Skip to main content

Software Heritage loader for npm packages

Project description


Software Heritage loader to ingest npm packages into the archive.

What does the loader do?

The npm loader visits and loads a npm package [1].

Each visit will result in:

  • 1 snapshot (which targets n revisions ; 1 per package release version)
  • 1 revision (which targets 1 directory ; the package release version uncompressed)


First visit

Given a npm package (origin), the loader, for the first visit:

  • retrieves information for the given package (notably released versions)
  • then for each associated released version:
    • retrieves the associated tarball (with checks)
    • uncompresses locally the archive
    • computes the hashes of the uncompressed directory
    • then creates a revision (using package.json metadata file) targeting such directory
  • finally, creates a snapshot targeting all seen revisions (uncompressed npm package released versions and metadata).

Next visit

The loader starts by checking if something changed since the last visit. If nothing changed, the visit's snapshot is left unchanged. The new visit targets the same snapshot.

If something changed, the already seen package release versions are skipped. Only the new ones are loaded. In the end, the loader creates a new snapshot based on the previous one. Thus, the new snapshot targets both the old and new package release versions.


Configuration file



  • /etc/softwareheritage/loader/npm.yml
  • ~/.config/swh/loader/npm.yml

Configuration sample

  cls: remote
    url: http://localhost:5002/

debug: false

Local run

The built-in command-line will run the loader for a specified npm package.

For instance, to load jquery:

$ python3 -m swh.loader.npm.loader jquery

If you need more control, you can use the loader directly. It expects three arguments:

  • package_name (required): a npm package name
  • package_url (optional): URL of the npm package description (human-readable html page) that will be used as the associated origin URL in the archive
  • project_metadata_url (optional): URL of the npm package metadata information (machine-parsable JSON document)
import logging

from urllib.parse import quote

from swh.loader.npm.loader import NpmLoader



                 '' % package_name,
                 '' % quote(package_name, safe=''))

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for swh.loader.npm, version 0.0.7
Filename, size File type Python version Upload date Hashes
Filename, size swh.loader.npm-0.0.7-py3-none-any.whl (185.3 kB) File type Wheel Python version py3 Upload date Hashes View hashes
Filename, size swh.loader.npm-0.0.7.tar.gz (164.5 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page