Overview Version History Q & A Rating & Review
npmx VS Code
[!NOTE]
🚧 Preview Version - This extension is under active development. Some features and configurations may change.
Installation
Features
Hover Information – Quick links to package details and documentation on npmx.dev , with provenance verification status.Version Completion – Autocomplete package versions with provenance filtering and prerelease exclusion support.Workspace-Aware Resolution – Dependencies in package.json, pnpm-workspace.yaml, and .yarnrc.yml are resolved from a shared workspace context, including catalogs and workspace references.Diagnostics
Deprecated package warnings with deprecation messages
Package replacement suggestions (via module-replacements )
Vulnerability detection powered by the OSV database, with severity levels (critical, high, moderate, low)
Dist tag warnings when a dependency uses a mutable version tag instead of a pinned version
Engine mismatch warnings when dependency engine requirements conflict with the current package
Upgrade hints when a newer version is available
Catalog Resolution – Inline decoration showing the resolved version spec for catalog dependencies in package.json.Code Actions
Quick fix actions for diagnostics with ignore list support (workspace or user settings)
Commands
Open npmx.dev in external browser
Open node_modules files on npmx.dev code viewer with syntax highlighting (from editor title, editor context menu, explorer context menu, or command palette)
Commands
Command
Title
npmx.openInBrowsernpmx: Open npmx.dev in external browser
npmx.openFileInNpmxnpmx: Open file on npmx.dev
Configuration
Key
Description
Type
Default
npmx.hover.enabledEnable hover information for packages
booleantrue
npmx.completion.versionVersion completion behavior
string"provenance-only"
npmx.completion.excludePrereleaseExclude prerelease versions (alpha, beta, rc, canary, etc.) from completion suggestions
booleantrue
npmx.diagnostics.upgradeShow hints when a newer version of a package is available
booleantrue
npmx.diagnostics.deprecationShow warnings for deprecated packages
booleantrue
npmx.diagnostics.replacementShow suggestions for package replacements
booleantrue
npmx.diagnostics.vulnerabilityShow warnings for packages with known vulnerabilities
booleantrue
npmx.diagnostics.distTagShow warnings when a dependency uses a dist tag
booleantrue
npmx.diagnostics.engineMismatchShow warnings when dependency engines mismatch with the current package
booleantrue
npmx.packageLinksEnable clickable links for package names
string"declared"
npmx.ignore.upgradeIgnore list for upgrade diagnostics ("name" or "name@version"). See Ignore Diagnostics
array[]
npmx.ignore.deprecationIgnore list for deprecation diagnostics ("name" or "name@version"). See Ignore Diagnostics
array[]
npmx.ignore.replacementIgnore list for replacement diagnostics ("name" only). See Ignore Diagnostics
array[]
npmx.ignore.vulnerabilityIgnore list for vulnerability diagnostics ("name" or "name@version"). See Ignore Diagnostics
array[]
Ignore Diagnostics
npmx supports ignore lists for selected diagnostics.
Matching rules:
npmx.ignore.upgrade, npmx.ignore.deprecation, and npmx.ignore.vulnerability support name and name@version.npmx.ignore.replacement supports name only.
When a diagnostic supports ignore actions, quick fixes can add entries directly:
Ignore ... (Workspace) updates workspace settings.Ignore ... (User) updates user settings.
Example
{
"npmx.ignore.upgrade": ["lodash", "@babel/core@7.0.0"],
"npmx.ignore.deprecation": ["request"],
"npmx.ignore.replacement": ["find-up"],
"npmx.ignore.vulnerability": ["express@4.18.0"]
}
Contributing
Contributions are welcome! Please review our contribution guide for more details.
License
MIT License © 2026-PRESENT Vida Xie
