Package detail

libnpmfund

npm1.8mISC7.0.12

Programmatic API for npm fund

npm, npmcli, libnpm, cli, git, fund, gitfund

readme

libnpmfund

libnpmfund is a Node.js library for retrieving funding information for packages installed using arborist.

Example
Install
Contributing
API
LICENSE

Example

const { read } = require('libnpmfund')

const fundingInfo = await read()
console.log(
  JSON.stringify(fundingInfo, null, 2)
)
// => {
  length: 2,
  name: 'foo',
  version: '1.0.0',
  funding: { url: 'https://example.com' },
  dependencies: {
    bar: {
      version: '1.0.0',
      funding: { url: 'http://collective.example.com' }
    }
  }
}

Install

$ npm install libnpmfund

Contributing

The npm team enthusiastically welcomes contributions and project participation! There's a bunch of things you can do if you want to contribute! The Contributor Guide outlines the process for community interaction and contribution. Please don't hesitate to jump in if you'd like to, or even ask us questions if something isn't clear.

All participants and maintainers in this project are expected to follow the npm Code of Conduct, and just generally be excellent to each other.

Please refer to the Changelog for project history details, too.

Happy hacking!

API

`> fund.read([opts]) -> Promise<Object>`

Reads funding info from a npm install and returns a promise for a tree object that only contains packages in which funding info is defined.

Options:

countOnly: Uses the tree-traversal logic from npm fund but skips over any obj definition and just returns an obj containing { length } - useful for things such as printing a 6 packages are looking for funding msg.
workspaces: Array<String> List of workspaces names to filter for, the result will only include a subset of the resulting tree that includes only the nodes that are children of the listed workspaces names.
path, registry and more Arborist options.

`> fund.readTree(tree, [opts]) -> Promise<Object>`

Reads funding info from a given install tree and returns a tree object that only contains packages in which funding info is defined.

tree: An arborist tree to be used, e.g:

const Arborist = require('@npmcli/arborist')
const { readTree } = require('libnpmfund')

const arb = new Arborist({ path: process.cwd() })
const tree = await arb.loadActual()

return readTree(tree, { countOnly: false })

Options:

countOnly: Uses the tree-traversal logic from npm fund but skips over any obj definition and just returns an obj containing { length } - useful for things such as printing a 6 packages are looking for funding msg.

`> fund.normalizeFunding(funding) -> Object`

From a funding <object|string|array>, retrieves normalized funding objects containing a url property.

e.g:

normalizeFunding('http://example.com')
// => {
  url: 'http://example.com'
}

`> fund.isValidFunding(funding) -> Boolean`

Returns <true> if funding is a valid funding object, e.g:

isValidFunding({ foo: 'not a valid funding obj' })
// => false

isValidFunding('http://example.com')
// => true

LICENSE

ISC

changelog

Changelog

11.7.0 (2025-12-09)

Features

b380d15 #8697 add deduping to notices unless in verbose+ mode (@owlstronaut)
Bug Fixes
4ebb831 #8839 updates hints to use cli paradigm (@owlstronaut)
7896e51 #8838 update the token list text (@owlstronaut)
8ab8668 #8836 query: support package-lock-only in workspaces (@watilde)
35e8d38 #8322 properly handle newlines with input when using the spinner (#8322) (@mbtools)
0c0faae #8780 adduser: improve email prompt (#8780) (@mbtools)
Documentation
7f2ab9d #8810 scripts: replace deprecated prepublish and install examples with prepare (Max Black)
91ebab7 #8847 remove note about token create being disabled (@owlstronaut)
2030250 #8822 scripts: clarify prepare script runs with --production (Max Black)
33a50d7 #8821 scripts: update npm_package_* environment variables documentation (Max Black)
50508f9 #8793 package-json: add documentation for type field (#8793) (@MaxBlack-dev, Max Black)
aa1dd7e #8823 scripts: document that prepare scripts run concurrently in workspaces (Max Black)
3f48487 #8820 package-spec: fix alias syntax in examples (Max Black)
dd104da #8812 version: add note about git version requirements (Max Black)
58afdcc #8792 install: clarify prerelease version range behavior (Max Black)
9f818e8 #8795 npm-view: clarify object property access syntax and provide examples (Max Black)
39c2f2e #8791 add examples for command line flags including --prefix (Max Black)
1298530 #8790 clarify version field can be omitted in package-lock (Max Black)
090b6ca #8794 npx: clarify that arguments are passed to executed command (Max Black)
a864f80 #8787 document gypfile field in package.json (Max Black)
2fc689d #8788 add field access patterns to npm view (Max Black)
4850639 #8796 package-json: add examples for replacing dependencies with forks in overrides (Max Black)
4864dd4 #8798 npm-install: document engines field priority when installing packages (Max Black)
95d25cd #8799 package-json: clarify repository field normalization during publish (Max Black)
a367f9b #8800 package-lock-json: clarify that version field may be omitted for certain dependencies (Max Black)
ffc9b71 #8801 npm-install: clarify --tag does not override package.json (#8801) (@MaxBlack-dev, Max Black)
73688ca #8735 clarify npm version behavior with prerelease versions (#8735) (@yashwantbezawada)
4a32606 #8785 updates the token create documentation (#8785) (@owlstronaut, @wraithgar)
Chores
54929ce #8836 update baseline-browser-mapping (@watilde)

Dependencies

11.6.4 (2025-11-25)

Documentation

dfb83c7 #8749 add example for keywords field (#8749) (@MaxBlack-dev, Max Black)
1b1e227 #8750 remove outdated roadmap link (#8750) (@MaxBlack-dev, Max Black)
1333d57 #8752 clarify .npmrc naming convention for environment variable overrides (#8752) (@MaxBlack-dev)
22cddb8 #8755 add workspace dependencies example to workspaces (Max Black)
17e154c #8756 standardize env vars to uppercase convention (Max Black)
1e51a25 #8754 fix lifecycle event order for prepare script (Max Black)
8d72bc9 #8753 add os, cpu, and funding fields to package-lock.json (Max Black)
Dependencies
f56bb13 #8779 `proc-log@6.1.0` (#8779)
f963223 #8770 `proggy@4.0.0`
f51e4aa #8770 `nopt@9.0.0`
2d15040 #8770 @npmcli/query@5.0.0
9d77b84 #8770 @npmcli/installed-package-contents@4.0.0
e2ac092 #8770 `read@5.0.1`
6e5bfd9 #8770 `init-package-json@8.2.4`
7f8e237 #8770 `p-map@7.0.4`
a4aa218 #8770 `npm-user-validate@4.0.0`
6430446 #8770 `npm-audit-report@7.0.0`
58650dc #8770 @npmcli/fs@5.0.0
4a11146 #8770 `glob@13.0.0`
00511d4 #8770 @npmcli/cacache@20.0.3
224afa2 #8770 @npmcli/map-workspaces@5.0.3
664ac34 #8770 @npmcli/package-json@7.0.4
workspace: @npmcli/arborist@9.1.8
workspace: @npmcli/config@10.4.4
workspace: `libnpmdiff@8.0.11`
workspace: `libnpmexec@10.1.10`
workspace: `libnpmfund@7.0.11`
workspace: `libnpmpack@9.0.11`

11.6.3 (2025-11-19)

Bug Fixes

c6242d9 #8706 change npm profile to create tokens with GAT support (#8706) (@owlstronaut, @wraithgar)
cbc6fa9 #8731 order of version information in error message (#8731) (@piotrd, @pd-be)
11dbd7e #8709 display full token when creating authentication tokens (#8709) (@MaxBlack-dev, Max Black)
49a4eef #8676 use look behind regex for trailing slash stripping (#8676) (@wraithgar)
b1aee62 #8645 dep flag calculation (#8645) (@liamcmitchell)
Documentation
ca53c21 #8745 add workspace usage examples (#8745) (@MaxBlack-dev, Max Black)
e71ca0e #8746 add --save flag to documentation (#8746) (@MaxBlack-dev, Max Black)
06510a8 #8683 add ignore-scripts option to npm version help and docs (#8683) (@Tejas242)
Dependencies
7f72238 #8723 `cacache@20.0.2`
7ac9db8 #8723 `init-package-json@8.2.3`
41e97c6 #8723 `validate-npm-package-name@7.0.0`
6b1fbe1 #8723 `npm-package-arg@13.0.2`
aa1d486 #8723 @npmcli/promise-spawn@9.0.1
599c819 #8723 `which@6.0.0`
e49286e #8723 `ini@5.0.0`
b7c9f96 #8723 @npmcli/promise-spawn@9.0.0
8cc9f70 #8723 `ssri@13.0.0`
0b7274f #8723 `pacote@21.0.4`
59b3c6a #8723 @npmcli/redact@4.0.0
578abad #8723 `node-gyp@12.1.0`
89c4151 #8723 @npmcli/git@7.0.1
c6d109d #8723 `make-fetch-happen@15.0.3`
34d8599 #8723 `npm-registry-fetch@19.1.1`
4811a86 #8723 @npmcli/run-script@10.0.3
6cb77df #8723 @npmcli/installed-package-contents@4.0.0
05ac7a7 #8723 `proc-log@6.0.0`
0a74f6d #8723 `bin-links@6.0.0`
c02ce5c #8723 @npmcli/package-json@7.0.2
9c0cefa #8723 `json-parse-even-better-errors@5.0.0`
041b9b2 #8723 `parse-conflict-json@5.0.1`
a1b0fea #8723 @npmcli/name-from-folder@4.0.0
a085745 #8723 `abbrev@4.0.0`
00d9c7d #8723 `nopt@9.0.0`
3404dca #8723 `npm-install-checks@8.0.0`
542fcf3 #8723 @npmcli/node-gyp@5.0.0
89e14d3 #8723 `tar@7.5.2`
5383f3a #8723 `npm-registry-fetch@19.1.0`
1bb9a7d #8723 `npm-profile@12.0.1`
de619a4 #8723 `npm-pick-manifest@11.0.3`
0e042ec #8723 `npm-packlist@10.0.3`
2a3c338 #8723 `node-gyp@11.5.0`
b96e86c #8723 `minimatch@10.1.1`
d347329 #8723 `exponential-backoff@3.1.3`
d6830f4 #8723 @npmcli/run-script@10.0.2
bcc7ec8 #8723 @npmcli/metavuln-calculator@9.0.3
7a419df #8723 @npmcli/map-workspaces@5.0.1
Chores
32bdd83 #8723 fix package-lock (@wraithgar)
4bff14b #8670 write tarball to testDir (#8670) (@wraithgar)
679486b #8672 fix lockfile (#8672) (@wraithgar)
workspace: @npmcli/arborist@9.1.7
workspace: @npmcli/config@10.4.3
workspace: `libnpmdiff@8.0.10`
workspace: `libnpmexec@10.1.9`
workspace: `libnpmfund@7.0.10`
workspace: `libnpmpack@9.0.10`
workspace: `libnpmpublish@11.1.3`
workspace: `libnpmversion@8.0.3`

11.6.2 (2025-10-08)

Bug Fixes

c54d1e9 #8633 progress bar code cleanup (#8633) (@wraithgar)
d352e27 #8629 do not redact notice logs going to stdout (#8629) (@wraithgar)
5ac3678 #8617 spelling in ./lib and ./test/lib (#8617) (@jsoref)
9197995 #8619 spelling (#8619) (@jsoref)
dd884e3 #8618 spelling (#8618) (@jsoref)
f6028e6 #8614 skip redacting urls meant for opening by the user (#8614) (@wraithgar, @jolyndenning)
54fd27f #8602 refactor node.ideallyInert to node.inert (#8602) (@liamcmitchell)
79e3c1e #8593 use @npmcli/package-json to normalize package data (@wraithgar)
Documentation
0469c5e #8639 rewrap markdown (#8639) (@jsoref)
9ceb9c1 #8636 rewrap markdown (#8636) (@jsoref)
6324370 #8616 fix spelling (#8616) (@jsoref)
1b0429a #8607 Fix spelling (#8607) (@jsoref)
7fbe07a #8603 clean up deprecated npm access commands (#8603) (@jsoref)
Dependencies
fa7cc6f #8662 `ci-info@4.3.1` (#8662)
b05461b #8663 @sigstore/sign@4.0.1 (#8663)
c31de22 #8661 downgrade ci-info to 4.3.0 (#8661) (@wraithgar)
c5191b5 #8659 `ci-info@4.3.1`
f255c92 #8659 `hosted-git-info@9.0.2`
bdaf323 #8659 `is-cidr@6.0.1`
a33f106 #8659 `lru-cache@11.2.2`
8044e07 #8659 `npm-package-arg@13.0.1`
f577504 #8659 `npm-packlist@10.0.2`
9aa4fa6 #8659 `semver@7.7.3`
fe9484a #8593 remove normalize-package-data
Chores
b3409f4 #8659 dev dependency updates (@wraithgar)
e8de81b #8643 Add automatically generated annotation to dependencies.md (#8643) (@jsoref)
67cfaf3 #8627 fix spelling: different (#8627) (@jsoref)
17ddc0d #8622 fix spelling (#8622) (@jsoref)
c3e1790 #8605 Remove reference to nonexistent calendar (#8605) (@jsoref)
ac9143e #8604 Improve link accessibility for screen reader users (#8604) (@jsoref)
62d73e7 #8601 remove references to benchmarks workflow (#8601) (@jsoref)
bb4b739 #8598 remove stale comment (#8598) (@jsoref)
f73e65d #8592 fix build url code for remark-github@12 (#8592) (@wraithgar)
workspace: @npmcli/arborist@9.1.6
workspace: @npmcli/config@10.4.2
workspace: `libnpmaccess@10.0.3`
workspace: `libnpmdiff@8.0.9`
workspace: `libnpmexec@10.1.8`
workspace: `libnpmfund@7.0.9`
workspace: `libnpmpack@9.0.9`
workspace: `libnpmpublish@11.1.2`

11.6.1 (2025-09-23)

Bug Fixes

d389614 #8579 corrects peer dependency flag propagation (@owlstronaut)
5db81c3 #8512 allow concurrent non-local npx calls (#8512) (@jenseng, @wraithgar)
Documentation
7a09902 #8582 bring back certfile (#8582) (@jenseng)
Dependencies
849dcb6 #8589 `tar@7.5.1` (#8589)
ea15731 #8576 `binary-extensions@3.1.0`
0f41bac #8576 `tiny-relative-date@2.0.2`
07bf540 #8576 `is-cidr@6.0.0`
ef87ec6 #8576 `diff@8.0.2`
48285e0 #8576 add fdir, isexe, and picomatch to node_modules
099238a #8576 `fdir@6.5.0`
6e4d673 #8576 `isexe@3.1.1`
09a7494 #8576 `supports-color@10.2.2`
c5157c9 #8576 `chalk@5.6.2`
46035db #8576 `debug@4.4.3`
5f6664b #8576 `spdx-license-ids@3.0.22`
5516583 #8576 `socks@2.8.7`
6a392f3 #8576 `tinyglobby@0.2.15`
9519f18 #8576 `npm-install-checks@7.1.2`
34bafd1 #8576 `node-gyp@11.4.2`
dfd034e #8576 @npmcli/promise-spawn@8.0.3
d4eef14 #8576 `rimraf@6.0.1`
566f1b7 #8576 `minimatch@10.0.3`
ac33497 #8576 `mkdirp@3.0.1`
1676626 #8576 `glob@11.0.3`
817f0b1 #8576 `ignore-walk@8.0.0`
79a4e67 #8576 `minizlib@3.0.2`
38fa2c2 #8576 `negotiator@1.0.0`
24252a1 #8576 @npmcli/agent@4.0.0
ea7ca5f #8576 `lru-cache@11.2.1`
521823b #8576 @npmcli/git@7.0.0
bf6b686 #8576 `npm-package-arg@13.0.0`
9392488 #8576 `npm-package-manifest@11.0.1`
0082083 #8576 `normalize-package-data@8.0.0`
633c4ed #8576 `hosted-git-info@9.0.0`
66f64eb #8576 `make-fetch-happen@15.0.2`
1f85f94 #8576 @sigstore/tuf@4.0.0
a2bdecc #8576 `sigstore@4.0.0`
1149971 #8576 `npm-registry-fetch@19.0.0`
b5bd5e3 #8576 `npm-profile@12.0.0`
6221e27 #8576 @npmcli/metavuln-calculator@9.0.2
da81a37 #8576 `cacache@20.0.1`
6b4c5f9 #8576 @npmcli/run-script@10.0.0
cb36a8a #8576 `init-package-json@8.2.2`
b6bb9ae #8576 `pacote@21.0.3`
1b4433f #8576 @npmcli/map-workspaces@5.0.0
ceae674 #8576 @npmcli/package-json@7.0.1
4f37534 #8576 remove read-package-json-fast
Chores
7eb5c09 #8576 update package-lock with peer flag fixes (@wraithgar)
0d00fd8 #8576 `jsdom@27.0.0` (@wraithgar)
420a569 #8576 `unified@11.0.5` (@wraithgar)
064deb3 #8576 `remark-rehype@11.1.2` (@wraithgar)
30fe3ba #8576 `remark-man@9.0.0` (@wraithgar)
1c6bb4c #8576 `rehype-stringify@10.0.1` (@wraithgar)
208cb93 #8576 `remark-gfm@4.0.1` (@wraithgar)
4a46b5a #8576 `remark-github@12.0.0` (@wraithgar)
93d190b #8576 `remark-parse@11.0.0` (@wraithgar)
05301a4 #8576 `remark@15.0.1` (@wraithgar)
6afdda9 #8576 `ajv-formats@3.0.1` (@wraithgar)
402a0ab #8576 @npmcli/template-oss@4.25.1 (@wraithgar)
3b43bf7 #8576 dev dependency updates (@wraithgar)
9f9146f #8576 @tufjs/repo-mock@4.0.0 (@wraithgar)
eed8a10 #8576 use latest/local arborist in mock-registry (@wraithgar)
workspace: @npmcli/arborist@9.1.5
workspace: @npmcli/config@10.4.1
workspace: `libnpmaccess@10.0.2`
workspace: `libnpmdiff@8.0.8`
workspace: `libnpmexec@10.1.7`
workspace: `libnpmfund@7.0.8`
workspace: `libnpmorg@8.0.1`
workspace: `libnpmpack@9.0.8`
workspace: `libnpmpublish@11.1.1`
workspace: `libnpmsearch@9.0.1`
workspace: `libnpmteam@8.0.2`
workspace: `libnpmversion@8.0.2`

11.6.0 (2025-09-03)

Features

bdcc10d #8359 add support for optional env var replacements in .npmrc (#8359) (@aczekajski, @owlstronaut)
Bug Fixes
dd4cee9 #8539 powershell: improve argument parsing (#8539) (@alexsch01)
5f18557 #8532 powershell: fix issue with modified InvocationName (#8532) (@alexsch01)
9e5abf1 #8529 add redaction to log format egress (#8529) (@wraithgar)
75ce64a #8524 revert handle signal exits gracefully (#8524) (@owlstronaut)
5d82d0b #8469 ps1 scripts in powershell 5.1 (#8469) (@splatteredbits)

Dependencies

11.5.2 (2025-07-30)

Bug Fixes

7d900c4 #8467 oidc visibility check for provenance (#8467) (@reggi, @wraithgar)
Documentation
d4e56b2 #8459 update snapshot generation command (#8459) (@MikeMcC399)

11.5.1 (2025-07-24)

Bug Fixes

476bf17 #8457 provenance should only default for oidc (@reggi)

11.5.0 (2025-07-24)

Features

1cce318 #8336 adds support for oidc publish (#8336) (@reggi)
Bug Fixes
7f66f0a #8447 add better hint for before and clean up description (@wraithgar)
280817a #8447 add --before param to command help output (@wraithgar)
6e47325 #8441 Makes 404 errors less scary without revealing existence (#8441) (@owlstronaut)
0a97ffd #8429 handle signal exits gracefully (@owlstronaut)
5b858c6 #8411 ensure progress bars display consistently across all environments (#8411) (@owlstronaut)
Documentation
ef3529e #8435 add test snapshot (#8435) (@reggi, @wraithgar)
b7758d7 #8418 remove reference to Node.js download less common os (#8418) (@MikeMcC399)
746ac5d #8380 remove duplicate info (#8380) (@alexsch01)
4673e9c #8371 rebrand OS X references to macOS (@MikeMcC399)
Dependencies
398fed4 #8450 `normalize-package-data@7.0.1`
5b242c9 #8450 `validate-npm-package-name@6.0.2`
d4e8a8a #8450 `tuf-js@3.1.0`
e1b37b2 #8450 `picomatch@4.0.3`
3cb5884 #8450 `socks@2.8.6`
daea981 #8450 `ci-info@4.3.0`
39ad47d #8450 `aproba@2.1.0`
a789f33 #8450 `agent-base@7.1.4`
1c0d257 #8450 @npmcli/metavuln-calculator@9.0.1
Chores
804a964 #8450 update devDependencies in lockfile (@wraithgar)
643ae71 #8450 update mock-registry to use local arborist (@wraithgar)
cf023d7 #8421 contributing: prepare easier copy-paste contributing commands (#8421) (@MikeMcC399)
3f60b5f #8383 @npmcli/template-oss@4.24.4 (#8383) (@wraithgar)
01f8cc6 #8381 @npmcli/template-oss@4.24.3 (#8381) (@wraithgar)
workspace: @npmcli/arborist@9.1.3
workspace: @npmcli/config@10.3.1
workspace: `libnpmdiff@8.0.6`
workspace: `libnpmexec@10.1.5`
workspace: `libnpmfund@7.0.6`
workspace: `libnpmpack@9.0.6`
workspace: `libnpmpublish@11.1.0`

11.4.2 (2025-06-11)

Bug Fixes

f2d6947 #8345 move warning to new line when npm init is canceled (@mbtools)
e758dd7 #8318 powershell: multiple Invoke-Expression fixes (#8318) (@alexsch01)
Documentation
7233cb3 #8355 remove deprecated section related temp files (#8355) (@milaninfy)
fb7a498 #8351 clarify shell used for script (#8351) (@milaninfy)
8b55d38 #8329 Rename "command" to "script" (#8329) (@DanKaplanSES)
Dependencies
7b05420 #8358 `fdir@6.4.6`
e1a3b23 #8358 `tinyglobby@0.2.14`
522efa2 #8358 `socks@2.8.5`
7a0723f #8358 `debug@4.4.1`
9a342a4 #8358 `brace-expansion@2.0.2`
e691ba0 #8358 @sigstore/protobuf-specs@0.4.3
42ef765 #8358 `validate-npm-package-name@6.0.1`
774c0b1 #8358 @npmcli/redact@3.2.2
dda6f87 #8317 @npmcli/package-json@6.2.0
bc08ac7 #8317 remove normalize-package-data
Chores
0ad1444 #8358 dev dependency updates (@wraithgar)
workspace: @npmcli/arborist@9.1.2
workspace: `libnpmdiff@8.0.5`
workspace: `libnpmexec@10.1.4`
workspace: `libnpmfund@7.0.5`
workspace: `libnpmpack@9.0.5`
workspace: `libnpmpublish@11.0.1`

11.4.1 (2025-05-21)

Documentation

3ed764a #8308 Clarify script working directory behavior (fixes #8305) (#8308) (@tarekwfa0110, @owlstronaut)
Chores
2f30251 #8314 remove references to skimdb.npmjs.com (#8314) (@shmam)
9cb9d50 #8298 add contributor to changelog entry (#8298) (@wraithgar)

Dependencies

11.4.0 (2025-05-15)

Features

a0e60fb #8246 added init-private option (@owlstronaut)
57aa89f #8265 use run by default and run-script as the alias (#8265) (@owlstronaut)
0d4c023 #8234 install: add package info to json output (#8234) (@wraithgar)
Bug Fixes
8794fd9 #8297 powershell: support pipeline input with Invoke-Expression (#8297) (@alexsch01)
b5173d1 #8293 docs: corrected github_path (#8293) (@xaos7991)
2210d7a #8278 powershell: use Invoke-Expression to pass args (#8278) (@alexsch01, @mbtools)
8669d09 #8228 add otplease for enable-2fa, disable-2fa, access (#8228) (@reggi, @wraithgar)
78b5a6f #8269 correctly handle scenario where prefix is the cwd (#8269) (@owlstronaut, @ficocelliguy)
fdc3413 #8221 exec: Fails to Execute Binaries Named After Shell Keywords (#8221) (@13sfaith)
4b08e2e #8245 docs: prepare script runs for local package links (@milaninfy)
1622ac4 #8241 handle missing time in packument to prevent crash on npm view (@owlstronaut)
db8f5da #8110 outdated: add dependent location in long output (#8110) (@milaninfy, @wraithgar)
Documentation
d2498df #8295 Remove CHANGELOG from never-ignored list (#8295) (@mrazauskas)
4d5c3c1 #8283 fix overrides example in package-json.md (#8283) (@glasser)
96cc4f9 #8226 format publish as code to highlight it (@LiangYingC)
4990ea0 #8226 clarify legacy token creation in npm login and adduser commands (@LiangYingC)
Dependencies
c97ef8a #8246 `init-package-json@8.2.1`
f48613d #8292 @sigstore/verify@2.1.1
a4c5e74 #8292 `tinyglobby@0.2.13`
b9156d2 #8292 `http-cache-semantics@4.2.0`
472a685 #8292 `binary-extensions@3.1.0`
988696e #8292 @sigstore/tuf@3.1.1
569ac84 #8292 `semver@7.7.2`
2521c9b #8233 @sigstore/protobuf-specs@0.4.1
3274d68 #8233 @npmcli/query@4.0.1
c263626 #8233 `abbrev@3.0.1`
78df711 #8233 `hosted-git-info@8.1.0`
Chores
e80e38e #8292 dev dependency updates (@wraithgar)
3231ee9 #8244 update snapshots (@owlstronaut)
c561a33 #8233 dev dependency updates (@owlstronaut)
7eca19c #8215 update workflow permissions for updating Node PR (@owlstronaut)
workspace: @npmcli/arborist@9.1.0
workspace: @npmcli/config@10.3.0
workspace: `libnpmaccess@10.0.1`
workspace: `libnpmdiff@8.0.3`
workspace: `libnpmexec@10.1.2`
workspace: `libnpmfund@7.0.3`
workspace: `libnpmpack@9.0.3`
workspace: `libnpmteam@8.0.1`
workspace: `libnpmversion@8.0.1`

11.3.0 (2025-04-08)

Features

b306d25 #8129 add node-gyp as actual config (@wraithgar)
Bug Fixes
2f5392a #8135 make npm run autocomplete work with workspaces (#8135) (@terrainvidia)
Documentation
26b6454 fix grammar in local path note (@cgay)
1c0e83d #7886 fix typo in package-json.md (#7886) (@stoneLeaf)
14efa57 #8178 fix example package name in overrides explainer (#8178) (@G-Rath)
4183cba #8162 logging: replace proceeding with preceding in loglevels details (#8162) (@tyleralbee)
Dependencies
e57f112 #8207 `minipass-fetch@4.0.1`
3daabb1 #8207 `minizlib@3.0.2`
c7a7527 #8207 `ci-info@4.2.0`
20b09b6 #8207 `node-gyp@11.2.0`
679bc4a #8129 @npmcli/run-script@9.1.0
Chores
3fbed84 #8207 install rimraf as a devdependency for smoke tests (@owlstronaut)
43f0b41 #8207 dev dependency updates (@wraithgar)
26803bc #8147 release integration node 23 yml (#8147) (@reggi)
d679a1a #8146 release integration node 23 (#8146) (@reggi)
workspace: @npmcli/arborist@9.0.2
workspace: @npmcli/config@10.2.0
workspace: `libnpmdiff@8.0.2`
workspace: `libnpmexec@10.1.1`
workspace: `libnpmfund@7.0.2`
workspace: `libnpmpack@9.0.2`

11.2.0 (2025-03-05)

Features

247ee1d #8100 cache: add npx commands (@wraithgar)
3a80a7b #8081 add --init-type flag (#8081) (@reggi)
2a1e11f #8071 move nerfDart list into @npmcli/config (@wraithgar)
Bug Fixes
8461186 #8100 update npx cache if possible when spec is a range (@wraithgar)
e345cc5 #8050 don't suggest npm update outside of valid engine range (#8050) (@milaninfy)
811ca29 #8115 stop working around bug fixed in `npm-package-arg@12.0.2` (@TrevorBurnham)
879303c #8078 warn on invalid publishConfig (#8078) (@wraithgar)
41417de #8080 warn when TUF fetching of keys fails (#8080) (@wraithgar)
593c849 #8076 warn on invalid single-hyphen cli flags (#8076) (@wraithgar)
Dependencies
3d8b257 #8100 @npmcli/package-json@6.1.1
ab17523 #8134 `supports-color@10.0.0`
3cbe21a #8134 `foreground-child@3.3.1`
ee5e1aa #8118 @npmcli/redact@3.1.1
5df69b4 #8118 `exponential-backoff@3.1.2`
80c3273 #8118 `read@4.1.0`
7fd70fa #8118 `node-gyp@11.1.0`
7aeffff #8118 `cidr-regex@4.1.3`
b0c0490 #8118 `is-cidr@5.1.1`
ef49d6b #8118 `sigstore@3.1.0`
1399bfb #8118 `socks@2.8.4`
6b72107 #8118 `semver@7.7.1`
c9ad0c4 #8118 @npmcli/git@6.0.3
b153927 #8115 `npm-package-arg@12.0.2`
f0f6265 #8071 `nopt@8.1.0`
Chores
cc72b89 #8143 fix smoke tests to account for new release versions within a workspace (#8143) (@reggi)
c3810bc #8134 dev dependency updates (@wraithgar)
9dc40e6 #8118 dev dependency updates (@wraithgar)
7ec0831 #8118 update jsonpath-plus (@wraithgar)
ed85b01 #8071 tests for config warnings/changes (@wraithgar)
workspace: @npmcli/arborist@9.0.1
workspace: @npmcli/config@10.1.0
workspace: `libnpmdiff@8.0.1`
workspace: `libnpmexec@10.1.0`
workspace: `libnpmfund@7.0.1`
workspace: `libnpmpack@9.0.1`

11.1.0 (2025-01-29)

Features

7f6c997 #8009 add dry-run to deprecate/undeprecate commands (@wraithgar)
1764a37 #8009 add npm undeprecate command (@wraithgar)
Bug Fixes
31455b2 #8054 publish: honor force for no dist tag and registry version check (#8054) (@reggi)
dc31c1b #8038 remove max-len linting bypasses (@wraithgar)
8a911ff #8038 publish: disregard deprecated versions when calculating highest version (@wraithgar)
7f72944 #8038 publish: accept publishConfig.tag to override highest semver check (@wraithgar)
ab9ddc0 #7992 sbom: deduplicate sbom dependencies (#7992) (@bdehamer)
f7da341 #7980 search: properly display multiple search terms (#7980) (@wraithgar)
Documentation
3644e79 #8055 update readme for Node.js versions, remove badges (#8055) (@wraithgar)
f1af61f #8041 fix typos in "package-json" (#8041) (@maxkoryukov)
e90c6fe #8051 depth flag default value (#8051) (@milaninfy)
866b5ee #8030 safer documentation urls, repos, packages (#8030) (@reggi)
Dependencies
7ddfbad #8053 @npmcli/package-json@6.1.1
9473a86 #8053 `spdx-license-ids@3.0.21`
a65e5ce #8053 @sigstore/protobuf-specs@0.3.3
215ebe4 #8053 `chalk@5.4.1`
Chores
61f00e3 #8069 splits out smoke-tests from publish-dryrun tests (#8069) (@reggi)
6d0f46e #8058 stop publish smoke from check git clean (#8058) (@reggi)
9281ebf #8057 fix smoke tests prerelease needs separate string args (#8057) (@reggi)
aa202e9 #8056 smoke tests using a preid (#8056) (@reggi)
18e0449 #8053 dev dependency updates (@wraithgar)
859a71c #8052 update node versions for release integration tests (#8052) (@wraithgar)
7e7961d #8038 bump @npmcli/eslint-config to 5.1.0 (@wraithgar)
workspace: @npmcli/config@10.0.1

11.0.0 (2024-12-16)

Documentation

8a911da #7963 ls: removed design change pending section note (#7963) (@milaninfy)
Dependencies
5319e48 #7973 remove unnecessary sprintf-js files in node_modules (#7973)
d369c77 #7976 `socks-proxy-agent@8.0.5`
3b2951a #7976 `https-proxy-agent@7.0.6`
a598b7b #7976 `agent-base@7.1.3`
52bcaf6 #7976 `debug@4.4.0`
aabf345 #7976 `p-map@7.0.3`
28e8761 #7976 `npm-package-arg@12.0.1`
Chores
ecd7190 #7976 dev dependency updates (@wraithgar)
a07f4e0 #7976 @npmcli/template-oss@4.23.6 (@wraithgar)
687ab12 #7970 remove pre-release mode from npm 11 and workspaces (#7970) (@wraithgar)
workspace: @npmcli/arborist@9.0.0
workspace: @npmcli/config@10.0.0
workspace: `libnpmaccess@10.0.0`
workspace: `libnpmdiff@8.0.0`
workspace: `libnpmexec@10.0.0`
workspace: `libnpmfund@7.0.0`
workspace: `libnpmorg@8.0.0`
workspace: `libnpmpack@9.0.0`
workspace: `libnpmpublish@11.0.0`
workspace: `libnpmsearch@9.0.0`
workspace: `libnpmteam@8.0.0`
workspace: `libnpmversion@8.0.0`

11.0.0-pre.1 (2024-12-06)

⚠️ BREAKING CHANGES

Upon publishing, in order to apply a default "latest" dist tag, the command now retrieves all prior versions of the package. It will require that the version you're trying to publish is above the latest semver version in the registry, not including pre-release tags.
npm init now has a type prompt, and sorts the entries in created packages differently
bun.lockb files are now included in the strict ignore list during packing
Features
f3ac7b7 #7939 no implicit latest tag on publish when latest > version (#7939) (@reggi, @ljharb)
Bug Fixes
e362c6d #7944 prefix: remove duplicate -g from usage output (#7944) (@wraithgar)
Documentation
2af31dd #7947 change certfile to cafile (#7947) (@wraithgar)
1be8e95 #7945 update ignore rules (@wraithgar)
Dependencies
bc9b14d #7955 @npmcli/run-script@9.0.2
fecfcf4 #7955 `node-gyp@11.0.0`
8905037 #7955 `p-map@7.0.2`
ac8eb39 #7955 `diff@7.0.0`
c0bcc2a #7955 `walk-up-path@4.0.0`
d463a6f #7955 `init-package-json@8.0.0`
b87ba24 #7945 @npmcli/package-json@6.1.0
4bf1901 #7945 @npmcli/metavuln-calculator@9.0.0
ca84b22 #7945 `pacote@21.0.0`
4906f3d #7945 `npm-packlist@10.0.0`
Chores
cfdf214 #7943 fork changelog (#7943) (@wraithgar)
workspace: @npmcli/arborist@9.0.0-pre.1
workspace: @npmcli/config@10.0.0-pre.1
workspace: `libnpmdiff@8.0.0-pre.1`
workspace: `libnpmexec@10.0.0-pre.1`
workspace: `libnpmfund@7.0.0-pre.1`
workspace: `libnpmorg@8.0.0-pre.1`
workspace: `libnpmpack@9.0.0-pre.1`

11.0.0-pre.0 (2024-11-26)

⚠️ BREAKING CHANGES

When publishing a package with a pre-release version, you must explicitly specify a tag.
--ignore-scripts now applies to all lifecycle scripts, include prepare
npm will no longer fall back to the old audit endpoint if the bulk advisory request fails.
npm will no longer switch to global mode if aliased to "npmg" or "npm-g" etc.
The npm hook command has been removed
Attestations made by this package will no longer validate in npm versions prior to 10.6.0
npm now supports node ^20.17.0 || >=22.9.0
@npmcli/docs now supports node ^20.17.0 || >=22.9.0
Features
6995303 #7850 adds --ignore-scripts flag to pack (@reggi)
Bug Fixes
16b7367 #7910 publishing prerelease requires explicit tag (#7910) (@reggi)
e19bff0 #7901 perf: enable compile cache if present (#7901) (@H4ad)
080a0f2 #7911 remove old audit fallback request (@wraithgar)
780afc5 #7855 pkg: display if any of multiple attributes exist (#7855) (@Sanderovich)
ecd2d23 #7842 don't go into global mode if aliased to npmg (#7842) (@wraithgar)
62c71e5 #7835 removes npm hook command (@reggi)
7f541e8 #7815 make pack and exec work with git hash refs (#7815) (@milaninfy)
3162620 #7831 sets node engine range to ^20.17.0 || >=22.9.0 (@reggi)
4c8ba0a #7831 for @npmcli/docs sets node engine range to ^20.17.0 || >=22.9.0 (@reggi)
70cd88d #7808 view: sort and truncate dist-tags (#7808) (@wraithgar)
534ad77 #7795 remove unused parameters catch statements (#7795) (@btea)
Documentation
feb54f7 #7822 package.json: add libc field (#7822) (@wraithgar)
Dependencies
78293ad #7937 `spdx-license-ids@3.0.20`
33cf580 #7937 `promise-call-limit@3.0.2`
ef1c368 #7937 `package-json-from-dist@1.0.1`
92e6f07 #7937 `npm-registry-fetch@18.0.2`
e32284a #7937 `npm-install-checks@7.1.1`
5dffd11 #7937 `negotiator@0.6.4`
69d9f01 #7937 `make-fetch-happen@14.0.3`
884bbde #7937 `hosted-git-info@8.0.2`
3c74ec0 #7937 `debug@4.3.7`
f00359f #7937 `cross-spawn@7.0.6`
534bbe8 #7937 `ci-info@4.1.0`
8cbf1a7 #7937 @npmcli/promise-spawn@8.0.2
1bd39e7 #7937 @npmcli/map-workspaces@4.0.2
eb6498d #7937 `ansi-regex@6.1.0`
66fc8c9 #7850 @npmcli/metavuln-calculator@8.0.1
7dbef6f #7850 `pacote@20.0.0`
75a3f12 #7859 remove unused deps (#7859)
f36dc59 #7833 `pacote@19.0.1`
7ee15bb #7833 bump sigstore from 2.x to 3.0.0 (@bdehamer)
Chores
2d530a5 #7941 tests: account for when npm is a prerelease (#7941) (@wraithgar)
2c1b369 #7937 dev dependency updates (@wraithgar)
6edfe2f #7937 @npmcli/template-oss@4.23.5 (@wraithgar)
475285b #7920 clean up dependency graph repos (#7920) (@hashtagchris)
ec57f5f #7911 fix dependencies script for circular workspace deps (@wraithgar)
ccd8420 #7911 fix cli tests for audit fallback removal (@wraithgar)
720b4d8 #7833 bump @npmcli/arborist to 8.0.0 (@wraithgar)
286739c #7824 add creation of a DEPENDENCIES.json file (#7824) (@reggi)
852dd8b #7831 sets npm 11 to prerelease (@reggi)
95d009e #7831 update engine ^20.17.0 || >=22.9.0 in actions (@reggi)
5a74478 #7831 update engines ^20.17.0 || >=22.9.0 in package template (@reggi)
workspace: @npmcli/arborist@9.0.0-pre.0
workspace: @npmcli/config@10.0.0-pre.0
workspace: `libnpmaccess@10.0.0-pre.0`
workspace: `libnpmdiff@8.0.0-pre.0`
workspace: `libnpmexec@10.0.0-pre.0`
workspace: `libnpmfund@7.0.0-pre.0`
workspace: `libnpmorg@8.0.0-pre.0`
workspace: `libnpmpack@9.0.0-pre.0`
workspace: `libnpmpublish@11.0.0-pre.0`
workspace: `libnpmsearch@9.0.0-pre.0`
workspace: `libnpmteam@8.0.0-pre.0`
workspace: `libnpmversion@8.0.0-pre.0`

Package detail

readme

libnpmfund

Table of Contents

Example

Install

Contributing

API

> fund.read([opts]) -> Promise<Object>

> fund.readTree(tree, [opts]) -> Promise<Object>

> fund.normalizeFunding(funding) -> Object

> fund.isValidFunding(funding) -> Boolean

LICENSE

changelog

Changelog

11.7.0 (2025-12-09)

Features

Bug Fixes

Documentation

Chores

Dependencies

11.6.4 (2025-11-25)

Documentation

Dependencies

11.6.3 (2025-11-19)

Bug Fixes

Documentation

Dependencies

Chores

11.6.2 (2025-10-08)

Bug Fixes

Documentation

Dependencies

Chores

11.6.1 (2025-09-23)

Bug Fixes

Documentation

Dependencies

Chores

11.6.0 (2025-09-03)

Features

Bug Fixes

Dependencies

11.5.2 (2025-07-30)

Bug Fixes

Documentation

11.5.1 (2025-07-24)

Bug Fixes

11.5.0 (2025-07-24)

Features

Bug Fixes

Documentation

Dependencies

Chores

11.4.2 (2025-06-11)

Bug Fixes

Documentation

Dependencies

Chores

11.4.1 (2025-05-21)

Documentation

Chores

Dependencies

11.4.0 (2025-05-15)

Features

Bug Fixes

Documentation

Dependencies

Chores

11.3.0 (2025-04-08)

Features

Bug Fixes

Documentation

Dependencies

Chores

11.2.0 (2025-03-05)

Features

Bug Fixes

Dependencies

Chores

`> fund.read([opts]) -> Promise<Object>`

`> fund.readTree(tree, [opts]) -> Promise<Object>`

`> fund.normalizeFunding(funding) -> Object`

`> fund.isValidFunding(funding) -> Boolean`