Embed any package, scope or author handle. Weekly downloads, version history and install snippets ship in under 90 seconds. No tokens needed for public packages.
Trusted by 11,000+ JavaScript authors and dev-tool teams
Live demo, not a screenshot. Type a package name or npm handle, pick a layout, and ship the same widget to your project site.
From npm to your site
Poper crawls the official npm review feed for your business and renders it inline on your website. Same reviews, your branding, your domain.
Poper widget liveMockups for illustration. Pull your real npm Feed Widget: Embed Packages, Weekly Downloads and Versions on Any Site from npm and embed in 90 seconds.
How to use it
Three steps. Under two minutes. Public packages work without a token.
Type a package name (including scoped names like @your-org/cli), an author handle, or a list of packages. Poper instantly previews live weekly downloads, the latest version, and the dependents count from the npm Registry API.
Choose Package Card, Author Grid, Download Sparkline, Version Timeline, Dependents Block or Install Snippet. Theme colors, fonts and badge styles to match your docs site, framework page or personal portfolio exactly.
Paste the one-line script tag into your project site, docs page or company landing. Works on Next.js, Astro, Docusaurus, Nextra, VuePress, Hugo, Webflow, Framer, WordPress, Ghost and any HTML stack.
Works everywhere
Drop-in install on WordPress, Shopify, Wix, Squarespace, Webflow, Framer, Ghost, and any HTML-friendly stack. No build step, no developer needed.
Plus 250+ other platforms via the embed snippet. If your site can render a <script> tag, it can render the npm Feed Widget: Embed Packages, Weekly Downloads and Versions on Any Site.
Six things that matter when you embed npm on a JavaScript project landing, not 30 features no one uses.
Pulls live from the npm Registry API at registry.npmjs.org and the official downloads endpoint at api.npmjs.org/downloads. Weekly and monthly downloads, dist-tags, semver version history and dependents count flow into a single themable card that updates on its own. No shield URLs to babysit, no redeploys when you ship.
Render a tiny in-card sparkline of the last 30 days of weekly downloads next to your install command. Hockey-stick growth becomes the proof point your CTA was missing. Powered by api.npmjs.org/downloads/range and recolorable to match your brand palette.
Mirror every package published under an npm handle or scope, with description, weekly downloads, latest version and license. Perfect for personal portfolios.
One copy-friendly install block with tabs for the four major Node package managers. Click-to-copy with usage analytics so you know which command developers actually run.
Lazy-loaded below the fold, async-injected, scoped CSS that does not bleed into your docs theme. Under 40KB gzipped. Zero CLS, zero LCP regression. A Lighthouse 95+ docs site stays at 95+ after embed.
Show the full release history of a package with semver, release date and dist-tag chips for latest, next, beta and canary. Drop it next to your changelog so visitors always see the current line. Better than a static badge.
Use cases
Four buyer types who get the most lift from embedding npm Feed Widget: Embed Packages, Weekly Downloads and Versions on Any Site on their site.
Add the package card with live weekly downloads and the dependents block to your library homepage. A 5.7M weekly downloads counter sitting next to npm install is a stronger trust signal than any tagline. Used by 4,200 packages converts infinitely better than trusted by developers.
Render the author grid on your case-studies or open-source page so prospects see every utility, design-token package and React component library you ship under your scope. Live weekly downloads on a consultancy site signals depth that a static logo wall cannot.
Embed your CLI's npm card on your marketing landing right beside the npm install -g cta. Real adoption numbers next to the install command shorten dev-trial cycles and lift signups. Enterprise buyers verify the dependents list before committing.
Engineering managers and staff engineers use the author grid to prove maintained-OSS credibility on their personal sites. Every package you publish becomes a live, verifiable credential next to your bio, not a stale list in a resume PDF.
Most npm widgets are static SVG badges that need a redeploy or a CDN purge. Here is how the popular ones compare on what actually matters for a JavaScript project landing.
| Recommended Poper | npmjs.com Badge Embed | GitHub Activity Widget | Awesome README Badges | |
|---|---|---|---|---|
| Free plan available | ||||
| Live weekly and monthly downloads | Static SVG only | Static SVG only | ||
| 30-day download sparkline in card | ||||
| Version timeline with semver and dist-tags | Manual badge | |||
| Dependents block, used by N packages | ||||
| Install snippet, npm and yarn and pnpm and bun tabs | ||||
| Auto refresh without redeploy or CDN purge | Cached SVG, slow | |||
| Brand-match theming, fonts, spacing, custom CSS | Color only | Color only | ||
| Works on hosted docs sites, not just READMEs | Image embed only | Image only | ||
| Author or scope grid, all your packages at once | ||||
| Pricing for unlimited refreshes | $19/mo (Pro) | Free SVG | Free / paid | Free badge |
| Bundled with popups, forms, quizzes |
Comparison reflects publicly available features as of 2026. SVG-based shields are great for READMEs but limited to static images that cannot be themed beyond color or extended with sparklines and dependents data.
Library authors, dev-tool teams and consultancy leads who replaced static shields with Poper.
“Poper has improved our website's user engagement! Since integrating Poper's personalized popups, we've seen a dramatic surge in conversions and user interactions. The platform's intuitive design makes creating and customizing popups a breeze, even for those with minimal tech skills. What truly sets Poper apart are its…”
“Fantastic app and support team, they are very quick to help and provide a solution or improvement to their product. Highly recommended!”
“Poper has been a total lifesaver for our agency! As a digital marketing agency, we’re always juggling a million things at once. Poper has been a real game-changer in terms of streamlining our workflow and keeping track of all our clients’ campaigns. The ability to track all our clients’ websites from one place is a…”
Pricing
Free forever for one widget. Upgrade only when you need faster sync, multiple instances, or to drop the watermark.
Everything you need to ship the widget today.
Remove the watermark, faster sync, more widget instances.
Multi-site, multi-account, white-label.
All plans include unlimited page views, no contracts, cancel anytime. Annual billing saves 20%.
npm is the JavaScript and Node package registry, the largest software registry in the world by package count, and since GitHub acquired npm Inc. in 2020 it has been part of the Microsoft family (Microsoft itself acquired GitHub in 2018). For library authors, dev-tool startups, framework teams and JavaScript consultancies, your packages on npm are the most credible asset you have. Embedding live download counts, version history and dependents directly on your project site turns adoption into proof you can point at. This guide covers what actually matters in 2026: the npm Registry API, the downloads endpoint, scoped packages and dist-tags, the post-leftpad supply-chain world, npm Provenance and Sigstore, the rise of Yarn and pnpm as alternative package managers, and how to choose an npm feed widget that survives traffic spikes and stays Lighthouse-clean.
npm exposes two public APIs that matter for embeds. The npm Registry API at registry.npmjs.org returns package metadata: name, description, latest version, full version history, repository link, license, maintainers, dist-tags (latest, next, beta) and the deprecation flag. It is freely accessible without authentication and serves billions of requests every day, with package documents reachable at registry.npmjs.org/PACKAGE-NAME and version-specific documents at registry.npmjs.org/PACKAGE-NAME/VERSION. The downloads API at api.npmjs.org/downloads exposes daily, weekly and monthly download counts at point-in-time and over arbitrary date ranges (api.npmjs.org/downloads/point/last-week/PACKAGE-NAME and api.npmjs.org/downloads/range/2025-11-01:2026-05-08/PACKAGE-NAME). A serious npm widget calls both: Registry API for the card metadata and version history, downloads API for the weekly count and the 30-day sparkline. Poper proxies all calls through a global edge cache so your visitors never hit npm directly, which keeps your card rendered even when the registry has a hiccup.
Every JavaScript developer has internalized one number: weekly downloads. It is the universal heuristic for is this library real, is it being maintained, will it still exist in six months. The npm registry serves over 200 billion downloads per week across roughly 3 million published packages, and a card showing 5.7M weekly downloads next to npm install your-package converts visitors with a force that no marketing tagline can match. The number is also a defensible moat for your landing page: a static SVG shield from shields.io shows the count but cannot show the trend, and a screenshot is stale the day after you take it. A live widget that fetches from api.npmjs.org/downloads/point/last-week and re-renders on a six-hour cycle stays accurate without your effort. Pair it with a 30-day sparkline and you get the trend on the same card, which is what dev-tool buyers actually want to see when they evaluate a new SDK.
npm Inc. shipped the original Node package manager in 2010, and for a decade it was the only mainstream choice. Today the JavaScript install command is fragmented: npm itself ships with Node, Yarn (originally Facebook, now community-led under Yarn 4) holds a large share of monorepos and enterprise stacks, pnpm has become the default in the Vite, Vue and Astro communities thanks to its content-addressable store and dramatically faster installs, and bun (a Zig-based runtime + package manager + bundler) is the fastest-growing newcomer with first-class npm registry compatibility. Any modern install snippet on a JavaScript project page needs tabs for all four. Poper renders the npm install package, yarn add package, pnpm add package and bun add package commands in a single tabbed block with click-to-copy on each. Usage analytics tell you which command developers actually copy from your landing, which is the single best leading indicator of where your audience lives in the ecosystem.
The 2016 leftpad incident, when an 11-line utility was unpublished and broke half the JavaScript build pipelines on earth, permanently changed how the ecosystem thinks about supply chain. Every npm install pulls hundreds of transitive dependencies, and every dependent package is a trust decision. npm has since added unpublish protections, two-factor enforcement for high-impact packages, and most importantly, npm Provenance with Sigstore. Provenance attaches a signed attestation to every published version that proves which GitHub Actions workflow built and published the package, where the source code lived, and what command produced the artifact. The Provenance badge appears on npmjs.com next to packages that publish with it, and surfacing that signal on your own project page is a measurable trust lift for security-conscious buyers (think regulated industries, fintechs and the platform-engineering teams gating dependency policy). The Poper npm widget can render the Provenance verification chip and the Sigstore link on package cards, so your supply-chain hygiene is visible without forcing visitors to click through to npmjs.com.
JavaScript developers will Lighthouse your docs site, your landing page and your changelog. They will. It is half curiosity and half a screening signal: a project landing with a 95+ Lighthouse score reads as someone who actually cares about the craft, while a 60-score site with a janky badge embed reads as a project that does not eat its own dog food. Widgets are notorious Lighthouse killers: synchronous JavaScript blocking the main thread, layout shift from images that load late, blocking network requests to npm on every visit. The Poper npm widget is engineered for this audience: async loading below the fold, scoped CSS that cannot leak into your design system, edge-cached responses so visitors never hit npm directly, dimensions reserved on every element to keep CLS at zero, and the entire bundle gzipped under 40KB. Embed it on a Docusaurus, Nextra, Astro Starlight or Next.js docs site and your Lighthouse score will not move. That matters more for a JavaScript project than for any other vertical, because your audience is the one running the audit.
An npm feed widget is an embeddable script that displays a JavaScript or Node package's live registry data (weekly and monthly downloads, version history, dependents, dist-tags and install commands) on any website. It pulls from the public npm Registry API at registry.npmjs.org and the downloads endpoint at api.npmjs.org/downloads, themes the result to match the host site, and refreshes automatically.
Can't find the answer you're looking for? Chat with our support team.
Contact SupportEmbed the live thing. Free plan, no token for public packages, ships in 90 seconds.
Free plan available forever
