What is the meaning of the "at" (@) prefix on npm packages?

This is a new feature of NPM called 'scoped packages', which effectively allow NPM packages to be namespaced. Every user and organization on NPM has their own scope, and they are the only people who can add packages to it.

This is useful for several reasons:

  • It allows organizations to make it clear which packages are 'official' and which ones are not.
    • For example, if a package has the scope @angular, you know it was published by the Angular core team.
  • The package name only has to be unique to the scope it is published in, not the entire registry.
    • For example, the package name http is already taken in the main repository, but Angular is able to have @angular/http as well.

The reason that scoped packages don't show up in public search is because a lot of them are private packages created by organizations using NPM's paid services, and they're not comfortable opening the search up until they can be totally certain they're not going to make anything public that shouldn't be public - from a legal perspective, this is pretty understandable.

For more information, see the NPM docs and the Angular docs.

EDIT: It appears that public scoped packages now show up properly in search!


@ has different means according to its place where it is in the npm package name.

A package is:

  1. A folder containing a program described by a package.json file.
  2. A gzipped tarball containing (1).
  3. A url that resolves to (2).
  4. A <name>@<version> that is published on the registry with (3).
  5. A <name>@<tag> that points to (4).
  6. A <name> that has a “latest” tag satisfying (5).
  7. A <git remote url> that resolves to (1).

npm install [<@scope>/]<name>

<scope> is optional. The package will be downloaded from the registry associated with the specified scope. If no registry is associated with the given scope the default registry is assumed.

Note: if you do not include the @-symbol on your scope name, npm will interpret this as a GitHub repository instead, see below. Scopes names must also be followed by a slash.

npm install [<@scope>/]<name>@<tag>

Install the version of the package that is referenced by the specified tag. If the tag does not exist in the registry data for that package, then this will fail.

Example:

npm install packagename@latest
npm install @myorg/mypackage@latest

npm install [<@scope>/]<name>@<version>

Install the specified version of the package. This will fail if the version has not been published to the registry.

Example:

npm install [email protected]
npm install @myorg/[email protected]

npm install [<@scope>/]<name>@<version range>

Install a version of the package matching the specified version range.

Example:

npm install packagename@">=0.1.0 <0.2.0"
npm install @myorg/privatepackage@">=0.1.0 <0.2.0"

Basically there are two types of modules on npm, they are -

  • Global modules - these are modules that follow the naming convention that exists today. You require('foo') and there is much rejoicing. They are owned by one or more people through the npm install XYZ command.

  • Scoped modules - these are new modules that are "scoped" under an organization name that begins with an @ the organisation's name, a slash and finally the package name, e.g. @someOrgScope/packagename. Scopes are a way of grouping related packages together, and also affect a few things about the way npm treats the package.

A scoped package is installed by referencing it by name, preceded by an @-symbol, in npm install:

npm install @myorg/mypackage

see also

  • http://blog.nodejitsu.com/a-summary-of-scoped-modules-in-npm/

  • https://docs.npmjs.com/misc/scope