# Npm ```json { "name": "Npm", "slug": "npm", "url": "https://composio.dev/toolkits/npm", "markdown_url": "https://composio.dev/toolkits/npm.md", "logo_url": "https://logos.composio.dev/api/npm", "categories": [ "developer tools & devops" ], "is_composio_managed": false, "updated_at": "2026-05-12T10:20:25.139Z" } ``` ![Npm logo](https://logos.composio.dev/api/npm) ## Description Securely connect your AI agents and chatbots (Claude, ChatGPT, Cursor, etc) with Npm MCP or direct API to search packages, audit dependencies, publish updates, and fetch project metadata through natural language. ## Summary Npm is the default package manager for JavaScript and Node.js projects. It streamlines dependency management and code sharing for developers. ## Categories - developer tools & devops ## Toolkit Details - Tools: 12 ## Images - Logo: https://logos.composio.dev/api/npm ## Authentication - **Api Key** - Type: `api_key` - Description: Api Key authentication for Npm. - Setup: - Configure Api Key credentials for Npm. - Use the credentials when creating an auth config in Composio. ## Suggested Prompts - Search for the latest lodash release - List all dependencies for react project - Show weekly download stats for a package - Get details of a specific npm package ## Supported Tools | Tool slug | Name | Description | |---|---|---| | `NPM_DELETE_USER_TOKEN_LEGACY` | Delete User Token (Legacy) | Tool to delete a user authentication token using the legacy endpoint. Use when you need to revoke or remove a specific token from the npm registry. | | `NPM_GET_ALL_PACKAGES_DOWNLOAD_POINT` | Get All Packages Download Count Point | Get total npm registry download statistics for all packages for a specified time period. Returns aggregate download counts across the entire npm registry with start/end dates. Supports preset periods (last-day, last-week, last-month, last-year) or custom date ranges (YYYY-MM-DD:YYYY-MM-DD). | | `NPM_GET_DOWNLOAD_COUNTS_POINT` | Get NPM Download Counts Point | Get npm package download statistics for a specified time period. Returns total download counts with start/end dates for single packages, scoped packages, or bulk queries (up to 128 packages). Supports preset periods (last-day, last-week, last-month, last-year) or custom date ranges (YYYY-MM-DD:YYYY-MM-DD). | | `NPM_GET_DOWNLOAD_COUNTS_RANGE_PACKAGE` | Get NPM Package Download Counts Over Date Range | Tool to get download counts for an npm package over a specified date range. Use when you need historical daily download data. | | `NPM_GET_DOWNLOAD_RANGE_ALL` | Get All NPM Packages Download Counts by Period | Tool to get daily download counts for all npm packages over a specified period. Use when you need aggregate download statistics across the entire npm registry. | | `NPM_GET_REGISTRY_CHANGES` | Get Registry Changes Feed | Tool to get a stream of registry changes for replication purposes. Returns CouchDB-style change feed for following registry updates. | | `NPM_GET_REGISTRY_META` | Get NPM Registry Meta | Retrieves npm registry metadata via meta endpoints. Use 'ping' to verify registry connectivity or 'whoami' to get the authenticated username. | | `NPM_GET_VERSION_DOWNLOADS` | Get NPM Package Version Downloads (Last 7 Days) | Tool to get download counts for specific versions of a package over the last 7 days. Use when you need to understand which versions are most popular. | | `NPM_QUERY_BULK_SECURITY_ADVISORIES` | Query Bulk Security Advisories | Tool to bulk query security advisories for multiple npm packages. Use when you need to check vulnerability information for multiple packages and versions at once. | | `NPM_REGISTRY_GET_PACKAGE` | Get NPM Package Metadata | Tool to fetch metadata for a specified npm package. Use after confirming the exact package name, including scope. Responses can be large; prefer reading top-level fields like 'dist-tags', 'description', and 'license' rather than scanning the entire object. | | `NPM_REGISTRY_GET_ROOT` | Get NPM Registry Root Metadata | Fetches npm registry root metadata including total package count and update sequence. Returns database statistics from the npm replication service. No parameters required. Use this to get current registry statistics like the total number of packages available. | | `NPM_REGISTRY_SEARCH_PACKAGES` | Search NPM Packages | Tool to search for packages in the npm registry. Use when you need to find packages matching a search term. Results are returned in an 'objects' array; each element contains package metadata under a 'package' field and weekly download estimates under 'downloads.weekly'. | ## Supported Triggers None listed. ## Installation and MCP Setup ### Path 1: SDK Installation #### Path 1, Step 1: Install Composio Install the Composio SDK ```python pip install composio_openai ``` ```typescript npm install @composio/openai ``` #### Path 1, Step 2: Initialize Composio and Create Tool Router Session Import and initialize Composio client, then create a Tool Router session ```python from openai import OpenAI from composio import Composio from composio_openai import OpenAIResponsesProvider composio = Composio(provider=OpenAIResponsesProvider()) openai = OpenAI() session = composio.create(user_id='your-user-id') ``` ```typescript import OpenAI from 'openai'; import { Composio } from '@composio/core'; import { OpenAIResponsesProvider } from '@composio/openai'; const composio = new Composio({ provider: new OpenAIResponsesProvider(), }); const openai = new OpenAI({}); const session = await composio.create('your-user-id'); ``` #### Path 1, Step 3: Execute Npm Tools via Tool Router with Your Agent Get tools from Tool Router session and execute Npm actions with your Agent ```python tools = session.tools response = openai.responses.create( model='gpt-4.1', tools=tools, input=[{ 'role': 'user', 'content': 'Search for the most popular React testing libraries' }] ) result = composio.provider.handle_tool_calls( response=response, user_id='your-user-id' ) print(result) ``` ```typescript const tools = session.tools; const response = await openai.responses.create({ model: 'gpt-4.1', tools: tools, input: [{ role: 'user', content: 'Search for the most popular React testing libraries' }], }); const result = await composio.provider.handleToolCalls( 'your-user-id', response.output ); console.log(result); ``` ### Path 2: MCP Server Setup #### Path 2, Step 1: Install Composio Install the Composio SDK and Claude Agent SDK ```python pip install composio claude-agent-sdk ``` ```typescript npm install @composio/core ai @ai-sdk/openai @ai-sdk/mcp ``` #### Path 2, Step 2: Create Tool Router Session Initialize the Composio client and create a Tool Router session ```python from composio import Composio from claude_agent_sdk import ClaudeSDKClient, ClaudeAgentOptions composio = Composio(api_key='your-composio-api-key') session = composio.create(user_id='your-user-id') url = session.mcp.url ``` ```typescript import { Composio } from '@composio/core'; const composio = new Composio({ apiKey: 'your-api-key' }); console.log("Creating Tool Router session..."); const { mcp } = await composio.create('your-user-id'); console.log(`Tool Router session created: ${mcp.url}`); ``` #### Path 2, Step 3: Connect to AI Agent Use the MCP server with your AI agent ```python import asyncio options = ClaudeAgentOptions( permission_mode='bypassPermissions', mcp_servers={ 'tool_router': { 'type': 'http', 'url': url, 'headers': { 'x-api-key': 'your-composio-api-key' } } }, system_prompt='You are a helpful assistant with access to Npm tools.', max_turns=10 ) async def main(): async with ClaudeSDKClient(options=options) as client: await client.query('Search for the most popular React testing libraries') async for message in client.receive_response(): if hasattr(message, 'content'): for block in message.content: if hasattr(block, 'text'): print(block.text) asyncio.run(main()) ``` ```typescript import { openai } from '@ai-sdk/openai'; import { experimental_createMCPClient as createMCPClient } from '@ai-sdk/mcp'; import { generateText, stepCountIs } from 'ai'; const client = await createMCPClient({ transport: { type: 'http', url: mcp.url, headers: { 'x-api-key': 'your-composio-api-key' } } }); const tools = await client.tools(); const { text } = await generateText({ model: openai('gpt-4o'), tools, messages: [{ role: 'user', content: 'Search for the most popular React testing libraries' }], stopWhen: stepCountIs( 5 ) }); console.log(`Agent: ${text}`); ``` ## Why Use Composio? ### 1. AI Native Npm Integration - Supports both Npm MCP and direct API based integrations - Structured, LLM-friendly schemas for reliable tool execution - Rich coverage for searching, publishing, and auditing your Npm packages ### 2. Managed Auth - Built-in API key handling with secure storage and rotation - Central place to manage, scope, and revoke Npm access - Per user and per environment credentials instead of hard-coded keys ### 3. Agent Optimized Design - Tools are tuned using real error and success rates to improve reliability over time - Comprehensive execution logs so you always know what ran, when, and on whose behalf ### 4. Enterprise Grade Security - Fine-grained RBAC so you control which agents and users can access Npm - Scoped, least privilege access to Npm resources - Full audit trail of agent actions to support review and compliance ## Use Npm with any AI Agent Framework Choose a framework you want to connect Npm with: - [OpenAI Agents SDK](https://composio.dev/toolkits/npm/framework/open-ai-agents-sdk) - [Claude Agent SDK](https://composio.dev/toolkits/npm/framework/claude-agents-sdk) - [Claude Code](https://composio.dev/toolkits/npm/framework/claude-code) - [Claude Cowork](https://composio.dev/toolkits/npm/framework/claude-cowork) - [Codex](https://composio.dev/toolkits/npm/framework/codex) - [OpenClaw](https://composio.dev/toolkits/npm/framework/openclaw) - [Hermes](https://composio.dev/toolkits/npm/framework/hermes-agent) - [CLI](https://composio.dev/toolkits/npm/framework/cli) - [Google ADK](https://composio.dev/toolkits/npm/framework/google-adk) - [LangChain](https://composio.dev/toolkits/npm/framework/langchain) - [Vercel AI SDK](https://composio.dev/toolkits/npm/framework/ai-sdk) - [Mastra AI](https://composio.dev/toolkits/npm/framework/mastra-ai) - [LlamaIndex](https://composio.dev/toolkits/npm/framework/llama-index) - [CrewAI](https://composio.dev/toolkits/npm/framework/crew-ai) - [Pydantic AI](https://composio.dev/toolkits/npm/framework/pydantic-ai) - [AutoGen](https://composio.dev/toolkits/npm/framework/autogen) ## Related Toolkits - [Supabase](https://composio.dev/toolkits/supabase) - Supabase is an open-source backend platform offering scalable Postgres databases, authentication, storage, and real-time APIs. It lets developers build modern apps without managing infrastructure. - [Codeinterpreter](https://composio.dev/toolkits/codeinterpreter) - Codeinterpreter is a Python-based coding environment with built-in data analysis and visualization. It lets you instantly run scripts, plot results, and prototype solutions inside supported platforms. - [GitHub](https://composio.dev/toolkits/github) - GitHub is a code hosting platform for version control and collaborative software development. It streamlines project management, code review, and team workflows in one place. - [Ably](https://composio.dev/toolkits/ably) - Ably is a real-time messaging platform for live chat and data sync in modern apps. It offers global scale and rock-solid reliability for seamless, instant experiences. - [Abuselpdb](https://composio.dev/toolkits/abuselpdb) - Abuselpdb is a central database for reporting and checking IPs linked to malicious online activity. Use it to quickly identify and report suspicious or abusive IP addresses. - [Alchemy](https://composio.dev/toolkits/alchemy) - Alchemy is a blockchain development platform offering APIs and tools for Ethereum apps. It simplifies building and scaling Web3 projects with robust infrastructure. - [Algolia](https://composio.dev/toolkits/algolia) - Algolia is a hosted search API that powers lightning-fast, relevant search experiences for web and mobile apps. It helps developers deliver instant, typo-tolerant, and scalable search without complex infrastructure. - [Anchor browser](https://composio.dev/toolkits/anchor_browser) - Anchor browser is a developer platform for AI-powered web automation. It transforms complex browser actions into easy API endpoints for streamlined web interaction. - [Apiflash](https://composio.dev/toolkits/apiflash) - Apiflash is a website screenshot API for programmatically capturing web pages. It delivers high-quality screenshots on demand for automation, monitoring, or reporting. - [Apiverve](https://composio.dev/toolkits/apiverve) - Apiverve delivers a suite of powerful APIs that simplify integration for developers. It's designed for reliability and scalability so you can build faster, smarter applications without the integration headache. - [Appcircle](https://composio.dev/toolkits/appcircle) - Appcircle is an enterprise-grade mobile CI/CD platform for building, testing, and publishing mobile apps. It streamlines mobile DevOps so teams ship faster and with more confidence. - [Appdrag](https://composio.dev/toolkits/appdrag) - Appdrag is a cloud platform for building websites, APIs, and databases with drag-and-drop tools and code editing. It accelerates development and iteration by combining hosting, database management, and low-code features in one place. - [Appveyor](https://composio.dev/toolkits/appveyor) - AppVeyor is a cloud-based continuous integration service for building, testing, and deploying applications. It helps developers automate and streamline their software delivery pipelines. - [Backendless](https://composio.dev/toolkits/backendless) - Backendless is a backend-as-a-service platform for mobile and web apps, offering database, file storage, user authentication, and APIs. It helps developers ship scalable applications faster without managing server infrastructure. - [Baserow](https://composio.dev/toolkits/baserow) - Baserow is an open-source no-code database platform for building collaborative data apps. It makes it easy for teams to organize data and automate workflows without writing code. - [Bench](https://composio.dev/toolkits/bench) - Bench is a benchmarking tool for automated performance measurement and analysis. It helps you quickly evaluate, compare, and track your systems or workflows. - [Better stack](https://composio.dev/toolkits/better_stack) - Better Stack is a monitoring, logging, and incident management solution for apps and services. It helps teams ensure application reliability and performance with real-time insights. - [Bitbucket](https://composio.dev/toolkits/bitbucket) - Bitbucket is a Git-based code hosting and collaboration platform for teams. It enables secure repository management and streamlined code reviews. - [Blazemeter](https://composio.dev/toolkits/blazemeter) - Blazemeter is a continuous testing platform for web and mobile app performance. It empowers teams to automate and analyze large-scale tests with ease. - [Blocknative](https://composio.dev/toolkits/blocknative) - Blocknative delivers real-time mempool monitoring and transaction management for public blockchains. Instantly track pending transactions and optimize blockchain interactions with live data. ## Frequently Asked Questions ### Do I need my own developer credentials to use Npm with Composio? Yes, Npm requires you to configure your own API key credentials. Once set up, Composio handles secure credential storage and API request handling for you. ### Can I use multiple toolkits together? Yes! Composio's Tool Router enables agents to use multiple toolkits. [Learn more](https://docs.composio.dev/tool-router/overview). ### Is Composio secure? Composio is SOC 2 and ISO 27001 compliant with all data encrypted in transit and at rest. [Learn more](https://trust.composio.dev). ### What if the API changes? Composio maintains and updates all toolkit integrations automatically, so your agents always work with the latest API versions. --- [See all toolkits](https://composio.dev/toolkits) ยท [Composio docs](https://docs.composio.dev/llms.txt)