npm
Overview
Section titled “Overview”npm is the default package manager for JavaScript and Node.js, facilitating the sharing and reuse of code, managing dependencies, and streamlining project workflows. With the npm integration in SquadOS, your agents can query package metadata, check security vulnerabilities, track download statistics, and interact with the npm registry programmatically.
- Official website: https://www.npmjs.com/
- Composio documentation: docs.composio.dev/toolkits/npm
Authentication
Section titled “Authentication”This tool uses an API key (API_KEY) to connect.
You will need the following fields:
| Field | Required | Description |
|---|---|---|
api_key | Yes | Authentication token generated from your npmjs.com account dashboard, used to authenticate requests to the npm registry. |
How to get credentials
Section titled “How to get credentials”- Go to npmjs.com and log in (or create a free account).
- Click your avatar in the top-right corner and select Access Tokens.
- Click Generate New Token and choose the Automation type (recommended for integrations) or Read-only depending on the access level needed.
- Set a descriptive name for the token (e.g.,
squados-integration) and confirm creation. - Copy the token displayed — it will only be shown once.
How to connect in SquadOS
Section titled “How to connect in SquadOS”- Go to Tools in the side menu (
/admin/tools). - Open the Available tab and search for
npm. - Click the card to open the details and hit Connect.
- You’re taken to the secure connection page hosted by Composio, where you enter the authentication token obtained above.
- Once done, you’re sent back to SquadOS with the account connected and the tool available to agents. (Connection-flow details in Organization Tools.)
Available actions
Section titled “Available actions”Delete User Token (Legacy)
Section titled “Delete User Token (Legacy)”NPM_DELETE_USER_TOKEN_LEGACY
Tool to delete a user authentication token using the legacy endpoint. Use when you need to revoke or remove a specific token from the npm registry.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
token | string | Yes | Token UUID/key to delete (e.g., a1df1599-b022-4f1b-86c5-ee7a1df48f48). This is the token identifier returned by the list tokens endpoint. |
npm_otp | string | No | One-time password for two-factor authentication, if required by the user account. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
Get All Packages Download Count Point
Section titled “Get All Packages Download Count Point”NPM_GET_ALL_PACKAGES_DOWNLOAD_POINT
Get total npm registry download statistics for all packages for a specified time period. Returns aggregate download counts across the entire npm registry with start/end dates. Supports preset periods (last-day, last-week, last-month, last-year) or custom date ranges (YYYY-MM-DD:YYYY-MM-DD).
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
period | string | Yes | Time period for downloads. Supported formats: (1) Preset periods: last-day, last-week, last-month, last-year. (2) Explicit date range: YYYY-MM-DD:YYYY-MM-DD (max 365 days). Data available from 2015-01-10 onwards. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
Get NPM Download Counts Point
Section titled “Get NPM Download Counts Point”NPM_GET_DOWNLOAD_COUNTS_POINT
Get npm package download statistics for a specified time period. Returns total download counts with start/end dates for single packages, scoped packages, or bulk queries (up to 128 packages). Supports preset periods (last-day, last-week, last-month, last-year) or custom date ranges (YYYY-MM-DD:YYYY-MM-DD).
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
period | string | Yes | Time period for downloads. Supported formats: (1) Preset periods: last-day, last-week, last-month, last-year. (2) Explicit date range: YYYY-MM-DD:YYYY-MM-DD (max 365 days for bulk queries, 18 months otherwise). Data available from 2015-01-10 onwards. |
package | string | Yes | Name of the npm package to fetch download counts for. Supports single packages (e.g., express) and scoped packages (e.g., @babel/core). For multiple packages, query them individually as the bulk query format returns a different response structure. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
Get NPM Package Download Counts Over Date Range
Section titled “Get NPM Package Download Counts Over Date Range”NPM_GET_DOWNLOAD_COUNTS_RANGE_PACKAGE
Tool to get download counts for an npm package over a specified date range. Use when you need historical daily download data.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
end | string | Yes | End date (inclusive) in YYYY-MM-DD format; must be the same or after start date. |
start | string | Yes | Start date (inclusive) in YYYY-MM-DD format. |
package | string | Yes | Name of the npm package, including optional scope (e.g., @babel/core). |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
Get All NPM Packages Download Counts by Period
Section titled “Get All NPM Packages Download Counts by Period”NPM_GET_DOWNLOAD_RANGE_ALL
Tool to get daily download counts for all npm packages over a specified period. Use when you need aggregate download statistics across the entire npm registry.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
period | string | Yes | Time period for downloads. Supported formats: (1) Preset periods: last-day, last-week, last-month, last-year. (2) Explicit date range: YYYY-MM-DD:YYYY-MM-DD (e.g., 2023-01-01:2023-01-31). Data available from 2015-01-10 onwards. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
Get Registry Changes Feed
Section titled “Get Registry Changes Feed”NPM_GET_REGISTRY_CHANGES
Tool to get a stream of registry changes for replication purposes. Returns CouchDB-style change feed for following registry updates.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
limit | integer | No | Maximum number of changes to return. Default is 1000, maximum is 10000. |
since | integer | No | Sequence number to start from when retrieving changes. Use to continue from a previous position in the feed. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
Get NPM Registry Meta
Section titled “Get NPM Registry Meta”NPM_GET_REGISTRY_META
Retrieves npm registry metadata via meta endpoints. Use ping to verify registry connectivity or whoami to get the authenticated username.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
endpoint | string (ping | whoami) | Yes | Meta subpath to call; either ping (check registry connectivity) or whoami (get authenticated username). |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
Get NPM Package Version Downloads (Last 7 Days)
Section titled “Get NPM Package Version Downloads (Last 7 Days)”NPM_GET_VERSION_DOWNLOADS
Tool to get download counts for specific versions of a package over the last 7 days. Use when you need to understand which versions are most popular.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
package | string | Yes | Name of the npm package, including optional scope (e.g., @babel/core). For scoped packages, the / will be automatically encoded. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
Query Bulk Security Advisories
Section titled “Query Bulk Security Advisories”NPM_QUERY_BULK_SECURITY_ADVISORIES
Tool to bulk query security advisories for multiple npm packages. Use when you need to check vulnerability information for multiple packages and versions at once.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
packages | object | Yes | JSON object mapping package names to arrays of version strings. Example: {"express": ["4.17.1"], "lodash": ["4.17.20"]} |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
Get NPM Package Metadata
Section titled “Get NPM Package Metadata”NPM_REGISTRY_GET_PACKAGE
Tool to fetch metadata for a specified npm package. Use after confirming the exact package name, including scope. Responses can be large; prefer reading top-level fields like dist-tags, description, and license rather than scanning the entire object.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
package | string | Yes | Name of the npm package to fetch, including optional scope (e.g., @babel/core). |
version | string | No | Specific version or dist-tag to fetch (e.g., latest, 1.2.3). If omitted, returns abbreviated metadata for all versions. Use dist-tags.latest as the authoritative stable version; do not infer it from versions or time maps, which may include pre-releases or deprecated entries. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
Get NPM Registry Root Metadata
Section titled “Get NPM Registry Root Metadata”NPM_REGISTRY_GET_ROOT
Fetches npm registry root metadata including total package count and update sequence. Returns database statistics from the npm replication service. No parameters required. Use this to get current registry statistics like the total number of packages available.
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
Search NPM Packages
Section titled “Search NPM Packages”NPM_REGISTRY_SEARCH_PACKAGES
Tool to search for packages in the npm registry. Use when you need to find packages matching a search term. Results are returned in an objects array; each element contains package metadata under a package field and weekly download estimates under downloads.weekly.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
size | integer | No | Number of results to return (1–250). Default is 20. |
text | string | Yes | Search query for packages (name, keywords, or description). Combine specific keywords (e.g., react cli, testing framework) to avoid loosely related results from broad queries. |
offset | integer | No | Offset for pagination. Default is 0. |
quality | number | No | Quality weight (0.0–1.0). Default is 1.0. |
popularity | number | No | Popularity weight (0.0–1.0). Default is 1.0. |
maintenance | number | No | Maintenance weight (0.0–1.0). Default is 1.0. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |