{"id":13439,"library":"libnpmorg","title":"Programmatic npm Organization API","description":"libnpmorg is a Node.js library that provides a programmatic interface for interacting with the npm Org membership API. It allows developers to manage organization members, roles, and rosters directly from their applications, mirroring the functionality of `npm org` commands. The current stable version is 8.0.1, though the package is part of the larger npm CLI monorepo and receives updates frequently, often alongside npm CLI releases, as seen by recent activity up to `v11.12.1` of the CLI. Key differentiators include its direct integration with `npm-registry-fetch` for consistent registry interaction and its focus on a specific, well-defined subset of npm's functionality related to organizations. It is primarily used within the npm CLI itself but is exposed for third-party tools needing fine-grained control over npm organization management.","status":"active","version":"8.0.1","language":"javascript","source_language":"en","source_url":"https://github.com/npm/cli","tags":["javascript","libnpm","npm","package manager","api","orgs","teams"],"install":[{"cmd":"npm install libnpmorg","lang":"bash","label":"npm"},{"cmd":"yarn add libnpmorg","lang":"bash","label":"yarn"},{"cmd":"pnpm add libnpmorg","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Used internally for all network requests to the npm registry.","package":"npm-registry-fetch","optional":false}],"imports":[{"note":"The README examples show `require`, but ESM `import` is the modern approach. `libnpmorg` exports named functions.","wrong":"const { set } = require('libnpmorg')","symbol":"set","correct":"import { set } from 'libnpmorg'"},{"note":"The library exports individual functions, not a default object. Destructuring is required.","wrong":"import org from 'libnpmorg'; org.ls(...)","symbol":"ls","correct":"import { ls } from 'libnpmorg'"},{"note":"`stream` is a property of the `ls` function, not a top-level export.","wrong":"import { lsStream } from 'libnpmorg'","symbol":"ls.stream","correct":"import { ls } from 'libnpmorg'; const stream = ls.stream(...)"}],"quickstart":{"code":"import { ls, set, rm } from 'libnpmorg';\n\nconst ORG_NAME = 'my-test-org'; // Replace with a real org name or test org\nconst USER_NAME = 'testuser'; // Replace with a real username\nconst AUTH_TOKEN = process.env.NPM_TOKEN ?? ''; // Ensure you have an npm automation token\n\nasync function manageOrgMembership() {\n if (!AUTH_TOKEN) {\n console.error('NPM_TOKEN environment variable is not set. Cannot perform authenticated operations.');\n return;\n }\n\n try {\n console.log(`Listing members of ${ORG_NAME}...`);\n const roster = await ls(ORG_NAME, { token: AUTH_TOKEN });\n console.log('Current Roster:', roster);\n\n console.log(`Adding ${USER_NAME} to ${ORG_NAME} as developer...`);\n const newMembership = await set(ORG_NAME, USER_NAME, 'developer', { token: AUTH_TOKEN });\n console.log('New Membership:', newMembership);\n\n console.log(`Roster after adding ${USER_NAME}:`);\n console.log(await ls(ORG_NAME, { token: AUTH_TOKEN }));\n\n console.log(`Removing ${USER_NAME} from ${ORG_NAME}...`);\n await rm(ORG_NAME, USER_NAME, { token: AUTH_TOKEN });\n console.log(`${USER_NAME} removed.`);\n\n console.log(`Roster after removing ${USER_NAME}:`);\n console.log(await ls(ORG_NAME, { token: AUTH_TOKEN }));\n\n } catch (error) {\n console.error('An error occurred:', error.message);\n if (error.code === 'EOTP') {\n console.error('This operation requires an OTP token. Please retry with `{otp: }`.');\n }\n }\n}\n\nmanageOrgMembership();","lang":"javascript","description":"This example demonstrates how to list, add, and remove members from an npm organization using `libnpmorg` functions, including handling authentication."},"warnings":[{"fix":"Upgrade your Node.js environment to a compatible version (e.g., Node.js 20.17.0 or newer).","message":"libnpmorg has a strong dependency on recent Node.js versions. As of `v8.0.1`, it requires Node.js `^20.17.0 || >=22.9.0`. Older Node.js versions will not be supported.","severity":"breaking","affected_versions":">=8.0.0"},{"fix":"Pass `{ token: 'your_auth_token' }` in the `opts` object for each call, or ensure npm is configured with a valid token for the registry.","message":"Authentication is mandatory for most `libnpmorg` operations. A `token` option must be provided, or npm's configured credentials must be available through `npm-registry-fetch`'s default behavior.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Catch errors and if `err.code === 'EOTP'`, retry the request with `{ otp: 'your_2fa_code' }` included in the options.","message":"Two-factor authentication (2FA) operations, such as changing roles or removing members, might require an OTP token. The library will throw an `EOTP` error if one is needed.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-19T00:00:00.000Z","next_check":"2026-07-18T00:00:00.000Z","problems":[{"fix":"Ensure `opts.token` is provided with a valid npm automation token, or run `npm login` in your environment.","cause":"Attempting to perform an authenticated operation without providing a valid authentication token or without being logged in via npm CLI.","error":"Error: ENEEDAUTH npm-registry-fetch No auth for the current registry and scope."},{"fix":"Retry the operation, including `{ otp: 'your_6_digit_otp' }` in the options object.","cause":"An operation (e.g., `set` or `rm`) was attempted on an organization or user that requires 2FA, but no OTP was supplied.","error":"Error: EOTP This command requires a one-time password."},{"fix":"Change `import org from 'libnpmorg'` to `import { set, ls, rm } from 'libnpmorg'`.","cause":"Attempting to call `org.set` (or `org.ls`, `org.rm`) after importing `libnpmorg` as a default import instead of using named imports/destructuring.","error":"TypeError: org.set is not a function"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null,"pypi_latest":null,"cli_name":"","cli_version":null}