npm · wraithgar · Oct 5, 2025 · Oct 5, 2025 · Oct 5, 2025
@@ -15,8 +15,7 @@ Used to set access controls on private packages.
 For all of the subcommands, `npm access` will perform actions on the packages in the current working directory if no package name is passed to the subcommand.
 
 * grant / revoke:
-  Add or remove the ability of users and teams to have read-only or read-write
-  access to a package.
+  Add or remove the ability of users and teams to have read-only or read-write access to a package.
 
 ### Details
 
@@ -30,8 +29,7 @@ You must have privileges to set the access of a package:
 
 * You are an owner of an unscoped or scoped package.
 * You are a member of the team that owns a scope.
-* You have been given read-write privileges for a package, either as a member
-  of a team or directly as an owner.
+* You have been given read-write privileges for a package, either as a member of a team or directly as an owner.
 
 If you have two-factor authentication enabled then you'll be prompted to provide a second factor, or may use the `--otp=...` option to specify it on the command line.
 

@@ -145,8 +145,7 @@ If remediations do not require changes to the dependency ranges, then all vulner
 The `npm audit` command will exit with a 0 exit code if no vulnerabilities were found.
 The `npm audit fix` command will exit with 0 exit code if no vulnerabilities are found _or_ if the remediation is able to successfully fix all vulnerabilities.
 
-If vulnerabilities were found the exit code will depend on the
-[`audit-level` config](/using-npm/config#audit-level).
+If vulnerabilities were found the exit code will depend on the [`audit-level` config](/using-npm/config#audit-level).
 
 ### Examples
 

@@ -10,24 +10,20 @@ description: Clean install a project
 
 ### Description
 
-This command is similar to [`npm install`](/commands/npm-install), except it's meant to be used in automated environments such as test platforms,
-continuous integration, and deployment -- or any situation where you want to make sure you're doing a clean install of your dependencies.
+This command is similar to [`npm install`](/commands/npm-install), except it's meant to be used in automated environments such as test platforms, continuous integration, and deployment -- or any situation where you want to make sure you're doing a clean install of your dependencies.
 
 The main differences between using `npm install` and `npm ci` are:
 
 * The project **must** have an existing `package-lock.json` or
   `npm-shrinkwrap.json`.
 * If dependencies in the package lock do not match those in `package.json`,
   `npm ci` will exit with an error, instead of updating the package lock.
-* `npm ci` can only install entire projects at a time: individual
-  dependencies cannot be added with this command.
-* If a `node_modules` is already present, it will be automatically removed
-  before `npm ci` begins its install.
+* `npm ci` can only install entire projects at a time: individual dependencies cannot be added with this command.
+* If a `node_modules` is already present, it will be automatically removed before `npm ci` begins its install.
 * It will never write to `package.json` or any of the package-locks:
   installs are essentially frozen.
 
-NOTE: If you create your `package-lock.json` file by running `npm install`
-with flags that can affect the shape of your dependency tree, such as
+NOTE: If you create your `package-lock.json` file by running `npm install` with flags that can affect the shape of your dependency tree, such as
 `--legacy-peer-deps` or `--install-links`, you _must_ provide the same flags to `npm ci` or you are likely to encounter errors.
 An easy way to do this is to run, for example,
 `npm config set legacy-peer-deps=true --location=project` and commit the

@@ -57,8 +57,7 @@ npm config list
 
 Show all the config settings.
 Use `-l` to also show defaults.
-Use `--json`
-to show the settings in json format.
+Use `--json` to show the settings in json format.
 
 #### delete
 

@@ -44,8 +44,7 @@ a
 ```
 
 During the installation process, the `c@1.0.3` dependency for `b` was placed in the root of the tree.
-Though `d`'s dependency on `c@1.x` could have been satisfied by `c@1.0.3`, the newer `c@1.9.0` dependency was used,
-because npm favors updates by default, even when doing so causes duplication.
+Though `d`'s dependency on `c@1.x` could have been satisfied by `c@1.0.3`, the newer `c@1.9.0` dependency was used, because npm favors updates by default, even when doing so causes duplication.
 
 Running `npm dedupe` will cause npm to note the duplication and re-evaluate, deleting the nested `c` module, because the one in the root is sufficient.
 

@@ -18,8 +18,7 @@ It works on [version ranges](https://semver.npmjs.com/) as well as specific vers
 npm deprecate my-thing@"< 0.2.3" "critical bug fixed in v0.2.3"
 ```
 
-SemVer ranges passed to this command are interpreted such that they *do*
-include prerelease versions.
+SemVer ranges passed to this command are interpreted such that they *do* include prerelease versions.
 For example:
 
 ```bash
@@ -31,8 +30,7 @@ In this case, a version `my-thing@1.0.0-beta.0` will also be deprecated.
 You must be the package owner to deprecate something.
 See the `owner` and `adduser` help topics.
 
-To un-deprecate a package, specify an empty string (`""`) for the `message`
-argument.
+To un-deprecate a package, specify an empty string (`""`) for the `message` argument.
 Note that you must use double quotes with no space between them to format an empty string.
 
 ### Configuration

@@ -10,8 +10,7 @@ description: Open documentation for a package in a web browser
 
 ### Description
 
-This command tries to guess at the likely location of a package's documentation URL, and then tries to open it using the
-[`--browser` config](/using-npm/config#browser) param.
+This command tries to guess at the likely location of a package's documentation URL, and then tries to open it using the [`--browser` config](/using-npm/config#browser) param.
 You can pass multiple package names at once.
 If no package name is provided, it will search for a `package.json` in the current folder and use the `name` property.
 

@@ -14,15 +14,12 @@ description: Check the health of your npm environment
 npm is mostly a standalone tool, but it does have some basic requirements that must be met:
 
 + Node.js and git must be executable by npm.
-+ The primary npm registry, `registry.npmjs.com`, or another service that
-  uses the registry API, is available.
-+ The directories that npm uses, `node_modules` (both locally and
-  globally), exist and can be written by the current user.
++ The primary npm registry, `registry.npmjs.com`, or another service that uses the registry API, is available.
++ The directories that npm uses, `node_modules` (both locally and globally), exist and can be written by the current user.
 + The npm cache exists, and the package tarballs within it aren't corrupt.
 
 Without all of these working properly, npm may not work properly.
-Many issues are often attributable to things that are outside npm's code base,
-so `npm doctor` confirms that the npm installation is in a good state.
+Many issues are often attributable to things that are outside npm's code base, so `npm doctor` confirms that the npm installation is in a good state.
 
 Also, in addition to this, there are also very many issue reports due to using old versions of npm.
 Since npm is constantly improving, running `npm@latest` is better than an old version.
@@ -37,11 +34,9 @@ By default, npm installs from the primary npm registry,
 `registry.npmjs.org`.
 `npm doctor` hits a special connection testing endpoint within the registry.
 This can also be checked with `npm ping`.
-If this check fails, you may be using a proxy that needs to be configured, or may need to talk to your IT staff to get access over
-HTTPS to `registry.npmjs.org`.
+If this check fails, you may be using a proxy that needs to be configured, or may need to talk to your IT staff to get access over HTTPS to `registry.npmjs.org`.
 
-This check is done against whichever registry you've configured (you can see what that is by running `npm config get registry`), and if you're using
-a private registry that doesn't support the `/whoami` endpoint supported by the primary registry, this check may fail.
+This check is done against whichever registry you've configured (you can see what that is by running `npm config get registry`), and if you're using a private registry that doesn't support the `/whoami` endpoint supported by the primary registry, this check may fail.
 
 #### `Checking npm version`
 
@@ -52,8 +47,7 @@ The team believes that the latest tested version of npm is almost always likely
 #### `Checking node version`
 
 For most users, in most circumstances, the best version of Node will be the latest long-term support (LTS) release.
-Those of you who want access to new
-ECMAscript features or bleeding-edge changes to Node's standard library may be running a newer version, and some may be required to run an older version of Node because of enterprise change control policies.
+Those of you who want access to new ECMAscript features or bleeding-edge changes to Node's standard library may be running a newer version, and some may be required to run an older version of Node because of enterprise change control policies.
 That's OK!
 But in general, the npm team recommends that most users run Node.js LTS.
 
@@ -66,18 +60,15 @@ This part of `npm doctor` just lets you, and maybe whoever's helping you with su
 
 #### `Checking for git executable in PATH`
 
-While it's documented in the README, it may not be obvious that npm needs
-Git installed to do many of the things that it does.
-Also, in some cases
-– especially on Windows – you may have Git set up in such a way that it's not accessible via your `PATH` so that npm can find it.
+While it's documented in the README, it may not be obvious that npm needs Git installed to do many of the things that it does.
+Also, in some cases – especially on Windows – you may have Git set up in such a way that it's not accessible via your `PATH` so that npm can find it.
 This check ensures that Git is available.
 
 #### Permissions checks
 
 * Your cache must be readable and writable by the user running npm.
 * Global package binaries must be writable by the user running npm.
-* Your local `node_modules` path, if you're running `npm doctor` with a
-  project directory, must be readable and writable by the user running npm.
+* Your local `node_modules` path, if you're running `npm doctor` with a project directory, must be readable and writable by the user running npm.
 
 #### Validate the checksums of cached packages
 

@@ -10,8 +10,7 @@ description: Edit an installed package
 
 ### Description
 
-Selects a dependency in the current project and opens the package folder in the default editor (or whatever you've configured as the npm `editor`
-config -- see [`npm-config`](npm-config).)
+Selects a dependency in the current project and opens the package folder in the default editor (or whatever you've configured as the npm `editor` config -- see [`npm-config`](npm-config).)
 
 After it has been edited, the package is rebuilt so as to pick up any changes in compiled packages.
 

@@ -12,8 +12,7 @@ description: Retrieve funding information
 
 This command retrieves information on how to fund the dependencies of a given project.
 If no package name is provided, it will list all dependencies that are looking for funding in a tree structure, listing the type of funding and the url to visit.
-If a package name is provided then it tries to open its funding url using the
-[`--browser` config](/using-npm/config#browser) param; if there are multiple funding sources for the package, the user will be instructed to pass the
+If a package name is provided then it tries to open its funding url using the [`--browser` config](/using-npm/config#browser) param; if there are multiple funding sources for the package, the user will be instructed to pass the
 `--which` option to disambiguate.
 
 The list will avoid duplicated entries and will stack all packages that share the same url as a single entry.
@@ -23,8 +22,7 @@ Thus, the list does not have the same shape of the output from `npm ls`.
 
 ### Workspaces support
 
-It's possible to filter the results to only include a single workspace and its dependencies using the
-[`workspace` config](/using-npm/config#workspace) option.
+It's possible to filter the results to only include a single workspace and its dependencies using the [`workspace` config](/using-npm/config#workspace) option.
 
 #### Example:
 

@@ -33,31 +33,27 @@ If you pass `--scope`, it will create a scoped package.
 *Note:* if a user already has the `create-<initializer>` package globally installed, that will be what `npm init` uses.
 If you want npm to use the latest version, or another specific version you must specify it:
 
-* `npm init foo@latest` # fetches and runs the latest `create-foo` from
-    the registry
+* `npm init foo@latest` # fetches and runs the latest `create-foo` from the registry
 * `npm init foo@1.2.3` #  runs `create-foo@1.2.3` specifically
 
 #### Forwarding additional options
 
 Any additional options will be passed directly to the command, so `npm init foo -- --hello` will map to `npm exec -- create-foo --hello`.
 
-To better illustrate how options are forwarded, here's a more evolved example showing options passed to both the **npm cli** and a create package,
-both following commands are equivalent:
+To better illustrate how options are forwarded, here's a more evolved example showing options passed to both the **npm cli** and a create package, both following commands are equivalent:
 
 - `npm init foo -y --registry=<url> -- --hello -a`
 - `npm exec -y --registry=<url> -- create-foo --hello -a`
 
 ### Examples
 
-Create a new React-based project using
-[`create-react-app`](https://npm.im/create-react-app):
+Create a new React-based project using [`create-react-app`](https://npm.im/create-react-app):
 
 ```bash
 $ npm init react-app ./my-react-app
 ```
 
-Create a new `esm`-compatible package using
-[`create-esm`](https://npm.im/create-esm):
+Create a new `esm`-compatible package using [`create-esm`](https://npm.im/create-esm):
 
 ```bash
 $ mkdir my-esm-lib && cd my-esm-lib
@@ -111,11 +107,9 @@ That will generate a new folder and `package.json` file, while also updating you
        `-- package.json
 ```
 
-The workspaces init also supports the `npm init <initializer> -w <dir>`
-syntax, following the same set of rules explained earlier in the initial
+The workspaces init also supports the `npm init <initializer> -w <dir>` syntax, following the same set of rules explained earlier in the initial
 **Description** section of this page.
-Similar to the previous example of creating a new React-based project using
-[`create-react-app`](https://npm.im/create-react-app), the following syntax will make sure to create the new react app as a nested **workspace** within your project and configure your `package.json` to recognize it as such:
+Similar to the previous example of creating a new React-based project using [`create-react-app`](https://npm.im/create-react-app), the following syntax will make sure to create the new react app as a nested **workspace** within your project and configure your `package.json` to recognize it as such:
 
 ```bash
 npm init -w packages/my-react-app react-app .

@@ -17,19 +17,15 @@ If the package has a package-lock, or an npm shrinkwrap file, or a yarn lock fil
 * `package-lock.json`
 * `yarn.lock`
 
-See [package-lock.json](/configuring-npm/package-lock-json) and
-[`npm shrinkwrap`](/commands/npm-shrinkwrap).
+See [package-lock.json](/configuring-npm/package-lock-json) and [`npm shrinkwrap`](/commands/npm-shrinkwrap).
 
 A `package` is:
 
-* a) a folder containing a program described by a
-  [`package.json`](/configuring-npm/package-json) file
+* a) a folder containing a program described by a [`package.json`](/configuring-npm/package-json) file
 * b) a gzipped tarball containing (a)
 * c) a url that resolves to (b)
-* d) a `<name>@<version>` that is published on the registry (see
-  [`registry`](/using-npm/registry)) with (c)
-* e) a `<name>@<tag>` (see [`npm dist-tag`](/commands/npm-dist-tag)) that
-  points to (d)
+* d) a `<name>@<version>` that is published on the registry (see [`registry`](/using-npm/registry)) with (c)
+* e) a `<name>@<tag>` (see [`npm dist-tag`](/commands/npm-dist-tag)) that points to (d)
 * f) a `<name>` that has a "latest" tag satisfying (e)
 * g) a `<git remote url>` that resolves to (a)
 

@@ -23,12 +23,10 @@ Next, in some other location, `npm link package-name` will create a symbolic lin
 Note that `package-name` is taken from `package.json`, _not_ from the directory name.
 
 The package name can be optionally prefixed with a scope.
-See
-[`scope`](/using-npm/scope).
+See [`scope`](/using-npm/scope).
 The scope must be preceded by an @-symbol and followed by a slash.
 
-When creating tarballs for `npm publish`, the linked packages are
-"snapshotted" to their current state by resolving the symbolic links, if they are included in `bundleDependencies`.
+When creating tarballs for `npm publish`, the linked packages are "snapshotted" to their current state by resolving the symbolic links, if they are included in `bundleDependencies`.
 
 For example:
 
@@ -71,10 +69,8 @@ npm link @myorg/privatepackage
 
 ### Caveat
 
-Note that package dependencies linked in this way are _not_ saved to `package.json` by default, on the assumption that the intention is to have
-a link stand in for a regular non-link dependency.
-Otherwise, for example,
-if you depend on `redis@^3.0.1`, and ran `npm link redis`, it would replace the `^3.0.1` dependency with `file:../path/to/node-redis`, which you probably don't want!  Additionally, other users or developers on your project would run into issues if they do not have their folders set up exactly the same as yours.
+Note that package dependencies linked in this way are _not_ saved to `package.json` by default, on the assumption that the intention is to have a link stand in for a regular non-link dependency.
+Otherwise, for example, if you depend on `redis@^3.0.1`, and ran `npm link redis`, it would replace the `^3.0.1` dependency with `file:../path/to/node-redis`, which you probably don't want!  Additionally, other users or developers on your project would run into issues if they do not have their folders set up exactly the same as yours.
 
 If you are adding a _new_ dependency as a link, you should add it to the relevant metadata by running `npm install <dep> --package-lock-only`.
 

@@ -24,8 +24,7 @@ To reset your password, go to <https://www.npmjs.com/forgot>
 To change your email address, go to <https://www.npmjs.com/email-edit>
 
 You may use this command multiple times with the same user account to authorize on a new machine.
-When authenticating on a new machine,
-the username, password and email address must all match with your existing record.
+When authenticating on a new machine, the username, password and email address must all match with your existing record.
 
 ### Configuration
 

@@ -49,8 +49,7 @@ $ npm org ls my-org @mx-santos
 ### Description
 
 You can use the `npm org` commands to manage and view users of an organization.
-It supports adding and removing users, changing their roles,
-listing them, and finding specific ones and their roles.
+It supports adding and removing users, changing their roles, listing them, and finding specific ones and their roles.
 
 ### Configuration