Advanced Node.js package management for Visual Studio Code with support for npm, yarn, pnpm, and bun.
- Auto-detect Node.js projects with
package.jsonin the workspace - Support for multi-root workspaces with independent package management
- Configurable project-specific settings (registry, install flags, etc.)
- Install Packages: Interactive UI with version selection (latest/specific) and dependency type (prod/dev) options.
- Remove Packages: Batch removal support.
- Update Packages: Batch update support with major/minor/patch filtering.
- Search Packages: Real-time registry search with fuzzy matching.
- Batch Operations: Update or install multiple packages simultaneously.
- Visual Dependency Graph: Interactive graph visualization of your project's dependencies.
- Unused Dependency Detection: Find and remove unused dependencies by scanning your source code.
- Conflict Detection: Identify conflicting peer dependencies and invalid package states.
- License Compliance: Check installed packages against allowed/blocked license lists.
- Move Dependencies: One-click movement between
dependenciesanddevDependencies.
- Scripts Explorer: dedicated view to list and run
package.jsonscripts with one click. - Script Debugging: Debug scripts directly from the VS Code UI.
- Multi-root Support: Seamlessly switch between active projects in a multi-root workspace via the status bar.
- Offline Mode: Work without internet access using cached metadata.
- Background Checks: Configurable background checks for updates and security vulnerabilities.
- Security Audit: Integrated vulnerability scanning using
npm auditlogic. - Deprecation Warnings: Visual indicators for deprecated packages.
- Smart Detection: Automatically detects package manager (
npm,yarn,pnpm,bun) usingpackage.json'spackageManagerfield or lockfiles (includingbun.lock). - Customizable: Configure update check intervals, notifications, and more.
- Debug Mode: Enable verbose logging to the VS Code output channel for troubleshooting.
- Open VSCode
- Go to Extensions view (
Ctrl+Shift+X) - Search for "NPM Package Manager"
- Click Install
The extension adds a "Dependency Manager & Scripts" view container to the Explorer sidebar.
Manage your dependencies:
- View all installed packages grouped by type.
- Identify updates (green arrow) and vulnerabilities (warning icon).
- Context menu actions to update, uninstall, move, or view on npmjs.com.
View and run scripts defined in your package.json:
- Click the play button to run a script in the integrated terminal.
- Right-click to debug a script.
All operations are available through the Command Palette (Ctrl+Shift+P):
NPM: Refresh Dependencies- Reload project dependenciesNPM: Install Package- Install a new package (interactive)NPM: Uninstall Package- Remove selected package(s)NPM: Update Package- Update selected package(s)NPM: Update All Packages- Update all packages in a projectNPM: Find Unused Dependencies- Scan for unused dependenciesNPM: View Dependency Graph- Open the dependency graph visualizationNPM: Check Conflicts- Check for dependency conflictsNPM: Check Licenses- Validate package licenses against policyNPM: Select Active Project- Switch the active project in a multi-root workspaceNPM: Move to Dependencies- Move package to production dependenciesNPM: Move to Dev Dependencies- Move package to dev dependenciesNPM: Open on npmjs.com- View package on npm registryNPM: Search Packages- Search npm registryNPM: Security Audit- Run security vulnerability scanNPM: Check for Updates- Manually check for updates
Ctrl+Shift+N(Windows/Linux) orCmd+Shift+N(Mac) - Install packageCtrl+Shift+R(Windows/Linux) orCmd+Shift+R(Mac) - Refresh dependencies
| Setting | Description | Default |
|---|---|---|
npmPackageManager.defaultPackageManager |
Package manager to use (auto, npm, yarn, pnpm, bun) | auto |
npmPackageManager.updateCheckInterval |
Minutes between automatic update checks (0 to disable) | 60 |
npmPackageManager.showUpdateNotifications |
Show notifications when package updates are available | true |
npmPackageManager.showSecurityNotifications |
Show notifications for security vulnerabilities | true |
npmPackageManager.showStatusBarItem |
Show package status in status bar | true |
npmPackageManager.offlineMode |
Enable offline mode (disable network requests) | false |
npmPackageManager.debug |
Enable debug logging to Output channel | false |
npmPackageManager.allowedLicenses |
List of allowed SPDX license identifiers | [] |
npmPackageManager.blockedLicenses |
List of blocked SPDX license identifiers | [] |
You can configure these settings in your .vscode/settings.json file.
{
"npmPackageManager.defaultPackageManager": "bun",
"npmPackageManager.allowedLicenses": ["MIT", "Apache-2.0"],
"npmPackageManager.blockedLicenses": ["GPL-3.0"]
}- Requires npm to be installed on your system
- Supports all npm commands (install, uninstall, update, etc.)
- Handles
package-lock.json
- Supports yarn v1, v2 (Berry), and v3
- Handles
yarn.lock - Supports Plug'n'Play (PnP)
- Supports pnpm package manager
- Handles
pnpm-lock.yaml - Supports workspaces
- Supports Bun package manager
- Handles
bun.lockb - Fast installation and execution
- Extension not detecting project: Ensure your project has a valid
package.jsonfile in the root directory. - Package manager not found: Make sure the selected package manager is installed globally or in your project.
- Slow performance: Try increasing the update check interval or disabling auto-updates.
- Lockfile issues: The extension will automatically detect and handle lockfile conflicts.
- Open Dev Tools (
Ctrl+Shift+I) to see error messages - Check the Output panel for extension logs
- Disable other extensions to rule out conflicts
Contributions are welcome! Please check our Contributing Guide for details.
MIT License - See LICENSE file for more information.
If you encounter any issues or have questions:
- Open an issue on our GitHub repository
- Join our community discussion on Discord
- Contact us via email
Thanks to all the contributors and users who have helped shape this extension!
See CHANGELOG.md for detailed release notes.