LPM-cli
Packages

Packages

Install, publish, audit, and manage dependencies — plus the resolver, lockfile, store, and security model behind them.

LPM's package-management surface. The CLI commands are listed first; the deeper-dive concept pages explaining how the resolver, lockfile, store, save policy, and security gates fit together come below.

For an end-to-end walkthrough, see Publishing your first package or Migrating from npm.

Install + dependency management

lpm install

Install dependencies from package.json, or add new ones. The foundational command.

lpm add

Source delivery — copy a package's source into your project (any registry).

lpm remove

Reverse of lpm add — remove source-delivered files.

lpm uninstall

Remove from dependencies and node_modules.

lpm upgrade

Bump eligible LPM and npm deps to their latest matching range.

lpm outdated

Show dependencies with newer versions available.

Publish, search, discover

lpm publish

Publish to lpm.dev (or --npm / --github / --gitlab). Provenance, quality gates, secret scan.

lpm search

Search the lpm.dev registry.

lpm info

Metadata for npm, custom-registry, or lpm.dev packages.

lpm quality

Quality report for a package.

Security + trust

lpm audit

Vulnerability + behavioral audit. OSV + behavioral analysis tags.

lpm query

CSS-like selector queries on installed packages — precision gates for CI.

lpm approve-scripts

Approve packages blocked by the default-deny lifecycle script policy.

lpm trust

Manage trustedDependencies — list, diff, prune.

lpm rebuild

Run lifecycle scripts (the deferred step of install).

lpm patch

Local patches with integrity binding (patch-package style).

lpm sbom

Export CycloneDX or SPDX SBOMs from lpm.lock.

Migration + inspection

lpm migrate

Convert from npm / pnpm / yarn / bun. Backups + rollback.

lpm download

Download and extract a tarball with no install side-effects.

lpm resolve

Print a resolved dependency tree without installing.

Global + monetization

lpm global

Manage globally-installed CLIs under ~/.lpm/global/.

lpm pool

Pool revenue stats with per-package weighted downloads.

lpm cache

Ephemeral caches + reference-aware prune of the global store.

Specialized integrations

lpm swift-registry

Configure SPM to install LPM-hosted Swift packages (SE-0292).

lpm skills

Install, list, validate, or clean AI agent skills delivered as packages.

Features (concept pages)

Resolver

Greedy-fusion by default, with PubGrub as the documented opt-out.

Lockfile

Dual-format lockfile (lpm.lock TOML + lpm.lockb binary) and the install fast paths.

Content-addressable store

One on-disk copy per content hash; per-graph link entries; shared across projects.

Save policy

How version ranges land in package.json — caret default, explicit preservation, prerelease safety.

Security & audit

Defense in depth — script policy, behavioral analysis, OSV, provenance, typosquatting, triage gate.

Workspaces

Monorepo support — declaration, filter grammar, workspace:* protocol, catalogs, deploy.

npm compatibility

What works the same as npm, what's different, and what LPM adds.

Swift Package Registry (SE-0292)

The SE-0292 implementation — identity mapping, signing, trust model.

On this page

Install + dependency managementPublish, search, discoverSecurity + trustMigration + inspectionGlobal + monetizationSpecialized integrationsFeatures (concept pages)