Manage dependencies

Use add, remove, update, dedupe, and prune to change a project's dependency graph.

Add

scpm add react
scpm add -D vitest
scpm add -O fsevents
scpm add -E typescript
scpm add --save-peer react
scpm add -g cowsay

add writes to the correct dependency section, updates the lockfile, fetches packages into the store, and relinks node_modules.

Dependency specifiers can use npm aliases, ranges, dist-tags, workspace protocols, JSR packages, local directories, tarballs, git URLs, and direct tarball URLs:

scpm add react@latest
scpm add alias-name@npm:actual-name@^1
scpm add jsr:@std/collections@^1.0.0
scpm add workspace:*
scpm add file:../local-package
scpm add link:../linked-package
scpm add https://registry.example.test/pkg/-/pkg-1.0.0.tgz

jsr:@scope/name specifiers resolve against JSR's npm-compat endpoint at https://npm.jsr.io. scpm registers the @jsr scope for you, so no .npmrc setup is needed — the install fetches the package under its compat name (@jsr/<scope>__<name>) and writes jsr:<range> back to package.json.

Remove

scpm remove react
scpm remove -g cowsay

remove updates the manifest and relinks the install.

Update

scpm update
scpm update react
scpm update --latest react

--latest updates past the current manifest range and rewrites the manifest specifier to the resolved version.

Dedupe

scpm dedupe
scpm dedupe --check

dedupe re-resolves the lockfile to collapse duplicate versions where ranges allow it. --check exits non-zero when the lockfile would change.

Prune

scpm prune
scpm prune --prod
scpm prune --no-optional

prune removes extraneous packages from node_modules, including stale virtual-store entries and dangling .bin links.

It reads the lockfile to decide what should remain installed, but it does not modify package.json or the lockfile. Use scpm store prune instead when you want to clean unreferenced files from the global store printed by scpm store path.