1--- 2section: cli-commands 3title: npm-install 4description: Install a package 5--- 6 7# npm-install(1) 8 9## Install a package 10 11### Synopsis 12 13```bash 14npm install (with no args, in package dir) 15npm install [<@scope>/]<name> 16npm install [<@scope>/]<name>@<tag> 17npm install [<@scope>/]<name>@<version> 18npm install [<@scope>/]<name>@<version range> 19npm install <alias>@npm:<name> 20npm install <git-host>:<git-user>/<repo-name> 21npm install <git repo url> 22npm install <tarball file> 23npm install <tarball url> 24npm install <folder> 25 26aliases: npm i, npm add 27common options: [-P|--save-prod|-D|--save-dev|-O|--save-optional] [-E|--save-exact] [-B|--save-bundle] [--no-save] [--dry-run] 28``` 29 30### Description 31 32This command installs a package, and any packages that it depends on. If the 33package has a package-lock or shrinkwrap file, the installation of dependencies 34will be driven by that, with an `npm-shrinkwrap.json` taking precedence if both 35files exist. See [package-lock.json](/configuring-npm/package-lock-json) and [`npm shrinkwrap`](/cli-commands/npm-shrinkwrap). 36 37A `package` is: 38 39* a) a folder containing a program described by a [`package.json`](/configuring-npm/package-json) file 40* b) a gzipped tarball containing (a) 41* c) a url that resolves to (b) 42* d) a `<name>@<version>` that is published on the registry (see [`registry`](/using-npm/registry)) with (c) 43* e) a `<name>@<tag>` (see [`npm dist-tag`](/cli-commands/npm-dist-tag)) that points to (d) 44* f) a `<name>` that has a "latest" tag satisfying (e) 45* g) a `<git remote url>` that resolves to (a) 46 47Even if you never publish your package, you can still get a lot of 48benefits of using npm if you just want to write a node program (a), and 49perhaps if you also want to be able to easily install it elsewhere 50after packing it up into a tarball (b). 51 52 53* `npm install` (in package directory, no arguments): 54 55 Install the dependencies in the local node_modules folder. 56 57 In global mode (ie, with `-g` or `--global` appended to the command), 58 it installs the current package context (ie, the current working 59 directory) as a global package. 60 61 By default, `npm install` will install all modules listed as dependencies 62 in [`package.json`](/configuring-npm/package-json). 63 64 With the `--production` flag (or when the `NODE_ENV` environment variable 65 is set to `production`), npm will not install modules listed in 66 `devDependencies`. To install all modules listed in both `dependencies` 67 and `devDependencies` when `NODE_ENV` environment variable is set to `production`, 68 you can use `--production=false`. 69 70 > NOTE: The `--production` flag has no particular meaning when adding a 71 dependency to a project. 72 73* `npm install <folder>`: 74 75 Install the package in the directory as a symlink in the current project. 76 Its dependencies will be installed before it's linked. If `<folder>` sits 77 inside the root of your project, its dependencies may be hoisted to the 78 toplevel `node_modules` as they would for other types of dependencies. 79 80* `npm install <tarball file>`: 81 82 Install a package that is sitting on the filesystem. Note: if you just want 83 to link a dev directory into your npm root, you can do this more easily by 84 using `npm link`. 85 86 Tarball requirements: 87 * The filename *must* use `.tar`, `.tar.gz`, or `.tgz` as 88 the extension. 89 * The package contents should reside in a subfolder inside the tarball (usually it is called `package/`). npm strips one directory layer when installing the package (an equivalent of `tar x --strip-components=1` is run). 90 * The package must contain a `package.json` file with `name` and `version` properties. 91 92 Example: 93 94 npm install ./package.tgz 95 96* `npm install <tarball url>`: 97 98 Fetch the tarball url, and then install it. In order to distinguish between 99 this and other options, the argument must start with "http://" or "https://" 100 101 Example: 102 103 npm install https://github.com/indexzero/forever/tarball/v0.5.6 104 105* `npm install [<@scope>/]<name>`: 106 107 Do a `<name>@<tag>` install, where `<tag>` is the "tag" config. (See 108 [`config`](/using-npm/config). The config's default value is `latest`.) 109 110 In most cases, this will install the version of the modules tagged as 111 `latest` on the npm registry. 112 113 Example: 114 115 npm install sax 116 117* `npm install <alias>@npm:<name>`: 118 119 Install a package under a custom alias. Allows multiple versions of 120 a same-name package side-by-side, more convenient import names for 121 packages with otherwise long ones and using git forks replacements 122 or forked npm packages as replacements. Aliasing works only on your 123 project and does not rename packages in transitive dependencies. 124 Aliases should follow the naming conventions stated in 125 [`validate-npm-package-name`](https://www.npmjs.com/package/validate-npm-package-name#naming-rules). 126 127 Examples: 128 129 npm install my-react@npm:react 130 npm install jquery2@npm:jquery@2 131 npm install jquery3@npm:jquery@3 132 npm install npa@npm:npm-package-arg 133 134 135 `npm install` saves any specified packages into `dependencies` by default. 136 Additionally, you can control where and how they get saved with some 137 additional flags: 138 139 * `-P, --save-prod`: Package will appear in your `dependencies`. This is the 140 default unless `-D` or `-O` are present. 141 142 * `-D, --save-dev`: Package will appear in your `devDependencies`. 143 144 * `-O, --save-optional`: Package will appear in your `optionalDependencies`. 145 146 * `--no-save`: Prevents saving to `dependencies`. 147 148 When using any of the above options to save dependencies to your 149 package.json, there are two additional, optional flags: 150 151 * `-E, --save-exact`: Saved dependencies will be configured with an 152 exact version rather than using npm's default semver range 153 operator. 154 155 * `-B, --save-bundle`: Saved dependencies will also be added to your `bundleDependencies` list. 156 157 Further, if you have an `npm-shrinkwrap.json` or `package-lock.json` then it 158 will be updated as well. 159 160 `<scope>` is optional. The package will be downloaded from the registry 161 associated with the specified scope. If no registry is associated with 162 the given scope the default registry is assumed. See [`scope`](/using-npm/scope). 163 164 Note: if you do not include the @-symbol on your scope name, npm will 165 interpret this as a GitHub repository instead, see below. Scopes names 166 must also be followed by a slash. 167 168 Examples: 169 170 ```bash 171 npm install sax 172 npm install githubname/reponame 173 npm install @myorg/privatepackage 174 npm install node-tap --save-dev 175 npm install dtrace-provider --save-optional 176 npm install readable-stream --save-exact 177 npm install ansi-regex --save-bundle 178 ``` 179 180 **Note**: If there is a file or folder named `<name>` in the current 181 working directory, then it will try to install that, and only try to 182 fetch the package by name if it is not valid. 183 184* `npm install [<@scope>/]<name>@<tag>`: 185 186 Install the version of the package that is referenced by the specified tag. 187 If the tag does not exist in the registry data for that package, then this 188 will fail. 189 190 Example: 191 192 ```bash 193 npm install sax@latest 194 npm install @myorg/mypackage@latest 195 ``` 196 197* `npm install [<@scope>/]<name>@<version>`: 198 199 Install the specified version of the package. This will fail if the 200 version has not been published to the registry. 201 202 Example: 203 204 ```bash 205 npm install sax@0.1.1 206 npm install @myorg/privatepackage@1.5.0 207 ``` 208 209* `npm install [<@scope>/]<name>@<version range>`: 210 211 Install a version of the package matching the specified version range. This 212 will follow the same rules for resolving dependencies described in [`package.json`](/configuring-npm/package-json). 213 214 Note that most version ranges must be put in quotes so that your shell will 215 treat it as a single argument. 216 217 Example: 218 ```bash 219 npm install sax@">=0.1.0 <0.2.0" 220 npm install @myorg/privatepackage@">=0.1.0 <0.2.0" 221 ``` 222 223* `npm install <git remote url>`: 224 225 Installs the package from the hosted git provider, cloning it with `git`. 226 For a full git remote url, only that URL will be attempted. 227 228 ```bash 229 <protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>[#<commit-ish> | #semver:<semver>] 230 ``` 231 232 `<protocol>` is one of `git`, `git+ssh`, `git+http`, `git+https`, or 233 `git+file`. 234 235 If `#<commit-ish>` is provided, it will be used to clone exactly that 236 commit. If the commit-ish has the format `#semver:<semver>`, `<semver>` can 237 be any valid semver range or exact version, and npm will look for any tags 238 or refs matching that range in the remote repository, much as it would for a 239 registry dependency. If neither `#<commit-ish>` or `#semver:<semver>` is 240 specified, then the default branch of the repository is used. 241 242 If the repository makes use of submodules, those submodules will be cloned 243 as well. 244 245 If the package being installed contains a `prepare` script, its 246 `dependencies` and `devDependencies` will be installed, and the prepare 247 script will be run, before the package is packaged and installed. 248 249 The following git environment variables are recognized by npm and will be 250 added to the environment when running git: 251 252 * `GIT_ASKPASS` 253 * `GIT_EXEC_PATH` 254 * `GIT_PROXY_COMMAND` 255 * `GIT_SSH` 256 * `GIT_SSH_COMMAND` 257 * `GIT_SSL_CAINFO` 258 * `GIT_SSL_NO_VERIFY` 259 260 See the git man page for details. 261 262 Examples: 263 264 ```bash 265 npm install git+ssh://git@github.com:npm/cli.git#v1.0.27 266 npm install git+ssh://git@github.com:npm/cli#semver:^5.0 267 npm install git+https://isaacs@github.com/npm/cli.git 268 npm install git://github.com/npm/cli.git#v1.0.27 269 GIT_SSH_COMMAND='ssh -i ~/.ssh/custom_ident' npm install git+ssh://git@github.com:npm/cli.git 270 ``` 271 272* `npm install <githubname>/<githubrepo>[#<commit-ish>]`: 273* `npm install github:<githubname>/<githubrepo>[#<commit-ish>]`: 274 275 Install the package at `https://github.com/githubname/githubrepo` by 276 attempting to clone it using `git`. 277 278 If `#<commit-ish>` is provided, it will be used to clone exactly that 279 commit. If the commit-ish has the format `#semver:<semver>`, `<semver>` can 280 be any valid semver range or exact version, and npm will look for any tags 281 or refs matching that range in the remote repository, much as it would for a 282 registry dependency. If neither `#<commit-ish>` or `#semver:<semver>` is 283 specified, then `master` is used. 284 285 As with regular git dependencies, `dependencies` and `devDependencies` will 286 be installed if the package has a `prepare` script, before the package is 287 done installing. 288 289 Examples: 290 291 ```bash 292 npm install mygithubuser/myproject 293 npm install github:mygithubuser/myproject 294 ``` 295 296* `npm install gist:[<githubname>/]<gistID>[#<commit-ish>|#semver:<semver>]`: 297 298 Install the package at `https://gist.github.com/gistID` by attempting to 299 clone it using `git`. The GitHub username associated with the gist is 300 optional and will not be saved in `package.json`. 301 302 As with regular git dependencies, `dependencies` and `devDependencies` will 303 be installed if the package has a `prepare` script, before the package is 304 done installing. 305 306 Example: 307 308 ```bash 309 npm install gist:101a11beef 310 ``` 311 312* `npm install bitbucket:<bitbucketname>/<bitbucketrepo>[#<commit-ish>]`: 313 314 Install the package at `https://bitbucket.org/bitbucketname/bitbucketrepo` 315 by attempting to clone it using `git`. 316 317 If `#<commit-ish>` is provided, it will be used to clone exactly that 318 commit. If the commit-ish has the format `#semver:<semver>`, `<semver>` can 319 be any valid semver range or exact version, and npm will look for any tags 320 or refs matching that range in the remote repository, much as it would for a 321 registry dependency. If neither `#<commit-ish>` or `#semver:<semver>` is 322 specified, then `master` is used. 323 324 As with regular git dependencies, `dependencies` and `devDependencies` will 325 be installed if the package has a `prepare` script, before the package is 326 done installing. 327 328 Example: 329 330 ```bash 331 npm install bitbucket:mybitbucketuser/myproject 332 ``` 333 334* `npm install gitlab:<gitlabname>/<gitlabrepo>[#<commit-ish>]`: 335 336 Install the package at `https://gitlab.com/gitlabname/gitlabrepo` 337 by attempting to clone it using `git`. 338 339 If `#<commit-ish>` is provided, it will be used to clone exactly that 340 commit. If the commit-ish has the format `#semver:<semver>`, `<semver>` can 341 be any valid semver range or exact version, and npm will look for any tags 342 or refs matching that range in the remote repository, much as it would for a 343 registry dependency. If neither `#<commit-ish>` or `#semver:<semver>` is 344 specified, then `master` is used. 345 346 As with regular git dependencies, `dependencies` and `devDependencies` will 347 be installed if the package has a `prepare` script, before the package is 348 done installing. 349 350 Example: 351 352 ```bash 353 npm install gitlab:mygitlabuser/myproject 354 npm install gitlab:myusr/myproj#semver:^5.0 355 ``` 356 357You may combine multiple arguments, and even multiple types of arguments. 358For example: 359 360```bash 361npm install sax@">=0.1.0 <0.2.0" bench supervisor 362``` 363 364The `--tag` argument will apply to all of the specified install targets. If a 365tag with the given name exists, the tagged version is preferred over newer 366versions. 367 368The `--dry-run` argument will report in the usual way what the install would 369have done without actually installing anything. 370 371The `--package-lock-only` argument will only update the `package-lock.json`, 372instead of checking `node_modules` and downloading dependencies. 373 374The `-f` or `--force` argument will force npm to fetch remote resources even if a 375local copy exists on disk. 376 377```bash 378npm install sax --force 379``` 380 381The `--no-fund` argument will hide the message displayed at the end of each 382install that acknowledges the number of dependencies looking for funding. 383See `npm-fund(1)` 384 385The `-g` or `--global` argument will cause npm to install the package globally 386rather than locally. See [folders](/configuring-npm/folders). 387 388The `--global-style` argument will cause npm to install the package into 389your local `node_modules` folder with the same layout it uses with the 390global `node_modules` folder. Only your direct dependencies will show in 391`node_modules` and everything they depend on will be flattened in their 392`node_modules` folders. This obviously will eliminate some deduping. 393 394The `--ignore-scripts` argument will cause npm to not execute any 395scripts defined in the package.json. See [`scripts`](/using-npm/scripts). 396 397The `--legacy-bundling` argument will cause npm to install the package such 398that versions of npm prior to 1.4, such as the one included with node 0.8, 399can install the package. This eliminates all automatic deduping. 400 401The `--link` argument will cause npm to link global installs into the 402local space in some cases. 403 404The `--no-bin-links` argument will prevent npm from creating symlinks for 405any binaries the package might contain. 406 407The `--no-optional` argument will prevent optional dependencies from 408being installed. 409 410The `--no-shrinkwrap` argument, which will ignore an available 411package lock or shrinkwrap file and use the package.json instead. 412 413The `--no-package-lock` argument will prevent npm from creating a 414`package-lock.json` file. When running with package-lock's disabled npm 415will not automatically prune your node modules when installing. 416 417The `--nodedir=/path/to/node/source` argument will allow npm to find the 418node source code so that npm can compile native modules. 419 420The `--only={prod[uction]|dev[elopment]}` argument will cause either only 421`devDependencies` or only non-`devDependencies` to be installed regardless of the `NODE_ENV`. 422 423The `--no-audit` argument can be used to disable sending of audit reports to 424the configured registries. See [`npm-audit`](npm-audit) for details on what is sent. 425 426See [`config`](/using-npm/config). Many of the configuration params have some 427effect on installation, since that's most of what npm does. 428 429#### Algorithm 430 431To install a package, npm uses the following algorithm: 432```bash 433load the existing node_modules tree from disk 434clone the tree 435fetch the package.json and assorted metadata and add it to the clone 436walk the clone and add any missing dependencies 437 dependencies will be added as close to the top as is possible 438 without breaking any other modules 439compare the original tree with the cloned tree and make a list of 440actions to take to convert one to the other 441execute all of the actions, deepest first 442 kinds of actions are install, update, remove and move 443``` 444 445For this `package{dep}` structure: `A{B,C}, B{C}, C{D}`, 446this algorithm produces: 447 448```bash 449A 450+-- B 451+-- C 452+-- D 453``` 454 455That is, the dependency from B to C is satisfied by the fact that A 456already caused C to be installed at a higher level. D is still installed 457at the top level because nothing conflicts with it. 458 459For `A{B,C}, B{C,D@1}, C{D@2}`, this algorithm produces: 460 461```bash 462A 463+-- B 464+-- C 465 `-- D@2 466+-- D@1 467``` 468 469Because B's D@1 will be installed in the top level, C now has to install D@2 470privately for itself. This algorithm is deterministic, but different trees may 471be produced if two dependencies are requested for installation in a different 472order. 473 474See [folders](/configuring-npm/folders) for a more detailed description of the specific folder structures that npm creates. 475 476### Limitations of npm's Install Algorithm 477 478npm will refuse to install any package with an identical name to the 479current package. This can be overridden with the `--force` flag, but in 480most cases can simply be addressed by changing the local package name. 481 482There are some very rare and pathological edge-cases where a cycle can 483cause npm to try to install a never-ending tree of packages. Here is 484the simplest case: 485 486```bash 487A -> B -> A' -> B' -> A -> B -> A' -> B' -> A -> ... 488``` 489 490where `A` is some version of a package, and `A'` is a different version 491of the same package. Because `B` depends on a different version of `A` 492than the one that is already in the tree, it must install a separate 493copy. The same is true of `A'`, which must install `B'`. Because `B'` 494depends on the original version of `A`, which has been overridden, the 495cycle falls into infinite regress. 496 497To avoid this situation, npm flat-out refuses to install any 498`name@version` that is already present anywhere in the tree of package 499folder ancestors. A more correct, but more complex, solution would be 500to symlink the existing version into the new location. If this ever 501affects a real use-case, it will be investigated. 502 503### See Also 504 505* [npm folders](/configuring-npm/folders) 506* [npm update](/cli-commands/npm-update) 507* [npm audit](/cli-commands/npm-audit) 508* [npm fund](/cli-commands/npm-fund) 509* [npm link](/cli-commands/npm-link) 510* [npm rebuild](/cli-commands/npm-rebuild) 511* [npm scripts](/using-npm/scripts) 512* [npm build](/cli-commands/npm-build) 513* [npm config](/cli-commands/npm-config) 514* [npmrc](/configuring-npm/npmrc) 515* [npm registry](/using-npm/registry) 516* [npm dist-tag](/cli-commands/npm-dist-tag) 517* [npm uninstall](/cli-commands/npm-uninstall) 518* [npm shrinkwrap](/cli-commands/npm-shrinkwrap) 519* [package.json](/configuring-npm/package-json) 520