Guide
SCPM is a package manager for Node.js projects. It uses a pnpm-style isolated
node_modules layout for fast, disk-efficient installs.
Existing projects keep their lockfile format. SCPM reads and writes
pnpm-lock.yaml, package-lock.json, npm-shrinkwrap.json, yarn.lock, and
bun.lock in place. New projects without a supported lockfile start with
scpm-lock.yaml.
Start here
- Installation shows the local source install path and release-channel scaffolds.
- For existing projects, see the pnpm, npm, yarn, or bun guide.
- Run scripts and binaries covers the normal
local workflow.
scpmr <script>,scpm test, andscpm exec <bin>install first when dependencies are stale;scpmx <pkg>handles one-off tools. - Install dependencies covers explicit install work: setup-only installs, CI mode, production installs, offline installs, and lockfile modes.
- Lifecycle scripts and Jailed builds cover dependency build approval, jailed execution, and package-specific jail permissions.
- Manage dependencies covers
add,remove,update,dedupe, andprune. - Workspaces covers
scpm-workspace.yaml, workspace linking, filters, recursive runs, catalogs, and deploys.
Package-manager model
The imported baseline follows Aube's package-manager architecture:
- A strict, isolated
node_moduleslayout. - A content-addressable global store.
- Workspace-aware installs and recursive commands.
workspace:,link:,file:, git, tarball URL, npm alias, and catalog dependency specifiers.- Root lifecycle scripts, with dependency lifecycle scripts gated by an explicit allowlist and optional jailed execution.
SCPM uses its own internal directory names: node_modules/.scpm/ for the
virtual store and $XDG_DATA_HOME/scpm/store/ for the global store. Existing
lockfiles are preserved in place; only projects with no supported lockfile start
with scpm-lock.yaml.
Reference sections
- CLI Reference is generated from the command parser.
- Settings Reference is generated from
settings.toml. - Benchmarks explains the imported performance measurements.