npm

v6.14.9

a package manager for JavaScript

Artistic-2.0
Latest version published 5 days ago
    npm install npm
  

Package Health Score

84 / 100
  • Popularity
    Key ecosystem project
  • Maintenance
    Healthy
  • Security
    Security review needed
  • Community
    Sustainable

Popularity

Key ecosystem project
Weekly Downloads (2,467,581)
Dependents
7.6K
GitHub Stars
3.81K
Forks
1.02K
Contributors
430

The npm package npm receives a total of 2,467,581 downloads a week. As such, we scored npm popularity level to be Key ecosystem project.

Based on project statistics from the GitHub repository for the npm package npm, we found that it has been starred 3,811 times, and that 7,596 other projects on the ecosystem are dependent on it.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Security

Security review needed

Security and license risk for significant versions

All Versions

Direct Vulnerabilities

4.5.0
4.6.1
5.10.0
6.13.7
6.14.9
  • 0
    H
  • 0
    M
  • 0
    L
  • 0
    H
  • 0
    M
  • 0
    L
  • 0
    H
  • 0
    M
  • 0
    L
  • 0
    H
  • 0
    M
  • 0
    L
  • 0
    H
  • 0
    M
  • 0
    L

Indirect Vulnerabilities

4.5.0
4.6.1
5.10.0
6.13.7
6.14.9
  • 0
    H
  • 0
    M
  • 0
    L
  • 0
    H
  • 0
    M
  • 0
    L
  • 0
    H
  • 0
    M
  • 0
    L
  • 0
    H
  • 0
    M
  • 0
    L

License Risks

4.5.0
4.6.1
5.10.0
6.13.7
6.14.9
All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security Policy
No

Snyk detected that the latest version of npm has a security vulnerability.

We highly advise you to review these security issues.

You can connect your project's repository to Snyk to stay up to date on security alerts and receive automatic fix pull requests.

We found a way for you to contribute to the project! Looks like npm is missing a security policy.

    # Install the Snyk CLI and test your project
npm i snyk && snyk test npm
Fix it in your project with Snyk!

Maintenance

Healthy
Commit Frequency
Open Issues
877
Merged PR
145
Open PR
18
Last Commit
2 days ago

Further analysis of the maintenance status of npm based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Healthy.

We found that npm demonstrates a positive version release cadence with at least one new version released in the past 3 months.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Community

Sustainable
Readme.md
No
Contributing.md
No
Code of Conduct
No
Contributors
430
Funding
No
License
Artistic-2.0

A good and healthy external contribution signal for npm project, which invites more than one hundred open source maintainers to collaborate on the repository.

We found a way for you to contribute to the project! Looks like npm is missing a Code of Conduct.

We noticed that this project uses a license which requires less permissive conditions such as disclosing the source code, stating changes or redistributing the source under the same license. It is advised to further consult the license terms before use.


Embed Package Health Score Badge

package health: 84/100 package health 84/100

Package

Node.js Compatibility
6

Age
7 years
Dependencies
123 Direct / 427 Total
Versions
5
Install Size
23 MB
Dist-tags
15
# of Files
4.2K
Maintainers
4
TS Typings
Yes

We detected a total of 427 direct & transitive dependencies for npm. See the full dependency tree of npm

npm has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.