npm Registry

Access the npm public registry via the npm API. Search packages, inspect metadata and versions, review download statistics, and check security advisories and registry health.

This skill uses ClawLink for hosted connection flows and credentials so you do not need to configure npm API access yourself.

Setup in 3 Steps

How It Works

┌─────────────────┐     ┌──────────────┐     ┌──────────────────┐
│   OpenClaw      │────▶│   ClawLink   │────▶│   npm Registry    │
│   (User Chat)   │     │   (API Key)  │     │   (npmjs.com)    │
└─────────────────┘     └──────────────┘     └──────────────────┘
          │                       │                       │
          │  1. Install Plugin │                       │
          │  2. Pair Device      │                       │
          │  3. Connect npm       │                       │
          │ │  4. Secure Proxy      │
          │                       │  5. API Requests │
          │                       │                       │
          ▼                       ▼                       ▼
    ┌──────────┐           ┌──────────┐           ┌──────────┐
    │  SKILL   │           │ Dashboard│           │  npm │
    │  File    │           │ Auth     │           │ Registry │
    └──────────┘           └──────────┘           └──────────┘

Install

Install the verified ClawLink plugin from ClawHub. After the user confirms, complete the full setup so ClawLink tools are visible in the next OpenClaw chat.

openclaw plugins install clawhub:clawlink-plugin
openclaw config set tools.alsoAllow '["clawlink-plugin"]' --strict-json
openclaw gateway restart

Then tell the user: "OpenClaw has been restarted. Send /new as a standalone message to start a fresh chat, then ask for npm again."

Quick Start

# Search for packages
clawlink_call_tool --tool "npm_search_packages" --params '{"query": "express", "size": 10}'

# Get package metadata
clawlink_call_tool --tool "npm_get_package" --params '{"package_name": "express"}'

# Get download statistics
clawlink_call_tool --tool "npm_get_download_stats" --params '{"package_name": "lodash", "period": "last-month"}'

Authentication

All npm tool calls are authenticated automatically by ClawLink using the user's npm account.

No API key is required in chat. ClawLink handles authentication securely and injects it into every npm API request on the user's behalf.

Getting Connected

Install the ClawLink plugin (see Install above).
Pair the plugin with clawlink_begin_pairing if it is not configured yet.
Open https://claw-link.dev/dashboard?add=npm and connect npm.
Call clawlink_list_integrations to verify the connection is active.

Connection Management

List Connections

clawlink_list_integrations

Response: Returns all connected integrations. Look for npm in the list.

Verify Connection

clawlink_list_tools --integration npm

Response: Returns the live tool catalog for npm.

Reconnect

If npm tools are missing or the connection shows an error:

Direct the user to https://claw-link.dev/dashboard?add=npm
After they confirm, call clawlink_list_integrations to verify
Then call clawlink_list_tools --integration npm

Security & Permissions

Access is scoped to public and private package data within the connected npm account.
Write operations (token deletion, scope changes) require explicit user confirmation.
Read operations (search, metadata, downloads) are safe and do not modify any data.

Discovery Workflow

Call clawlink_list_integrations to confirm npm is connected.
Call clawlink_list_tools --integration npm to see the live catalog.
Treat the returned list as the source of truth. Do not guess or assume what tools exist.
If the user describes a capability but the exact tool is unclear, call clawlink_search_tools with a short query and integration npm.
If no npm tools appear, direct the user to https://claw-link.dev/dashboard?add=npm.

Execution Workflow

┌─────────────────────────────────────────────────────────────┐
│  READ OPERATIONS (Safe)                                     │
│  list → get → search → describe → call                      │
│                                                             │
│  Example: Search packages → Read metadata → Show results    │
└─────────────────────────────────────────────────────────────┘
                              │
                              ▼
┌─────────────────────────────────────────────────────────────┐
│  WRITE OPERATIONS (Require Confirmation)                     │
│  list → get → describe → preview → confirm → call           │
│                                                             │
│  Example: Describe tool → Preview changes → User approves   │
│           → Execute update                                  │
└─────────────────────────────────────────────────────────────┘

For unfamiliar tools, ambiguous requests, or any write action, call clawlink_describe_tool first.
Use the returned guidance, schema, whenToUse, askBefore, safeDefaults, examples, and followups to shape the call.
Prefer read, list, search, and get operations before writes when that reduces ambiguity.
For writes or anything marked as requiring confirmation, call clawlink_preview_tool first.
Execute with clawlink_call_tool. Pass confirmation only after the preview matches the user's intent.
If the tool call fails, report the real error. Do not invent results or restate the failure as a missing capability unless the live catalog supports that conclusion.

Code Examples

Search packages

clawlink_call_tool --tool "npm_search_packages" \
  --params '{
    "query": "react framework",
    "size": 20,
    "quality": 0.8,
    "popularity": 0.5
  }'

Get package details

clawlink_call_tool --tool "npm_get_package" \
  --params '{
    "package_name": "next",
    "version": "latest"
  }'

Get download counts

clawlink_call_tool --tool "npm_get_download_counts" \
  --params '{
    "package_name": "axios",
    "start": "2024-01-01",
    "end": "2024-01-31"
  }'

Check security advisories

clawlink_call_tool --tool "npm_get_advisories" \
  --params '{
    "package_name": "lodash"
  }'

Notes

npm Registry API has rate limits. Use exponential backoff when encountering 429 errors.
Some endpoints require authentication for private packages — public package data is available without connection.
Download statistics are available with a delay of up to 48 hours.
Package names must be lowercase and may include scoped packages (e.g., @org/package).

Error Handling

| Status / Error | Meaning | |----------------|---------| | Tool not found | The tool name does not exist in the current catalog. Verify with clawlink_list_tools --integration npm. | | Missing connection | npm is not connected. Direct the user to https://claw-link.dev/dashboard?add=npm. | | not_found | Package does not exist in the registry. Check the package name spelling. | | validation_error | Invalid parameter or missing required field. Review the tool schema with clawlink_describe_tool. | | Rate limited | Too many requests. Wait and retry with exponential backoff. | | Write rejected | User did not confirm a write action. Always confirm before executing writes. |

Troubleshooting: Tools Not Visible

Check that the ClawLink plugin is installed:
```
openclaw plugins list
```
If the plugin is installed but tools are missing, tell the user to send /new as a standalone message to reload the catalog.

If a fresh chat does not help, run:

openclaw config set tools.alsoAllow '["clawlink-plugin"]' --strict-json
openclaw gateway restart

After restart, tell the user to send /new again and retry.

Troubleshooting: Invalid Tool Call

Ensure the integration slug is exactly npm.
Use clawlink_describe_tool to verify parameter names and types before calling.
For write operations, always call clawlink_preview_tool first.

Resources

npm Documentation
npm Registry API
npm Security Advisories
ClawLink: https://claw-link.dev/?utm_source=clawhub&utm_medium=referral&utm_content=npm-registry
ClawLink Docs: https://docs.claw-link.dev/openclaw
ClawLink Verification: https://claw-link.dev/verify

Related Skills

GitHub Repos — For GitHub repository operations
npm — For this skill's native documentation