npm Registry
By npm, Inc. (a GitHub subsidiary)
js packages that the npm command-line tool downloads from when installing project dependencies.
Definition
The npm Registry is the default public database of JavaScript and Node.js packages that the npm command-line tool downloads from when installing project dependencies.
Overview
The npm Registry hosts hundreds of thousands of publicly available JavaScript packages — libraries, frameworks, and command-line tools — that developers install with `npm install <package>`. When a project declares a dependency in its `package.json`, the package manager resolves the required version and downloads the corresponding package tarball from the registry, following semantic versioning rules to determine compatible updates. Beyond the public registry, organizations can host private or scoped packages, either through npm's own private package features or by proxying the public registry through a repository manager such as Nexus Repository or JFrog Artifactory, which also enables local caching and security scanning. Because so much of the modern web relies on it, the npm Registry is frequently discussed alongside supply-chain security concerns, since a compromised or malicious package can be pulled into thousands of downstream projects.
Key Features
- Public hosting for hundreds of thousands of open-source JavaScript packages
- Semantic versioning support for dependency resolution
- Scoped packages (@org/package) for namespacing and private publishing
- Package metadata including README, license, and dependency graph
- Download statistics and vulnerability advisories per package
- Integration with the npm, Yarn, and pnpm command-line tools