Skip to main content

Software Heritage loader for npm packages

Project description


Software Heritage loader to ingest npm packages into the archive.

What does the loader do?

The npm loader visits and loads a npm package [1].

Each visit will result in:

  • 1 snapshot (which targets n revisions ; 1 per package release version)
  • 1 revision (which targets 1 directory ; the package release version uncompressed)


First visit

Given a npm package (origin), the loader, for the first visit:

  • retrieves information for the given package (notably released versions)
  • then for each associated released version:
    • retrieves the associated tarball (with checks)
    • uncompresses locally the archive
    • computes the hashes of the uncompressed directory
    • then creates a revision (using package.json metadata file) targeting such directory
  • finally, creates a snapshot targeting all seen revisions (uncompressed npm package released versions and metadata).

Next visit

The loader starts by checking if something changed since the last visit. If nothing changed, the visit's snapshot is left unchanged. The new visit targets the same snapshot.

If something changed, the already seen package release versions are skipped. Only the new ones are loaded. In the end, the loader creates a new snapshot based on the previous one. Thus, the new snapshot targets both the old and new package release versions.


Configuration file



  • /etc/softwareheritage/loader/npm.yml
  • ~/.config/swh/loader/npm.yml

Configuration sample

  cls: remote
    url: http://localhost:5002/

debug: false

Local run

The built-in command-line will run the loader for a specified npm package.

For instance, to load jquery:

$ python3 -m swh.loader.npm.loader jquery

If you need more control, you can use the loader directly. It expects three arguments:

  • package_name (required): a npm package name
  • package_url (optional): URL of the npm package description (human-readable html page) that will be used as the associated origin URL in the archive
  • project_metadata_url (optional): URL of the npm package metadata information (machine-parsable JSON document)
import logging

from urllib.parse import quote

from swh.loader.npm.loader import NpmLoader



                 '' % package_name,
                 '' % quote(package_name, safe=''))

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swh.loader.npm-0.0.7.tar.gz (164.5 kB view hashes)

Uploaded source

Built Distribution

swh.loader.npm-0.0.7-py3-none-any.whl (185.3 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page