File Explorer

/var/lang/lib/node_modules/npm/man/man1
This explorer reads the filesystem of the server it runs on, so /workspace/user isn't present here. Browsing and the terminal still work against this server's own disk from /.
0 dirs
70 files
npm-install.130.9 KB · 831 lines
1.TH "NPM-INSTALL" "1" "February 2026" "NPM@11.11.0" ""2.SH "NAME"3\fBnpm-install\fR - Install a package4.SS "Synopsis"5.P6.RS 27.nf8npm install \[lB]<package-spec> ...\[rB]9 10aliases: add, i, in, ins, inst, insta, instal, isnt, isnta, isntal, isntall11.fi12.RE13.SS "Description"14.P15This command installs a package and any packages that it depends on. If the package has a package-lock, or an npm shrinkwrap file, or a yarn lock file, the installation of dependencies will be driven by that, respecting the following order of precedence:16.RS 017.IP \(bu 418\fBnpm-shrinkwrap.json\fR19.IP \(bu 420\fBpackage-lock.json\fR21.IP \(bu 422\fByarn.lock\fR23.RE 024 25.P26See \fBpackage-lock.json\fR \fI\(la/configuring-npm/package-lock-json\(ra\fR and npm help shrinkwrap.27.SS "How \fBnpm install\fR uses \fBpackage-lock.json\fR"28.P29When you run \fBnpm install\fR without arguments, npm compares \fBpackage.json\fR and \fBpackage-lock.json\fR:30.RS 031.IP \(bu 432\fBIf the lockfile's resolved versions satisfy the \fBpackage.json\fB ranges:\fR npm uses the exact versions from \fBpackage-lock.json\fR to ensure reproducible builds across environments.33.IP \(bu 434\fBIf the ranges don't match:\fR npm resolves new versions that satisfy the \fBpackage.json\fR ranges and updates \fBpackage-lock.json\fR accordingly. This happens when you modify version ranges in \fBpackage.json\fR (e.g., changing \fB^7.0.0\fR to \fB^8.0.0\fR). Note that changing a range within the same major version (e.g., \fB^7.0.0\fR to \fB^7.1.0\fR) will only update the metadata in the lockfile if the currently installed version still satisfies the new range.35.RE 036 37.P38In essence, \fBpackage-lock.json\fR locks your dependencies to specific versions, but \fBpackage.json\fR is the source of truth for acceptable version ranges. When the lockfile's versions satisfy the \fBpackage.json\fR ranges, the lockfile wins. When they conflict, \fBpackage.json\fR wins and the lockfile is updated.39.P40If you want to install packages while ensuring that \fBpackage.json\fR is not modified and that both files are strictly in sync, use npm help ci instead.41.P42A \fBpackage\fR is:43.RS 044.IP \(bu 445a) a folder containing a program described by a \fB\[rs]fBpackage.json\[rs]fR\fR \fI\(la/configuring-npm/package-json\(ra\fR file46.IP \(bu 447b) a gzipped tarball containing (a)48.IP \(bu 449c) a url that resolves to (b)50.IP \(bu 451d) a \fB<name>@<version>\fR that is published on the registry (see npm help registry) with (c)52.IP \(bu 453e) a \fB<name>@<tag>\fR (see npm help dist-tag) that points to (d)54.IP \(bu 455f) a \fB<name>\fR that has a "latest" tag satisfying (e)56.IP \(bu 457g) a \fB<git remote url>\fR that resolves to (a)58.RE 059 60.P61Even if you never publish your package, you can still get a lot of benefits of using npm if you just want to write a node program (a), and perhaps if you also want to be able to easily install it elsewhere after packing it up into a tarball (b).62.RS 063.IP \(bu 464\fBnpm install\fR (in a package directory, no arguments):65.P66Install the dependencies to the local \fBnode_modules\fR folder.67.P68In global mode (ie, with \fB-g\fR or \fB--global\fR appended to the command), it installs the current package context (ie, the current working directory) as a global package.69.P70By default, \fBnpm install\fR will install all modules listed as dependencies in \fB\[rs]fBpackage.json\[rs]fR\fR \fI\(la/configuring-npm/package-json\(ra\fR.71.P72With the \fB--production\fR flag (or when the \fBNODE_ENV\fR environment variable is set to \fBproduction\fR), npm will not install modules listed in \fBdevDependencies\fR. To install all modules listed in both \fBdependencies\fR and \fBdevDependencies\fR when \fBNODE_ENV\fR environment variable is set to \fBproduction\fR, you can use \fB--production=false\fR.73.RS 474.P75NOTE: The \fB--production\fR flag has no particular meaning when adding a dependency to a project.76.RE 077 78.IP \(bu 479\fBnpm install <folder>\fR:80.P81If \fB<folder>\fR sits inside the root of your project, its dependencies will be installed and may be hoisted to the top-level \fBnode_modules\fR as they would for other types of dependencies. If \fB<folder>\fR sits outside the root of your project, \fInpm will not install the package dependencies\fR in the directory \fB<folder>\fR, but it will create a symlink to \fB<folder>\fR.82.RS 483.P84NOTE: If you want to install the content of a directory like a package from the registry instead of creating a link, you would need to use the \fB--install-links\fR option.85.RE 086 87.P88Example:89.P90.RS 291.nf92npm install ../../other-package --install-links93npm install ./sub-package94.fi95.RE96.IP \(bu 497\fBnpm install <tarball file>\fR:98.P99Install a package that is sitting on the filesystem. Note: if you just want to link a dev directory into your npm root, you can do this more easily by using npm help link.100.P101Tarball requirements:102.RS 4103.IP \(bu 4104The filename \fImust\fR use \fB.tar\fR, \fB.tar.gz\fR, or \fB.tgz\fR as the extension.105.IP \(bu 4106The package contents should reside in a subfolder inside the tarball (usually it is called \fBpackage/\fR). npm strips one directory layer when installing the package (an equivalent of \fBtar x --strip-components=1\fR is run).107.IP \(bu 4108The package must contain a \fBpackage.json\fR file with \fBname\fR and \fBversion\fR properties.109.RE 0110 111.P112Example:113.P114.RS 2115.nf116npm install ./package.tgz117.fi118.RE119.IP \(bu 4120\fBnpm install <tarball url>\fR:121.P122Fetch the tarball url, and then install it. In order to distinguish between this and other options, the argument must start with "http://" or "https://"123.P124Example:125.P126.RS 2127.nf128npm install https://github.com/indexzero/forever/tarball/v0.5.6129.fi130.RE131.IP \(bu 4132\fBnpm install \[lB]<@scope>/\[rB]<name>\fR:133.P134Do a \fB<name>@<tag>\fR install, where \fB<tag>\fR is the "tag" config. (See \fB\[rs]fBconfig\[rs]fR\fR \fI\(la/using-npm/config#tag\(ra\fR. The config's default value is \fBlatest\fR.)135.P136In most cases, this will install the version of the modules tagged as \fBlatest\fR on the npm registry.137.P138\fBNote:\fR When installing by name without specifying a version or tag, npm prioritizes versions that match the current Node.js version based on the package's \fBengines\fR field. If the \fBlatest\fR tag points to a version incompatible with your current Node.js version, npm will install the newest compatible version instead. To install a specific version regardless of \fBengines\fR compatibility, explicitly specify the version or tag: \fBnpm install <name>@latest\fR.139.P140Example:141.P142.RS 2143.nf144npm install sax145.fi146.RE147.P148\fBnpm install\fR saves any specified packages into \fBdependencies\fR by default. Additionally, you can control where and how they get saved with some additional flags:149.RS 4150.IP \(bu 4151\fB-P, --save-prod\fR: Package will appear in your \fBdependencies\fR. This is the default unless \fB-D\fR or \fB-O\fR are present.152.IP \(bu 4153\fB-D, --save-dev\fR: Package will appear in your \fBdevDependencies\fR.154.IP \(bu 4155\fB--save-peer\fR: Package will appear in your \fBpeerDependencies\fR.156.IP \(bu 4157\fB-O, --save-optional\fR: Package will appear in your \fBoptionalDependencies\fR.158.IP \(bu 4159\fB--no-save\fR: Prevents saving to \fBdependencies\fR.160.RE 0161 162.P163When using any of the above options to save dependencies to your package.json, there are two additional, optional flags:164.RS 4165.IP \(bu 4166\fB-E, --save-exact\fR: Saved dependencies will be configured with an exact version rather than using npm's default semver range operator.167.IP \(bu 4168\fB-B, --save-bundle\fR: Saved dependencies will also be added to your \fBbundleDependencies\fR list.169.RE 0170 171.P172Further, if you have an \fBnpm-shrinkwrap.json\fR or \fBpackage-lock.json\fR then it will be updated as well.173.P174\fB<scope>\fR is optional. The package will be downloaded from the registry associated with the specified scope. If no registry is associated with the given scope the default registry is assumed. See npm help scope.175.P176Note: if you do not include the @-symbol on your scope name, npm will interpret this as a GitHub repository instead, see below. Scopes names must also be followed by a slash.177.P178Examples:179.P180.RS 2181.nf182npm install sax183npm install githubname/reponame184npm install @myorg/privatepackage185npm install node-tap --save-dev186npm install dtrace-provider --save-optional187npm install readable-stream --save-exact188npm install ansi-regex --save-bundle189.fi190.RE191.IP \(bu 4192\fBnpm install <alias>@npm:<name>\fR:193.P194Install a package under a custom alias. Allows multiple versions of a same-name package side-by-side, more convenient import names for packages with otherwise long ones, and using git forks replacements or forked npm packages as replacements. Aliasing works only on your project and does not rename packages in transitive dependencies. Aliases should follow the naming conventions stated in \fB\[rs]fBvalidate-npm-package-name\[rs]fR\fR \fI\(lahttps://www.npmjs.com/package/validate-npm-package-name#naming-rules\(ra\fR.195.P196Examples:197.P198.RS 2199.nf200npm install my-react@npm:react201npm install jquery2@npm:jquery@2202npm install jquery3@npm:jquery@3203npm install npa@npm:npm-package-arg204.fi205.RE206.IP \(bu 4207\fBnpm install \[lB]<@scope>/\[rB]<name>@<tag>\fR:208.P209Install the version of the package that is referenced by the specified tag. If the tag does not exist in the registry data for that package, then this will fail.210.P211Example:212.P213.RS 2214.nf215npm install sax@latest216npm install @myorg/mypackage@latest217.fi218.RE219.IP \(bu 4220\fBnpm install \[lB]<@scope>/\[rB]<name>@<version>\fR:221.P222Install the specified version of the package. This will fail if the version has not been published to the registry.223.P224Example:225.P226.RS 2227.nf228npm install sax@0.1.1229npm install @myorg/privatepackage@1.5.0230.fi231.RE232.IP \(bu 4233\fBnpm install \[lB]<@scope>/\[rB]<name>@<version range>\fR:234.P235Install a version of the package matching the specified version range. This will follow the same rules for resolving dependencies described in \fB\[rs]fBpackage.json\[rs]fR\fR \fI\(la/configuring-npm/package-json\(ra\fR.236.P237Note that most version ranges must be put in quotes so that your shell will treat it as a single argument.238.P239Example:240.P241.RS 2242.nf243npm install sax@">=0.1.0 <0.2.0"244npm install @myorg/privatepackage@"16 - 17"245.fi246.RE247.P248\fBPrerelease versions:\fR By default, version ranges only match stable versions. To include prerelease versions, they must be explicitly specified in the range. Prerelease versions are tied to a specific version triple (major.minor.patch). For example, \fB^1.2.3-beta.1\fR will only match prereleases for \fB1.2.x\fR, not \fB1.3.x\fR. To match all prereleases for a major version, use a range like \fB^1.0.0-0\fR, which will include all \fB1.x.x\fR prereleases.249.P250Example:251.P252.RS 2253.nf254npm install package@^1.2.3-beta.1  # Matches 1.2.3-beta.1, 1.2.3-beta.2, 1.2.4-beta.1, etc.255npm install package@^1.0.0-0       # Matches all 1.x.x prereleases and stable versions256.fi257.RE258.IP \(bu 4259\fBnpm install <git remote url>\fR:260.P261Installs the package from the hosted git provider, cloning it with \fBgit\fR. For a full git remote url, only that URL will be attempted.262.P263.RS 2264.nf265<protocol>://\[lB]<user>\[lB]:<password>\[rB]@\[rB]<hostname>\[lB]:<port>\[rB]\[lB]:\[rB]\[lB]/\[rB]<path>\[lB]#<commit-ish> | #semver:<semver>\[rB]266.fi267.RE268.P269\fB<protocol>\fR is one of \fBgit\fR, \fBgit+ssh\fR, \fBgit+http\fR, \fBgit+https\fR, or \fBgit+file\fR.270.P271If \fB#<commit-ish>\fR is provided, it will be used to clone exactly that commit. If the commit-ish has the format \fB#semver:<semver>\fR, \fB<semver>\fR can be any valid semver range or exact version, and npm will look for any tags or refs matching that range in the remote repository, much as it would for a registry dependency. If neither \fB#<commit-ish>\fR or \fB#semver:<semver>\fR is specified, then the default branch of the repository is used.272.P273If the repository makes use of submodules, those submodules will be cloned as well.274.P275If the package being installed contains a \fBprepare\fR script, its \fBdependencies\fR and \fBdevDependencies\fR will be installed, and the prepare script will be run, before the package is packaged and installed.276.P277The following git environment variables are recognized by npm and will be added to the environment when running git:278.RS 4279.IP \(bu 4280\fBGIT_ASKPASS\fR281.IP \(bu 4282\fBGIT_EXEC_PATH\fR283.IP \(bu 4284\fBGIT_PROXY_COMMAND\fR285.IP \(bu 4286\fBGIT_SSH\fR287.IP \(bu 4288\fBGIT_SSH_COMMAND\fR289.IP \(bu 4290\fBGIT_SSL_CAINFO\fR291.IP \(bu 4292\fBGIT_SSL_NO_VERIFY\fR293.RE 0294 295.P296See the git man page for details.297.P298Examples:299.P300.RS 2301.nf302npm install git+ssh://git@github.com:npm/cli.git#v1.0.27303npm install git+ssh://git@github.com:npm/cli#pull/273304npm install git+ssh://git@github.com:npm/cli#semver:^5.0305npm install git+https://isaacs@github.com/npm/cli.git306npm install git://github.com/npm/cli.git#v1.0.27307GIT_SSH_COMMAND='ssh -i ~/.ssh/custom_ident' npm install git+ssh://git@github.com:npm/cli.git308.fi309.RE310.IP \(bu 4311\fBnpm install <githubname>/<githubrepo>\[lB]#<commit-ish>\[rB]\fR:312.IP \(bu 4313\fBnpm install github:<githubname>/<githubrepo>\[lB]#<commit-ish>\[rB]\fR:314.P315Install the package at \fBhttps://github.com/githubname/githubrepo\fR by attempting to clone it using \fBgit\fR.316.P317If \fB#<commit-ish>\fR is provided, it will be used to clone exactly that commit. If the commit-ish has the format \fB#semver:<semver>\fR, \fB<semver>\fR can be any valid semver range or exact version, and npm will look for any tags or refs matching that range in the remote repository, much as it would for a registry dependency. If neither \fB#<commit-ish>\fR or \fB#semver:<semver>\fR is specified, then the default branch is used.318.P319As with regular git dependencies, \fBdependencies\fR and \fBdevDependencies\fR will be installed if the package has a \fBprepare\fR script before the package is done installing.320.P321Examples:322.P323.RS 2324.nf325npm install mygithubuser/myproject326npm install github:mygithubuser/myproject327.fi328.RE329.IP \(bu 4330\fBnpm install gist:\[lB]<githubname>/\[rB]<gistID>\[lB]#<commit-ish>|#semver:<semver>\[rB]\fR:331.P332Install the package at \fBhttps://gist.github.com/gistID\fR by attempting to clone it using \fBgit\fR. The GitHub username associated with the gist is optional and will not be saved in \fBpackage.json\fR.333.P334As with regular git dependencies, \fBdependencies\fR and \fBdevDependencies\fR will be installed if the package has a \fBprepare\fR script before the package is done installing.335.P336Example:337.P338.RS 2339.nf340npm install gist:101a11beef341.fi342.RE343.IP \(bu 4344\fBnpm install bitbucket:<bitbucketname>/<bitbucketrepo>\[lB]#<commit-ish>\[rB]\fR:345.P346Install the package at \fBhttps://bitbucket.org/bitbucketname/bitbucketrepo\fR by attempting to clone it using \fBgit\fR.347.P348If \fB#<commit-ish>\fR is provided, it will be used to clone exactly that commit. If the commit-ish has the format \fB#semver:<semver>\fR, \fB<semver>\fR can be any valid semver range or exact version, and npm will look for any tags or refs matching that range in the remote repository, much as it would for a registry dependency. If neither \fB#<commit-ish>\fR or \fB#semver:<semver>\fR is specified, then \fBmaster\fR is used.349.P350As with regular git dependencies, \fBdependencies\fR and \fBdevDependencies\fR will be installed if the package has a \fBprepare\fR script before the package is done installing.351.P352Example:353.P354.RS 2355.nf356npm install bitbucket:mybitbucketuser/myproject357.fi358.RE359.IP \(bu 4360\fBnpm install gitlab:<gitlabname>/<gitlabrepo>\[lB]#<commit-ish>\[rB]\fR:361.P362Install the package at \fBhttps://gitlab.com/gitlabname/gitlabrepo\fR by attempting to clone it using \fBgit\fR.363.P364If \fB#<commit-ish>\fR is provided, it will be used to clone exactly that commit. If the commit-ish has the format \fB#semver:<semver>\fR, \fB<semver>\fR can be any valid semver range or exact version, and npm will look for any tags or refs matching that range in the remote repository, much as it would for a registry dependency. If neither \fB#<commit-ish>\fR or \fB#semver:<semver>\fR is specified, then \fBmaster\fR is used.365.P366As with regular git dependencies, \fBdependencies\fR and \fBdevDependencies\fR will be installed if the package has a \fBprepare\fR script before the package is done installing.367.P368Example:369.P370.RS 2371.nf372npm install gitlab:mygitlabuser/myproject373npm install gitlab:myusr/myproj#semver:^5.0374.fi375.RE376.RE 0377 378.P379You may combine multiple arguments and even multiple types of arguments. For example:380.P381.RS 2382.nf383npm install sax@">=0.1.0 <0.2.0" bench supervisor384.fi385.RE386.P387The \fB--tag\fR argument will apply to all of the specified install targets. If a tag with the given name exists, the tagged version is preferred over newer versions.388.P389\fBNote:\fR The \fB--tag\fR option only affects packages specified on the command line. It does not override version ranges specified in \fBpackage.json\fR. For example, if \fBpackage.json\fR specifies \fB"foo": "^1.0.0"\fR and you run \fBnpm install --tag beta\fR, npm will still install a version matching \fB^1.0.0\fR even if the \fBbeta\fR tag points to a different version. To install a tagged version, specify the package explicitly: \fBnpm install foo@beta\fR.390.P391The \fB--dry-run\fR argument will report in the usual way what the install would have done without actually installing anything.392.P393The \fB--package-lock-only\fR argument will only update the \fBpackage-lock.json\fR, instead of checking \fBnode_modules\fR and downloading dependencies.394.P395The \fB-f\fR or \fB--force\fR argument will force npm to fetch remote resources even if a local copy exists on disk.396.P397.RS 2398.nf399npm install sax --force400.fi401.RE402.SS "Configuration"403.P404See the npm help config help doc. Many of the configuration params have some effect on installation, since that's most of what npm does.405.P406These are some of the most common options related to installation.407.SS "\fBsave\fR"408.RS 0409.IP \(bu 4410Default: \fBtrue\fR unless when using \fBnpm update\fR where it defaults to \fBfalse\fR411.IP \(bu 4412Type: Boolean413.RE 0414 415.P416Save installed packages to a \fBpackage.json\fR file as dependencies.417.P418When used with the \fBnpm rm\fR command, removes the dependency from \fBpackage.json\fR.419.P420Will also prevent writing to \fBpackage-lock.json\fR if set to \fBfalse\fR.421.SS "\fBsave-exact\fR"422.RS 0423.IP \(bu 4424Default: false425.IP \(bu 4426Type: Boolean427.RE 0428 429.P430Dependencies saved to package.json will be configured with an exact version rather than using npm's default semver range operator.431.SS "\fBglobal\fR"432.RS 0433.IP \(bu 4434Default: false435.IP \(bu 4436Type: Boolean437.RE 0438 439.P440Operates in "global" mode, so that packages are installed into the \fBprefix\fR folder instead of the current working directory. See npm help folders for more on the differences in behavior.441.RS 0442.IP \(bu 4443packages are installed into the \fB{prefix}/lib/node_modules\fR folder, instead of the current working directory.444.IP \(bu 4445bin files are linked to \fB{prefix}/bin\fR446.IP \(bu 4447man pages are linked to \fB{prefix}/share/man\fR448.RE 0449 450.SS "\fBinstall-strategy\fR"451.RS 0452.IP \(bu 4453Default: "hoisted"454.IP \(bu 4455Type: "hoisted", "nested", "shallow", or "linked"456.RE 0457 458.P459Sets the strategy for installing packages in node_modules. hoisted (default): Install non-duplicated in top-level, and duplicated as necessary within directory structure. nested: (formerly --legacy-bundling) install in place, no hoisting. shallow (formerly --global-style) only install direct deps at top-level. linked: (experimental) install in node_modules/.store, link in place, unhoisted.460.SS "\fBlegacy-bundling\fR"461.RS 0462.IP \(bu 4463Default: false464.IP \(bu 4465Type: Boolean466.IP \(bu 4467DEPRECATED: This option has been deprecated in favor of \fB--install-strategy=nested\fR468.RE 0469 470.P471Instead of hoisting package installs in \fBnode_modules\fR, install packages in the same manner that they are depended on. This may cause very deep directory structures and duplicate package installs as there is no de-duplicating. Sets \fB--install-strategy=nested\fR.472.SS "\fBglobal-style\fR"473.RS 0474.IP \(bu 4475Default: false476.IP \(bu 4477Type: Boolean478.IP \(bu 4479DEPRECATED: This option has been deprecated in favor of \fB--install-strategy=shallow\fR480.RE 0481 482.P483Only install direct dependencies in the top level \fBnode_modules\fR, but hoist on deeper dependencies. Sets \fB--install-strategy=shallow\fR.484.SS "\fBomit\fR"485.RS 0486.IP \(bu 4487Default: 'dev' if the \fBNODE_ENV\fR environment variable is set to 'production'; otherwise, empty.488.IP \(bu 4489Type: "dev", "optional", or "peer" (can be set multiple times)490.RE 0491 492.P493Dependency types to omit from the installation tree on disk.494.P495Note that these dependencies \fIare\fR still resolved and added to the \fBpackage-lock.json\fR or \fBnpm-shrinkwrap.json\fR file. They are just not physically installed on disk.496.P497If a package type appears in both the \fB--include\fR and \fB--omit\fR lists, then it will be included.498.P499If the resulting omit list includes \fB'dev'\fR, then the \fBNODE_ENV\fR environment variable will be set to \fB'production'\fR for all lifecycle scripts.500.SS "\fBinclude\fR"501.RS 0502.IP \(bu 4503Default:504.IP \(bu 4505Type: "prod", "dev", "optional", or "peer" (can be set multiple times)506.RE 0507 508.P509Option that allows for defining which types of dependencies to install.510.P511This is the inverse of \fB--omit=<type>\fR.512.P513Dependency types specified in \fB--include\fR will not be omitted, regardless of the order in which omit/include are specified on the command-line.514.SS "\fBstrict-peer-deps\fR"515.RS 0516.IP \(bu 4517Default: false518.IP \(bu 4519Type: Boolean520.RE 0521 522.P523If set to \fBtrue\fR, and \fB--legacy-peer-deps\fR is not set, then \fIany\fR conflicting \fBpeerDependencies\fR will be treated as an install failure, even if npm could reasonably guess the appropriate resolution based on non-peer dependency relationships.524.P525By default, conflicting \fBpeerDependencies\fR deep in the dependency graph will be resolved using the nearest non-peer dependency specification, even if doing so will result in some packages receiving a peer dependency outside the range set in their package's \fBpeerDependencies\fR object.526.P527When such an override is performed, a warning is printed, explaining the conflict and the packages involved. If \fB--strict-peer-deps\fR is set, then this warning is treated as a failure.528.SS "\fBprefer-dedupe\fR"529.RS 0530.IP \(bu 4531Default: false532.IP \(bu 4533Type: Boolean534.RE 0535 536.P537Prefer to deduplicate packages if possible, rather than choosing a newer version of a dependency.538.SS "\fBpackage-lock\fR"539.RS 0540.IP \(bu 4541Default: true542.IP \(bu 4543Type: Boolean544.RE 0545 546.P547If set to false, then ignore \fBpackage-lock.json\fR files when installing. This will also prevent \fIwriting\fR \fBpackage-lock.json\fR if \fBsave\fR is true.548.SS "\fBpackage-lock-only\fR"549.RS 0550.IP \(bu 4551Default: false552.IP \(bu 4553Type: Boolean554.RE 0555 556.P557If set to true, the current operation will only use the \fBpackage-lock.json\fR, ignoring \fBnode_modules\fR.558.P559For \fBupdate\fR this means only the \fBpackage-lock.json\fR will be updated, instead of checking \fBnode_modules\fR and downloading dependencies.560.P561For \fBlist\fR this means the output will be based on the tree described by the \fBpackage-lock.json\fR, rather than the contents of \fBnode_modules\fR.562.SS "\fBforeground-scripts\fR"563.RS 0564.IP \(bu 4565Default: \fBfalse\fR unless when using \fBnpm pack\fR or \fBnpm publish\fR where it defaults to \fBtrue\fR566.IP \(bu 4567Type: Boolean568.RE 0569 570.P571Run all build scripts (ie, \fBpreinstall\fR, \fBinstall\fR, and \fBpostinstall\fR) scripts for installed packages in the foreground process, sharing standard input, output, and error with the main npm process.572.P573Note that this will generally make installs run slower, and be much noisier, but can be useful for debugging.574.SS "\fBignore-scripts\fR"575.RS 0576.IP \(bu 4577Default: false578.IP \(bu 4579Type: Boolean580.RE 0581 582.P583If true, npm does not run scripts specified in package.json files.584.P585Note that commands explicitly intended to run a particular script, such as \fBnpm start\fR, \fBnpm stop\fR, \fBnpm restart\fR, \fBnpm test\fR, and \fBnpm run\fR will still run their intended script if \fBignore-scripts\fR is set, but they will \fInot\fR run any pre- or post-scripts.586.SS "\fBallow-git\fR"587.RS 0588.IP \(bu 4589Default: "all"590.IP \(bu 4591Type: "all", "none", or "root"592.RE 0593 594.P595Limits the ability for npm to fetch dependencies from git references. That is, dependencies that point to a git repo instead of a version or semver range. Please note that this could leave your tree incomplete and some packages may not function as intended or designed.596.P597\fBall\fR allows any git dependencies to be fetched and installed. \fBnone\fR prevents any git dependencies from being fetched and installed. \fBroot\fR only allows git dependencies defined in your project's package.json to be fetched installed. Also allows git dependencies to be fetched for other commands like \fBnpm view\fR598.SS "\fBaudit\fR"599.RS 0600.IP \(bu 4601Default: true602.IP \(bu 4603Type: Boolean604.RE 0605 606.P607When "true" submit audit reports alongside the current npm command to the default registry and all registries configured for scopes. See the documentation for npm help audit for details on what is submitted.608.SS "\fBbefore\fR"609.RS 0610.IP \(bu 4611Default: null612.IP \(bu 4613Type: null or Date614.RE 0615 616.P617If passed to \fBnpm install\fR, will rebuild the npm tree such that only versions that were available \fBon or before\fR the given date are installed. If there are no versions available for the current set of dependencies, the command will error.618.P619If the requested version is a \fBdist-tag\fR and the given tag does not pass the \fB--before\fR filter, the most recent version less than or equal to that tag will be used. For example, \fBfoo@latest\fR might install \fBfoo@1.2\fR even though \fBlatest\fR is \fB2.0\fR.620.P621This config cannot be used with: \fBmin-release-age\fR622.SS "\fBmin-release-age\fR"623.RS 0624.IP \(bu 4625Default: null626.IP \(bu 4627Type: null or Number628.RE 0629 630.P631If set, npm will build the npm tree such that only versions that were available more than the given number of days ago will be installed. If there are no versions available for the current set of dependencies, the command will error.632.P633This flag is a complement to \fBbefore\fR, which accepts an exact date instead of a relative number of days.634.P635This config cannot be used with: \fBbefore\fR636.SS "\fBbin-links\fR"637.RS 0638.IP \(bu 4639Default: true640.IP \(bu 4641Type: Boolean642.RE 0643 644.P645Tells npm to create symlinks (or \fB.cmd\fR shims on Windows) for package executables.646.P647Set to false to have it not do this. This can be used to work around the fact that some file systems don't support symlinks, even on ostensibly Unix systems.648.SS "\fBfund\fR"649.RS 0650.IP \(bu 4651Default: true652.IP \(bu 4653Type: Boolean654.RE 0655 656.P657When "true" displays the message at the end of each \fBnpm install\fR acknowledging the number of dependencies looking for funding. See npm help fund for details.658.SS "\fBdry-run\fR"659.RS 0660.IP \(bu 4661Default: false662.IP \(bu 4663Type: Boolean664.RE 0665 666.P667Indicates that you don't want npm to make any changes and that it should only report what it would have done. This can be passed into any of the commands that modify your local installation, eg, \fBinstall\fR, \fBupdate\fR, \fBdedupe\fR, \fBuninstall\fR, as well as \fBpack\fR and \fBpublish\fR.668.P669Note: This is NOT honored by other network related commands, eg \fBdist-tags\fR, \fBowner\fR, etc.670.SS "\fBcpu\fR"671.RS 0672.IP \(bu 4673Default: null674.IP \(bu 4675Type: null or String676.RE 0677 678.P679Override CPU architecture of native modules to install. Acceptable values are same as \fBcpu\fR field of package.json, which comes from \fBprocess.arch\fR.680.SS "\fBos\fR"681.RS 0682.IP \(bu 4683Default: null684.IP \(bu 4685Type: null or String686.RE 0687 688.P689Override OS of native modules to install. Acceptable values are same as \fBos\fR field of package.json, which comes from \fBprocess.platform\fR.690.SS "\fBlibc\fR"691.RS 0692.IP \(bu 4693Default: null694.IP \(bu 4695Type: null or String696.RE 0697 698.P699Override libc of native modules to install. Acceptable values are same as \fBlibc\fR field of package.json700.SS "\fBworkspace\fR"701.RS 0702.IP \(bu 4703Default:704.IP \(bu 4705Type: String (can be set multiple times)706.RE 0707 708.P709Enable running a command in the context of the configured workspaces of the current project while filtering by running only the workspaces defined by this configuration option.710.P711Valid values for the \fBworkspace\fR config are either:712.RS 0713.IP \(bu 4714Workspace names715.IP \(bu 4716Path to a workspace directory717.IP \(bu 4718Path to a parent workspace directory (will result in selecting all workspaces within that folder)719.RE 0720 721.P722When set for the \fBnpm init\fR command, this may be set to the folder of a workspace which does not yet exist, to create the folder and set it up as a brand new workspace within the project.723.P724This value is not exported to the environment for child processes.725.SS "\fBworkspaces\fR"726.RS 0727.IP \(bu 4728Default: null729.IP \(bu 4730Type: null or Boolean731.RE 0732 733.P734Set to true to run the command in the context of \fBall\fR configured workspaces.735.P736Explicitly setting this to false will cause commands like \fBinstall\fR to ignore workspaces altogether. When not set explicitly:737.RS 0738.IP \(bu 4739Commands that operate on the \fBnode_modules\fR tree (install, update, etc.) will link workspaces into the \fBnode_modules\fR folder. - Commands that do other things (test, exec, publish, etc.) will operate on the root project, \fIunless\fR one or more workspaces are specified in the \fBworkspace\fR config.740.RE 0741 742.P743This value is not exported to the environment for child processes.744.SS "\fBinclude-workspace-root\fR"745.RS 0746.IP \(bu 4747Default: false748.IP \(bu 4749Type: Boolean750.RE 0751 752.P753Include the workspace root when workspaces are enabled for a command.754.P755When false, specifying individual workspaces via the \fBworkspace\fR config, or all workspaces via the \fBworkspaces\fR flag, will cause npm to operate only on the specified workspaces, and not on the root project.756.P757This value is not exported to the environment for child processes.758.SS "\fBinstall-links\fR"759.RS 0760.IP \(bu 4761Default: false762.IP \(bu 4763Type: Boolean764.RE 0765 766.P767When set file: protocol dependencies will be packed and installed as regular dependencies instead of creating a symlink. This option has no effect on workspaces.768.SS "Algorithm"769.P770Given a \fBpackage{dep}\fR structure: \fBA{B,C}, B{C}, C{D}\fR, the npm install algorithm produces:771.P772.RS 2773.nf774A775+-- B776+-- C777+-- D778.fi779.RE780.P781That is, the dependency from B to C is satisfied by the fact that A already caused C to be installed at a higher level. D is still installed at the top level because nothing conflicts with it.782.P783For \fBA{B,C}, B{C,D@1}, C{D@2}\fR, this algorithm produces:784.P785.RS 2786.nf787A788+-- B789+-- C790   `-- D@2791+-- D@1792.fi793.RE794.P795Because B's D@1 will be installed in the top-level, C now has to install D@2 privately for itself. This algorithm is deterministic, but different trees may be produced if two dependencies are requested for installation in a different order.796.P797See npm help folders for a more detailed description of the specific folder structures that npm creates.798.SS "See Also"799.RS 0800.IP \(bu 4801npm help folders802.IP \(bu 4803npm help update804.IP \(bu 4805npm help audit806.IP \(bu 4807npm help fund808.IP \(bu 4809npm help link810.IP \(bu 4811npm help rebuild812.IP \(bu 4813npm help scripts814.IP \(bu 4815npm help config816.IP \(bu 4817npm help npmrc818.IP \(bu 4819npm help registry820.IP \(bu 4821npm help dist-tag822.IP \(bu 4823npm help uninstall824.IP \(bu 4825npm help shrinkwrap826.IP \(bu 4827\fBpackage.json\fR \fI\(la/configuring-npm/package-json\(ra\fR828.IP \(bu 4829npm help workspaces830.RE 0831