npm logo

npm

npm is the world's largest software registry, hosting over two million JavaScript packages for the Node.js ecosystem. Their developer platform provides APIs for searching and retrieving package metadata, managing access tokens, subscribing to registry event webhooks, and publishing packages with supply chain provenance verification.

5 APIs 0 Features
PackagesJavaScriptNode.jsPackage ManagementRegistrySecurity

APIs

npm Registry API

The npm Registry API provides programmatic access to the npm package registry, the largest software registry in the world hosting over two million JavaScript packages. Developer...

npm Public API

The npm Public API provides authenticated endpoints for managing npm access tokens, configuring trusted publishers, and exchanging OIDC tokens for short-lived registry access. I...

npm Hooks API

The npm Hooks API allows developers to subscribe to notifications about changes in the npm registry. Hooks send HTTP POST payloads to a configured URI whenever a package is chan...

npm CLI

The npm CLI is the official command-line interface for the npm package manager, providing developers with tools to install, publish, and manage JavaScript packages and their dep...

npm Provenance

npm Provenance provides supply chain security for JavaScript packages by establishing a verifiable link between a published package and its source code repository and build envi...

Event Specifications

npm Hooks Events

The npm Hooks event system delivers HTTP POST payloads to subscriber endpoints whenever changes occur in the npm registry. Hooks can be configured to watch for changes to indivi...

ASYNCAPI

Semantic Vocabularies

Npm Context

0 classes · 8 properties

JSON-LD

Resources

🌐
Portal
Portal
🔗
Documentation
Documentation
📰
Blog
Blog
🔗
Login
Login
💬
Support
Support
📜
PrivacyPolicy
PrivacyPolicy
📜
TermsOfService
TermsOfService
🔗
Website
Website
👥
GitHubOrg
GitHubOrg
🟢
StatusPage
StatusPage

Sources

Raw ↑ 
aid: npm
name: npm
description: >-
  npm is the world's largest software registry, hosting over two million
  JavaScript packages for the Node.js ecosystem. Their developer platform
  provides APIs for searching and retrieving package metadata, managing access
  tokens, subscribing to registry event webhooks, and publishing packages with
  supply chain provenance verification.
type: Contract
position: Consuming
access: 3rd-Party
image: https://kinlane-productions.s3.amazonaws.com/apis-json/apis-json-logo.jpg
tags:
  - Packages
  - JavaScript
  - Node.js
  - Package Management
  - Registry
  - Security
url: https://raw.githubusercontent.com/api-evangelist/npm/refs/heads/main/apis.yml
created: '2026-03-20'
modified: '2026-04-28'
specificationVersion: '0.19'
apis:
  - aid: npm:registry
    name: npm Registry API
    description: >-
      The npm Registry API provides programmatic access to the npm package
      registry, the largest software registry in the world hosting over two
      million JavaScript packages. Developers can query package metadata,
      download tarballs, search for packages, and retrieve version-specific
      information. The API follows CouchDB-based conventions and serves package
      manifests in JSON format, enabling tools and services to integrate with
      the npm ecosystem for dependency resolution, package discovery, and
      automated workflows.
    humanURL: https://github.com/npm/registry/blob/main/docs/REGISTRY-API.md
    baseURL: https://registry.npmjs.org
    tags:
      - Packages
      - JavaScript
      - Registry
      - Package Management
      - Node.js
    properties:
      - type: Documentation
        url: https://github.com/npm/registry/blob/main/docs/REGISTRY-API.md
      - type: OpenAPI
        url: openapi/npm-registry-api-openapi.yml
      - type: JSONSchema
        url: json-schema/npm-package-schema.json
  - aid: npm:public
    name: npm Public API
    description: >-
      The npm Public API provides authenticated endpoints for managing npm
      access tokens, configuring trusted publishers, and exchanging OIDC tokens
      for short-lived registry access. It supports creating, listing, and
      deleting npm access tokens with customizable permissions, scope
      restrictions, expiration settings, and CIDR IP range limitations. The API
      also enables CI/CD providers like GitHub Actions, GitLab CI, and CircleCI
      to publish packages securely through OIDC token exchange without
      requiring long-lived npm tokens.
    humanURL: https://api-docs.npmjs.com/
    baseURL: https://npm.pkg.github.com
    tags:
      - Packages
      - Tokens
      - Authentication
      - Security
      - OIDC
      - Access Control
    properties:
      - type: Documentation
        url: https://api-docs.npmjs.com/
      - type: OpenAPI
        url: openapi/npm-public-api-openapi.yml
  - aid: npm:hooks
    name: npm Hooks API
    description: >-
      The npm Hooks API allows developers to subscribe to notifications about
      changes in the npm registry. Hooks send HTTP POST payloads to a configured
      URI whenever a package is changed, enabling developers to build
      integrations that respond to registry events in real time. Users can add
      hooks to follow specific packages, track all activity of given npm users,
      or monitor all packages within an organization or user scope. The API
      provides endpoints for creating, listing, updating, and deleting hook
      subscriptions.
    humanURL: https://blog.npmjs.org/post/145260155635/introducing-hooks-get-notifications-of-npm
    tags:
      - Webhooks
      - Notifications
      - Events
      - Automation
      - Packages
    properties:
      - type: Documentation
        url: https://blog.npmjs.org/post/145260155635/introducing-hooks-get-notifications-of-npm
      - type: OpenAPI
        url: openapi/npm-hooks-api-openapi.yml
      - type: AsyncAPI
        url: asyncapi/npm-hooks-asyncapi.yml
      - type: JSONSchema
        url: json-schema/npm-hook-event-schema.json
  - aid: npm:cli
    name: npm CLI
    description: >-
      The npm CLI is the official command-line interface for the npm package
      manager, providing developers with tools to install, publish, and manage
      JavaScript packages and their dependencies. It supports package
      publishing with provenance attestation via Sigstore, workspace management
      for monorepos, script execution, semantic versioning, and comprehensive
      dependency tree management. The CLI is bundled with Node.js and serves
      as the primary developer interface for interacting with the npm registry.
    humanURL: https://docs.npmjs.com/cli
    tags:
      - Command Line
      - Package Management
      - JavaScript
      - Node.js
      - Developer Tools
    properties:
      - type: Documentation
        url: https://docs.npmjs.com/cli
      - type: SourceCode
        url: https://github.com/npm/cli
  - aid: npm:provenance
    name: npm Provenance
    description: >-
      npm Provenance provides supply chain security for JavaScript packages
      by establishing a verifiable link between a published package and its
      source code repository and build environment. When a package is published
      with provenance, it is signed using Sigstore public good servers and the
      attestation is logged in a public transparency ledger. This allows
      developers to verify where and how a package was built before downloading
      it, helping to protect against supply chain attacks and ensuring the
      integrity of the npm ecosystem.
    humanURL: https://docs.npmjs.com/generating-provenance-statements
    tags:
      - Security
      - Supply Chain
      - Verification
      - Sigstore
      - Transparency
      - CI/CD
    properties:
      - type: Documentation
        url: https://docs.npmjs.com/generating-provenance-statements
      - type: Documentation
        url: https://github.blog/security/supply-chain-security/introducing-npm-package-provenance/
common:
  - url: https://www.npmjs.com/
    name: npm Portal
    type: Portal
  - url: https://docs.npmjs.com/
    name: npm Documentation
    type: Documentation
  - url: https://blog.npmjs.org/
    name: npm Blog
    type: Blog
  - url: https://www.npmjs.com/login
    name: Login
    type: Login
  - url: https://www.npmjs.com/support
    name: Support
    type: Support
  - url: https://docs.npmjs.com/policies/privacy
    name: Privacy Policy
    type: PrivacyPolicy
  - url: https://docs.npmjs.com/policies/terms
    name: Terms of Service
    type: TermsOfService
  - url: https://www.npmjs.com/
    name: Website
    type: Website
  - url: https://github.com/npm
    name: GitHub Organization
    type: GitHubOrg
  - url: https://status.npmjs.org/
    name: Status
    type: StatusPage
maintainers:
  - FN: API Evangelist
    email: [email protected]