Interactive CLI tool for managing end-of-life of your npm packages. Like npm-check-updates but for sunsetting packages.
Maintainers accumulate packages over the years — experiments, old utilities, superseded libraries. "Just delete it" feels liberating but npm's ecosystem has rules and consequences:
- Unpublish is heavily restricted (72h window, download limits, no dependents)
- Deprecation is the recommended path but needs clear messaging
- Abandoned packages without proper EOL hurt the ecosystem
npm-sweep helps you clean up responsibly by showing what's possible, explaining the impact, and executing changes safely.
- Interactive TUI — Browse your packages with downloads, dependents, and status
- Multi-select & bulk actions — Select multiple packages and apply actions at once
- Action catalog — Deprecate, unpublish, tombstone, transfer ownership
- Impact explanations — Understand consequences before applying
- Direct execution — Select, confirm, execute, back to list
- Safety first — Confirmation prompts, policy checks, eligibility validation
- 2FA support — Automatic OTP via 1Password CLI or manual input
- Live refresh — Reload package data without restarting
npm install -g npm-sweepRequires Node.js >20.
# Start interactive TUI (default command)
npm-sweep
# Or scan your packages as a table
npm-sweep scanStart the interactive terminal UI. This is the default command.
npm-sweep # Start TUI
npm-sweep --enable-unpublish # Enable unpublish action (disabled by default)
npm-sweep --1password-item npmjs # Auto-fetch OTP from 1Password
npm-sweep --user other-user # Browse another user's packagesKeyboard shortcuts:
j/kor arrows — NavigateSpace— Toggle selectionEnter— View package detailsa— Choose action for selected package(s)s— Cycle sort column (name, date, downloads, dependents)o— Toggle sort orderr— Refresh package list from registry/— Filter by nameq— Quit
List all your npm packages with metadata.
npm-sweep scan # List your packages
npm-sweep scan --user other-user # List another user's packages
npm-sweep scan --scope @myorg # Filter by scope
npm-sweep scan --json # Output as JSON
npm-sweep scan --include-deprecatedMark packages as deprecated. Users see a warning on install.
npm warn deprecated my-package@1.0.0: This package is no longer maintained.
- Reversible: Yes (undeprecate)
- Impact: Low — existing installs unaffected
Remove packages from the registry permanently. Disabled by default, enable with --enable-unpublish.
- Reversible: No
- Restrictions:
- Within 72h: Allowed if no dependents
- After 72h: Only if <300 downloads/week, single owner, no dependents
- Impact: Critical — breaks dependent projects
npm-sweep checks eligibility automatically and shows why a package can or cannot be unpublished.
Publish a new major version that throws on import:
// Importing this package will throw:
Error: [TOMBSTONE] "my-package" is no longer maintained.- Reversible: Yes (publish a working version)
- Impact: High — breaks auto-updating projects, but auditable
Add or remove maintainers. Transfer to npm to fully hand off a package.
--registry <url> # Custom registry (default: https://registry.npmjs.org)
--otp <code> # One-time password for 2FA
--1password-item <name> # 1Password item name for automatic OTP
--debug # Enable debug outputimport { RegistryClient, deprecate, checkUnpublishEligibility } from 'npm-sweep';
const client = new RegistryClient();
// Deprecate a package
await deprecate(client, {
package: 'my-package',
range: '*',
message: 'Use alternative-package instead',
});
// Check if unpublish is allowed
const eligibility = await checkUnpublishEligibility(client, packageInfo);
if (eligibility.eligible) {
// Safe to unpublish
}- No token storage — Uses existing
npm loginsession orNPM_TOKENenv var - OTP support — Automatic via 1Password CLI or manual prompt
- Redacted logs — Tokens and emails are never logged
Contributions are welcome! Please read our Contributing Guide first.
# Setup
git clone https://github.com/sebastian-software/npm-sweep.git
cd npm-sweep
npm install
# Development
npm run dev # Watch mode
npm run test # Run tests
npm run lint # Lint code
npm run build # Build for production
Open Source at Sebastian Software
Copyright © 2026 Sebastian Software GmbH