi.yml
  - aid: npm:hooks
    name: npm Hooks API
    description: >-
      The npm Hooks API allows developers to subscribe to notifications about changes in the npm registry. Hooks send
      HTTP POST payloads to a configured URI whenever a package is changed, enabling developers to build integrations
      that respond to registry events in real time. Users can add hooks to follow specific packages, track all activity
      of given npm users, or monitor all packages within an organization or user scope. The API provides endpoints for
      creating, listing, updating, and deleting hook subscriptions.
    humanURL: https://blog.npmjs.org/post/145260155635/introducing-hooks-get-notifications-of-npm
    tags:
      - Webhooks
      - Notifications
      - Events
      - Automation
      - Packages
    properties:
      - type: Documentation
        url: https://blog.npmjs.org/post/145260155635/introducing-hooks-get-notifications-of-npm
      - type: OpenAPI
        url: openapi/npm-hooks-api-openapi.yml
      - type: AsyncAPI
        url: asyncapi/npm-hooks-asyncapi.yml
      - type: JSONSchema
        url: json-schema/npm-hook-event-schema.json
  - aid: npm:cli
    name: npm CLI
    description: >-
      The npm CLI is the official command-line interface for the npm package manager, providing developers with tools to
      install, publish, and manage JavaScript packages and their dependencies. It supports package publishing with
      provenance attestation via Sigstore, workspace management for monorepos, script execution, semantic versioning,
      and comprehensive dependency tree management. The CLI is bundled with Node.js and serves as the primary developer
      interface for interacting with the npm registry.
    humanURL: https://docs.npmjs.com/cli
    tags:
      - Command Line
      - Package Management
      - JavaScript
      - Node.js
      - Developer Tools
    properties:
      - type: Documentation
        url: https://docs.npmjs.com/cli
      - type: SourceCode
        url: https://github.com/npm/cli
  - aid: npm:provenance
    name: npm Provenance
    description: >-
      npm Provenance provides supply chain security for JavaScript packages by establishing a verifiable link between a
      published package and its source code repository and build environment. When a package is published with
      provenance, it is signed using Sigstore public good servers and the attestation is logged in a public transparency
      ledger. This allows developers to verify where and how a package was built before downloading it, helping to
      protect against supply chain attacks and ensuring the integrity of the npm ecosystem.
    humanURL: https://docs.npmjs.com/generating-provenance-statements
    tags:
      - Security
      - Supply Chain
      - Verification
      - Sigstore
      - Transparency
      - CI/CD
    properties:
      - type: Documentation
        url: https://docs.npmjs.com/generating-provenance-statements
      - type: Documentation
        url: https://github.blog/security/supply-chain-security/introducing-npm-package-provenance/
common:
  - type: LinkedIn
    url: https://www.linkedin.com/company/npm-inc-
  - url: https://www.npmjs.com/
    name: npm Portal
    type: Portal
  - url: https://docs.npmjs.com/
    name: npm Documentation
    type: Documentation
  - url: https://blog.npmjs.org/
    name: npm Blog
    type: Blog
  - url: https://www.npmjs.com/login
    name: Login
    type: Login
  - url: https://www.npmjs.com/support
    name: Support
    type: Support
  - url: https://docs.npmjs.com/policies/privacy
    name: Privacy Policy
    type: PrivacyPolicy
  - url: https://docs.npmjs.com/policies/terms
    name: Terms of Service
    type: TermsOfService
  - url: https://www.npmjs.com/
    name: Website
    type: Website
  - url: https://github.com/npm
    name: GitHub Organization
    type: GitHubOrg
  - url: https://status.npmjs.org/
    name: Status
    type: StatusPage
maintainers:
  - FN: API Evangelist
    email: info@apievangelist.com