Glossary

A reference for terms that mean something specific in LPM-land. Sorted alphabetically.

Add (vs. install)

lpm add is source delivery — copies a package's source files into your project, like shadcn-ui. lpm install is runtime dependency — resolves and links into node_modules/. Not aliases. See lpm add and lpm install.

Auto-build

The signal that triggers the rebuild step for trusted packages immediately after install completes. Sources: lpm install --auto-build (works on both project and -g installs), lpm install --yolo / --policy=allow (auto-triggers under the allow policy), or — project only — package.json > lpm > scripts.autoBuild = true. If a trusted lifecycle script fails, install exits non-zero. Globals don't read per-project script knobs from package.json, so triage with mixed-trust trees on -g requires the explicit --auto-build flag.

Behavioral tag

A static-analysis flag attached to an installed package by lpm audit and queryable via lpm query. Examples: :eval, :network, :fs, :shell, :child-process, :obfuscated. Used to make security gates more precise than blanket version pinning.

Capability

A widening request a package's lifecycle scripts can declare in lpm.scripts.{passEnv, readProject, sandboxLimits}. Beyond the user's defaults, it requires explicit approval through lpm approve-scripts — the system never silently grants elevated capabilities.

Cold install

An install where neither node_modules nor the global store has the dep tree yet — everything is downloaded from the registry. Reported in benchmarks as the slowest steady-state path.

Config-aware package

A package whose tarball ships an lpm.config.json at the root. lpm add treats it as a configurable installer (interactive prompts, conditional file copy, conditional dep injection). Without lpm.config.json it's a plain source copy.

Distribution mode

A per-package opt-in for how the package is sold or shared on lpm.dev: private (default), pool, or marketplace. Orthogonal to package type (normal / source / Swift). All lpm.dev packages start private.

Greedy-fusion (resolver)

The default resolver. Streams metadata fetches into the dispatcher. Faster than the legacy PubGrub-with-split-retry resolver; opt out with LPM_RESOLVER=pubgrub.

Hoisted layout

npm-style flat node_modules/. Starting default for single-package projects. Workspaces auto-default to isolated, and default installs with incompatible peer requirements auto-switch to isolated; override per-invocation with lpm install --linker=hoisted, per-user with ~/.lpm/config.toml > linker, or per-project with package.json > lpm > linker.

Integrity

The SRI hash (sha512-…) recorded in the lockfile against each resolved package. Verified on every install. Drift is a hard error.

Isolated layout

pnpm-style strict node_modules — each package gets exactly the deps it declared, no phantom-dependency access. Project node_modules/<pkg> is a symlink into the global content-addressable store. Default for workspaces (when LPM detects a package.json > workspaces glob or a pnpm-workspace.yaml) and for default installs where resolution detects incompatible peer requirements; otherwise single-package projects start hoisted.

Lockfile

lpm.lock (TOML, git-diffable) + lpm.lockb (binary, mmap). Both written together, both committed. The TOML lockfile is the canonical source; the binary is a read accelerator. See Lockfile format and Lockb format.

lpm.dev

The LPM monetization registry. Hosts private, pool, and marketplace packages under the @lpm.dev/ scope. The CLI is registry-agnostic — lpm.dev is one of several registries it can talk to. See Registries.

Marketplace package

A distribution mode where installs require a license purchase. Per-package opt-in.

MCP

Model Context Protocol. LPM ships an MCP server that AI editors can wire up via lpm mcp setup.

Minimum release age

Cooldown (default 24h) before a freshly published version is installable. Defends against version-pinning supply-chain attacks. Tunable via lpm install --min-release-age (works on both project and -g), package.json > lpm > minimumReleaseAge (project only), or ~/.lpm/config.toml > minimum-release-age-secs (machine-wide, applies to project and -g). Bypass per-invocation with --allow-new.

npm-alias dep

A dep declared like "my-react": "npm:react@^19.0.0". Local name (my-react) diverges from the canonical target (react). Tracked in lockfiles via alias-dependencies and root-aliases. Disables the binary lockfile (TOML-only).

Plugin

A versioned, lazy-downloaded binary that backs one of LPM's built-in tools — today, Oxlint (powers lpm lint) and Biome (powers lpm fmt). First use downloads + checksum-verifies the asset into ~/.lpm/cache/plugins/; the same machine reuses the cached copy across projects. Pin versions per-project in lpm.json > tools; manage installed plugins with lpm plugin (list, update, clean). Tools that aren't plugin-backed (e.g., tsc via lpm check) shell out to the project-local install instead.

Pool package

A distribution mode where the package's metadata is public but installs are gated to pool subscribers. Publisher earns a share of the pool's revenue. Per-package opt-in.

Provenance

Sigstore-signed attestation that proves which CI workflow built a tarball and which commit it came from. Generated at publish time with lpm publish --provenance. Verified at install / audit time.

Provenance drift

A change in a package's publisher identity between a prior approval and a candidate version. LPM blocks installs on drift on both project and -g paths; opt out per-package via lpm install --ignore-provenance-drift <pkg> or fully via --ignore-provenance-drift-all. The reference snapshot is captured into the trust binding's provenanceAtApproval field at lpm approve-scripts time (or --global time for the global trust file).

Quality score

Per-package score (0–100) computed from readme / license / types / tests / maintenance signals. Run lpm quality to view; gate publishing with lpm publish --min-score N.

Rebuild

The lifecycle-script step of the install pipeline. The executed phases are preinstall, install, postinstall (in that order); prepare and prepublishOnly are recognized for detection but never executed. Default-deny: scripts don't run during lpm install (or lpm install -g) and require approval via lpm approve-scripts (project) / lpm approve-scripts --global (global) or a non-default script policy. The standalone lpm rebuild command targets the project; a lpm rebuild --global companion is a planned follow-up — until then, reinstalling the affected global is the post-approval rerun path.

Sandbox

The OS-level containment LPM runs lifecycle scripts inside: Seatbelt on macOS, landlock on Linux, AppContainer on Windows. Three modes: default (filesystem containment + env scrubbing; outbound network allowed), strict (also denies outbound network), none (no containment; full host access including credential env). Set per-invocation with lpm install --strict-sandbox / --paranoid (alias) / --no-sandbox; persistently with [sandbox] mode in ~/.lpm/config.toml (or LPM_STRICT_SANDBOX=1 for strict). Setup wizard: lpm config sandbox. Packages can request capability widening (extra write roots, env vars) via the lpm.scripts block in package.json, but widening requires explicit approval through lpm approve-scripts.

Save policy

The rule that decides what range gets saved to package.json when lpm install <pkg> finishes. Defaults to ^resolvedVersion. See Save policy.

Script policy

deny (default) / allow / triage. Governs whether and how lifecycle scripts run on both lpm install and lpm install -g. Set per-invocation with --policy / --yolo / --triage, per-project with package.json > lpm > scriptPolicy (project installs only), per-user with ~/.lpm/config.toml > script-policy (applies to both project and -g). On -g the project-config tier is N/A; the chain collapses to CLI flag > ~/.lpm/config.toml > default. Setup wizard: lpm config scripts.

Skill (agent skill)

A markdown file authored by a package maintainer to teach an AI agent how to use the package — usage examples, gotchas, integration steps. Skills ship inside the published tarball and extract into .lpm/skills/<package>/*.md on consumer machines. Auto-installed by lpm install and lpm add (skip with --no-skills); manage explicitly with lpm skills. lpm.dev-only today — non-lpm.dev packages skip skill installation. Publish-time rules: ≥100 chars, ≤15 KB per skill, ≤100 KB total, required YAML frontmatter. See AI agent skills for the full concept page.

Triage advisor

none (default) / claude-cli / codex / ollama. Optional LLM advisor for the triage gate — only active when script policy is triage. Set per-project with package.json > lpm > triageAdvisor, per-user with ~/.lpm/config.toml > triage-advisor. Independent of script policy. Approvals are ephemeral — never written to disk — so a second install invokes the advisor again. Setup wizard: lpm config triage.

Source package

A package whose tarball ships an lpm.config.json at the root — lpm add treats it as a configurable installer. Status is content-based (the file's presence), not naming or registry.

Store

The global content-addressable package store at ~/.lpm/store/v2/. One on-disk copy per content hash (objects/), shared across every project on the machine via per-graph link entries (links/). Project node_modules/<pkg> is a symlink into the matching link entry; the link entries themselves materialize from objects via clonefile (macOS) or hardlinks (Linux). Maintained by lpm store; see Content-addressable store for the full mechanism.

Trusted dependency

A package on a trust allowlist that's permitted to run lifecycle scripts under scriptPolicy: "deny". Project trust lives in package.json > lpm > trustedDependencies (legacy array of names, or rich map bound to integrity + script hash). Global trust lives in ~/.lpm/global/trusted-dependencies.json (rich map only, with an extra provenanceAtApproval snapshot used by the install-time drift gate). The two stores are independent — lpm approve-scripts writes the former, lpm approve-scripts --global writes the latter.