153

How can I download the source code of a package from npm without actually installing it (i.e. without using npm install thepackage)?

jpmc26
  • 28,463
  • 14
  • 94
  • 146
AURIGADL
  • 1,832
  • 2
  • 13
  • 15

9 Answers9

124

You can use npm view [package name] dist.tarball which will return the URL of the compressed package file.

Here's an example using wget to download the tarball:

wget $(npm view lodash dist.tarball)
aleclarson
  • 18,087
  • 14
  • 64
  • 91
Gustavo Rodrigues
  • 3,517
  • 1
  • 25
  • 21
106

A simpler way to do this is npm pack <package_name>. This will retrieve the tarball from the registry, place it in your npm cache, and put a copy in the current working directory. See https://docs.npmjs.com/cli/pack

grahamaj
  • 1,334
  • 1
  • 10
  • 7
  • 1
    Perfect. Also: `npm pack --dry-run ` will produce the same exact output, without placing the `tgz` file in the current directory. – friederbluemle Feb 16 '20 at 03:18
83

If you haven't installed npm, with the current public API, you can also access the information about a package in the npm registry from the URL https://registry.npmjs.org/<package-name>/.

Then you can navigate the JSON at versions > (version number) > dist > tarball to get the URL of the code archive and download it.

Matteo T.
  • 1,278
  • 11
  • 13
  • 1
    you can use `latest` as version number (e.g. `https://registry.npmjs.org/pm2-logrotate/latest`) then find `dist.tarball`. even use a one-liner on *nix systems: `curl -sS https://registry.npmjs.org/pm2-logrotate/latest | jq -r .dist.tarball` – kbridge4096 Jan 30 '23 at 15:07
39

npm pack XXX is the quickest to type and it'll download an archive.

Alternatively:

npm v XXX dist.tarball | xargs curl | tar -xz

this command will also:

  • Download the package with progress bar
  • Extracts into a folder called package
fregante
  • 29,050
  • 14
  • 119
  • 159
  • 1
    Additionally, if you want to keep the same filename as the registry you could skip the last pipe as in: `npm v XXX dist.tarball | xargs curl -O`. In this case, curl -O will keep the filename from the npm registry, and since the file is already a tar.gz there's no need to pipe it again through the tar command. – defvol May 12 '21 at 20:43
23

On linux I usually download the tarball of a package like this:

wget `npm v [package-name] dist.tarball`

Notice the backticks ``, on stackoverflow I cannot see them clearly.

"v" is just another alias for view:

https://docs.npmjs.com/cli/view

Marcs
  • 3,768
  • 5
  • 33
  • 42
6

You can also access the content of a npm package online:

fregante
  • 29,050
  • 14
  • 119
  • 159
JBress
  • 121
  • 1
  • 7
4

For simply viewing the overview of the contents of an npm package, without downloading anything locally, you can use:

npm pack --dry-run <package-name>

Demo:

$ npm pack --dry-run express
npm notice
npm notice   express@4.17.2
npm notice === Tarball Contents ===
npm notice 110.6kB History.md
npm notice 1.2kB   LICENSE
npm notice 4.8kB   Readme.md
npm notice 224B    index.js
npm notice 14.3kB  lib/application.js
npm notice 2.4kB   lib/express.js
npm notice 853B    lib/middleware/init.js
npm notice 885B    lib/middleware/query.js
npm notice 12.5kB  lib/request.js
npm notice 27.3kB  lib/response.js
npm notice 15.0kB  lib/router/index.js
npm notice 3.3kB   lib/router/layer.js
npm notice 4.1kB   lib/router/route.js
npm notice 5.9kB   lib/utils.js
npm notice 3.3kB   lib/view.js
npm notice 2.8kB   package.json
npm notice === Tarball Details ===
npm notice name:          express
npm notice version:       4.17.2
npm notice filename:      express-4.17.2.tgz
npm notice package size:  54.7 kB
npm notice unpacked size: 209.6 kB
npm notice shasum:        c18369f265297319beed4e5558753cc8c1364cb3
npm notice integrity:     sha512-oxlxJxcQlYwqP[...]66Ha8jCUo9QGg==
npm notice total files:   16
npm notice
express-4.17.2.tgz
ruohola
  • 21,987
  • 6
  • 62
  • 97
1

My team created OSS Gadget to make things like this easier, especially when working across different ecosystems. One of the tools in this suite is called oss-download:

oss-download pkg:npm/express         # Latest version
oss-download pkg:npm/express@4.17.1  # Specific version
oss-download pkg:npm/express@*       # All versions
oss-download -e pkg:npm/express      # Decompress contents recursively

If you're only interested in npm, then npm pack is your best option, but if you don't have npm installed or need to do similar things with PyPI, RubyGems, NuGet, etc., then OSS Gadget might be helpful.

Scovetta
  • 3,112
  • 1
  • 14
  • 13
0

Based on Gustavo Rodrigues's answer, fixes "package" directory in .tgz, adds latest minor version discovery.

#!/bin/bash

if [[ $# -eq 0 ]] ; then
    echo "Usage: $0 jquery bootstrap@3 tinymce@4.5"
    exit 64 ## EX_USAGE
fi

set -e ## So nothing gets deleted if download fails

for pkg_name in "$@"
do

    ## Get latest version, also works with plain name
    url=$( npm v $pkg_name dist.tarball | tail -n 1 | cut -d \' -f 2 )
    tmp_dir=$( mktemp -d -p . "${pkg_name}__XXXXXXXXX" )

    ## Unpacks to directory named after package@version
    curl $url | tar -xzf - --strip 1 --directory $tmp_dir
    rm -rf $pkg_name
    mv $tmp_dir $pkg_name
done
Sergey Nagaytsev
  • 69
  • 4