blaze-install is a fast, modern, batteries-included package manager for Node.js. Parallel downloads, a global cache, workspaces, plugins, and a built-in doctor's diagnosis — all in one beautiful CLI.
Pick your favorite way to install blaze-install. Then
blaze install works wherever npm install
does — and a lot faster.
npm install -g blaze-install
pnpm add -g blaze-install
yarn global add blaze-install
git clone https://github.com/Nom-nom-hub/blaze-cli && cd blaze-cli && npm install -g
npx blaze-install
Built for modern Node.js projects and monorepos. Designed around the workflows you actually use every day.
Parallel downloads, metadata caching, deduplication, and a cross-project global store.
Built-in support for monorepos via the
workspaces field — fast, simple, and cross-platform.
blaze doctor
Diagnose and auto-repair missing node_modules, lockfile drift, and
broken symlinks. Run with --fix to repair.
Drop a JS file into plugins/ to hook install, update,
audit, clean, and more. 28+ plugins ship out of the box.
Install fully from cache with --offline, or warm the
cache with blaze prefetch for airplane-friendly CI.
Built-in blaze audit using the npm audit API, plus
blaze audit fix to repair vulnerable dependencies in
one step.
npm install with parallel downloads & the global cacheblaze watch
Start the watcher in your project root, then keep coding. Blaze
scans your files for require and
import statements and installs any missing packages
for you.
fs and path
blaze install, blaze add,
blaze update — all the commands you already know, with a
few new ones for the workflows that matter.
blaze install
Install every dependency from package.json using
blaze-lock.json. Honors workspaces,
automatically prunes the lockfile, and never installs Node core
modules as packages.
blaze install express --save
Add a package to your project and your lockfile in one step. Use
--save-dev for devDependencies, or
--production for clean prod installs.
blaze uninstall lodash && blaze update react
blaze uninstall removes the package, prunes the
lockfile, and rewrites package.json.
blaze update brings a package to the latest version
allowed by your semver range — also pruning the lockfile.
blaze doctor --fix
Diagnose missing or corrupt node_modules, lockfile &
package.json drift, and broken symlinks. With
--fix, Blaze repairs what it can automatically.
blaze graph > graph.mmd && npx @mermaid-js/mermaid-cli -i graph.mmd -o graph.svg
Output a Mermaid.js diagram of your dependency tree. Pipe it into
mermaid-cli to render an SVG, or paste it into any
Mermaid live editor.
blaze prefetch
Resolve and download every dependency (including workspace tarballs)
into the global cache. Run on a fast connection, then go fully
offline with blaze install --offline.
blaze audit && blaze audit fix
Built-in vulnerability scanning via the npm audit API, plus an
audit fix mode that bumps vulnerable dependencies to
safe versions inside your allowed semver range.
blaze fix
One unified command to keep a project healthy: runs ESLint and
Prettier (auto-fix), removes unused dependencies, updates outdated
ones, runs blaze doctor --fix, and applies
blaze audit fix.
blaze install apache-superset/superset-frontend#master
Install directly from a GitHub repo, a #branch,
#tag, or #commit-sha. Use a
.tar.gz URL for tarball installs. Private repos use
ssh-key auth or a GITHUB_TOKEN.
Drop a file into plugins/ and unlock hooks for every
major command. 28+ plugins ship with Blaze — covering security,
license, DX, and notifications.
Prints a summary after every audit, ready to be piped into a webhook or Slack channel.
Auto-files a GitHub issue or sends email when a critical CVE is detected.
Cross-references installed packages against open GitHub security advisories.
Flags any installed package whose license isn't on your allow-list.
Warns when more than one major version of a package is hoisted into node_modules.
Detects packages in package.json that nothing imports — and suggests removing them.
Blocks a commit when dependencies are outdated or missing.
Auto-installs any missing peer dependencies after install or update.
Runs tsc --noEmit after install/update to catch type drift immediately.
Runs ESLint and Prettier after install/update. Wire to --fix for auto-format.
Reports how long each package took to install, so you can spot the slow ones fast.
Scores every package on maintenance, popularity, and security — surface risk early.
And 16 more — license checkers, social notifiers, mirror switchers, changelog fetchers, and more. Browse the full list on GitHub →
An honest, sourced comparison vs the four package managers you're probably using today.
| Dimension | blaze-install | npm | pnpm | yarn | bun |
|---|---|---|---|---|---|
| Speed | Parallel + global cache; 2–10× faster than npm | Sequential, slower in monorepos | Fast via symlinked store | Fast, less aggressive cache | Fastest, native engine |
| Lockfile cleanliness | Auto-pruned after every install/update/uninstall | Can accumulate stale entries | Pruned but easy to bloat | Pruned but easy to bloat | Pruned, less mature |
| Workspaces / monorepo | Built-in, fast, no config | Supported, slower at scale | Best-in-class | Strong, well-known | Basic |
| Self-healing | blaze doctor --fix auto-repairs |
No equivalent | No equivalent | No equivalent | No equivalent |
| Offline mode | First-class, with prefetch |
Limited | Yes | Yes | Yes |
| Plugin system | 28+ official plugins, drop-in | None | Hooks (limited) | Plugins (limited) | None |
| Dependency graph | blaze graph outputs Mermaid.js |
None | None | None | None |
| Audit & auto-fix | Built-in, single command | Built-in | Built-in | Built-in | Basic |
| Peer deps handling | Clear warnings + auto-install prompt | Sometimes cryptic | Clear | Sometimes cryptic | Basic |
| Config | .blazerc + .npmrc |
.npmrc |
.npmrc + .pnpmfile.cjs |
.yarnrc |
bunfig.toml |
| License | ISC, open source | Artistic 2.0 | MIT | BSD | MIT |