Description

The"scripts" property of yourpackage.json file supports a number of built-in scripts and their preset life cycle events as well as arbitrary scripts. These all can be executed by runningnpm run <stage> ornpm run <stage> for short.Pre andpost commands with matching names will be run for those as well (e.g.premyscript,myscript,postmyscript). Scripts from dependencies can be run withnpm explore <pkg> -- npm run <stage>.

Pre & Post Scripts

To create "pre" or "post" scripts for any scripts defined in the"scripts" section of thepackage.json, simply create another scriptwith a matching name and add "pre" or "post" to the beginning of them.

{
"scripts":{
"precompress":"{{ executes BEFORE the `compress` script }}",
"compress":"{{ run command to compress files }}",
"postcompress":"{{ executes AFTER `compress` script }}"
}
}

In this examplenpm run compress would execute these scripts as described.

Life Cycle Scripts

There are some special life cycle scripts that happen only in certain situations. These scripts happen in addition to thepre<event>,post<event>, and<event> scripts.

• prepare,prepublish,prepublishOnly,prepack,postpack,dependencies

prepare (sincenpm@4.0.0)

• Runs BEFORE the package is packed, i.e. duringnpm publish andnpm pack

• Runs on localnpm install without any arguments

• Runs AFTERprepublish, but BEFOREprepublishOnly

• Runs for a package if it's being installed as a link throughnpm install <folder>

• NOTE: If a package being installed through git contains aprepare script, itsdependencies anddevDependencies will be installed, and the prepare script will be run, before the package is packaged and installed.

• As ofnpm@7 these scripts run in the background. To see the output, run with:--foreground-scripts.

prepublish (DEPRECATED)

• Does not run duringnpm publish, but does run duringnpm ci andnpm install. See below for more info.

prepublishOnly

• Runs BEFORE the package is prepared and packed, ONLY onnpm publish.

prepack

• Runs BEFORE a tarball is packed (on "npm pack", "npm publish", and when installing a git dependency).
• NOTE: "npm run pack" is NOT the same as "npm pack". "npm run pack" is an arbitrary user defined script name, where as, "npm pack" is a CLI defined command.

postpack

• Runs AFTER the tarball has been generated but before it is moved to its final destination (if at all, publish does not save the tarball locally)

dependencies

• Runs AFTER any operations that modify thenode_modules directory IF changes occurred.
• Does NOT run in global mode

Prepare and Prepublish

Deprecation Note: prepublish

Sincenpm@1.1.71, the npm CLI has run theprepublish script for bothnpm publish andnpm install, because it's a convenient way to prepare a package for use (some common use cases are described in the section below). It has also turned out to be, in practice,very confusing. As ofnpm@4.0.0, a new event has been introduced,prepare, that preserves this existing behavior. Anew event,prepublishOnly has been added as a transitional strategy to allow users to avoid the confusing behavior of existing npm versions and only run onnpm publish (for instance, running the tests one last time to ensure they're in good shape).

Seehttps://github.com/npm/npm/issues/10074 for a much lengthier justification, with further reading, for this change.

Use Cases

If you need to perform operations on your package before it is used, in a way that is not dependent on the operating system or architecture of the target system, use aprepublish script. This includes tasks such as:

• Compiling CoffeeScript source code into JavaScript.
• Creating minified versions of JavaScript source code.
• Fetching remote resources that your package will use.

The advantage of doing these things atprepublish time is that they can be done once, in a single place, thus reducing complexity and variability. Additionally, this means that:

• You can depend oncoffee-script as adevDependency, and thus your users don't need to have it installed.
• You don't need to include minifiers in your package, reducing the size for your users.
• You don't need to rely on your users havingcurl orwget or other system tools on the target machines.

Dependencies

Thedependencies script is run any time annpm command causes changes to thenode_modules directory. It is run AFTER the changes have been applied and thepackage.json andpackage-lock.json files have been updated.

Life Cycle Operation Order

npm cache add

• prepare

npm ci

• preinstall
• install
• postinstall
• prepublish
• preprepare
• prepare
• postprepare

These all run after the actual installation of modules intonode_modules, in order, with no internal actions happening in between

npm diff

• prepare

npm install

These also run when you runnpm install -g <pkg-name>

• preinstall
• install
• postinstall
• prepublish
• preprepare
• prepare
• postprepare

If there is abinding.gyp file in the root of your package and you haven't defined your owninstall orpreinstall scripts, npm will default theinstall command to compile using node-gyp vianode-gyp rebuild

These are run from the scripts of<pkg-name>

npm pack

• prepack
• prepare
• postpack

npm publish

• prepublishOnly
• prepack
• prepare
• postpack
• publish
• postpublish

npm rebuild

• preinstall
• install
• postinstall
• prepare

prepare is only run if the current directory is a symlink (e.g. with linked packages)

npm restart

If there is arestart script defined, these events are run, otherwisestop andstart are both run if present, including theirpre andpost iterations)

• prerestart
• restart
• postrestart

npm run <user defined>

• pre<user-defined>
• <user-defined>
• post<user-defined>

npm start

• prestart
• start
• poststart

If there is aserver.js file in the root of your package, then npm will default thestart command tonode server.js.prestart andpoststart will still run in this case.

npm stop

• prestop
• stop
• poststop

npm test

• pretest
• test
• posttest

npm version

• preversion
• version
• postversion

A Note on a lack ofnpm uninstall scripts

While npm v6 haduninstall lifecycle scripts, npm v7 does not. Removal of a package can happen for a wide variety of reasons, and there's no clear way to currently give the script enough context to be useful.

Reasons for a package removal include:

• a user directly uninstalled this package
• a user uninstalled a dependant package and so this dependency is being uninstalled
• a user uninstalled a dependant package but another package also depends on this version
• this version has been merged as a duplicate with another version
• etc.

Due to the lack of necessary context,uninstall lifecycle scripts are not implemented and will not function.

Working Directory for Scripts

Scripts are always run from the root of the package folder, regardless of what the current working directory is whennpm is invoked. This means your scripts can reliably assume they are running in the package root.

If you want your script to behave differently based on the directory you were in when you rannpm, you can use theINIT_CWD environment variable, which holds the full path you were in when you rannpm run.

Historical Behavior in Older npm Versions

For npm v6 and earlier, scripts were generally run from the root of the package, but there were rare cases and bugs in older versions where this was not guaranteed. If your package must support very old npm versions, you may wish to add a safeguard in your scripts (for example, by checking process.cwd()).

For more details, see:

• npm v7 release notes
• Discussion about script working directory reliability in npm v6 and earlier

User

When npm is run as root, scripts are always run with the effective uid and gid of the working directory owner.

Environment

Package scripts run in an environment where many pieces of information are made available regarding the setup of npm and the current state of the process.

path

If you depend on modules that define executable scripts, like test suites, then those executables will be added to thePATH for executing the scripts. So, if your package.json has this:

{
"name":"foo",
"dependencies":{
"bar":"0.1.x"
},
"scripts":{
"start":"bar ./test"
}
}

then you could runnpm start to execute thebar script, which is exported into thenode_modules/.bin directory onnpm install.

package.json vars

The package.json fields are tacked onto thenpm_package_ prefix. So, for instance, if you had{"name":"foo", "version":"1.2.5"} in your package.json file, then your package scripts would have thenpm_package_name environment variable set to "foo", and thenpm_package_version set to "1.2.5". You can access these variables in your code withprocess.env.npm_package_name andprocess.env.npm_package_version, and so on for other fields.

Seepackage.json for more on package configs.

current lifecycle event

Lastly, thenpm_lifecycle_event environment variable is set to whichever stage of the cycle is being executed. So, you could have a single script used for different parts of the process which switches based on what's currently happening.

Objects are flattened following this format, so if you had{"scripts":{"install":"foo.js"}} in your package.json, then you'd see this in the script:

process.env.npm_package_scripts_install==="foo.js"

Examples

For example, if your package.json contains this:

{
"scripts":{
"install":"scripts/install.js",
"postinstall":"scripts/install.js"
}
}

thenscripts/install.js will be called for the install and post-install stages of the lifecycle. Sincescripts/install.js is running for two different phases, it would be wise in this case to look at thenpm_lifecycle_event environment variable.

If you want to run a make command, you can do so. This works just fine:

{
"scripts":{
"preinstall":"./configure",
"install":"make && make install",
"test":"make test"
}
}

Exiting

Scripts are run by passing the line as a script argument tosh.

If the script exits with a code other than 0, then this will abort the process.

Note that these script files don't have to be Node.js or even JavaScript programs. They just have to be some kind of executable file.

Best Practices

• Don't exit with a non-zero error code unless youreally mean it. If the failure is minor or only will prevent some optional features, then it's better to just print a warning and exit successfully.
• Try not to use scripts to do what npm can do for you. Read throughpackage.json to see all the things that you can specify and enable by simply describing your package appropriately. In general, this will lead to a more robust and consistent state.
• Inspect the env to determine where to put things. For instance, if thenpm_config_binroot environment variable is set to/home/user/bin, then don't try to install executables into/usr/local/bin. The user probably set it up that way for a reason.
• Don't prefix your script commands with "sudo". If root permissions are required for some reason, then it'll fail with that error, and the user will sudo the npm command in question.
• Don't useinstall. Use a.gyp file for compilation, andprepare for anything else. You should almost never have to explicitly set a preinstall or install script. If you are doing this, please consider if there is another option. The only valid use ofinstall orpreinstall scripts is for compilation which must be done on the target architecture.

See Also

• npm run
• package.json
• npm developers
• npm install

Edit this page on GitHub

7 contributorstarekwfa0110owlstronautmilaninfyrveerdjpg619ericmuttalukekarrys

Last edited bytarekwfa0110 onMay 21, 2025