npm referrer traffic
npm referrals come from package pages on npmjs.com, the JavaScript package registry. When your package page links to a homepage, repository, or docs, clicks reach you as npmjs.com referrals — a strong signal of developer interest in your library, though referrer policy can send some to direct.
What this means
npm is the package registry for JavaScript and Node.js. Each published package has a page on npmjs.com that can surface homepage, repository, and documentation links drawn from the package metadata. Clicks on those reach your site as referrals from npmjs.com.
This traffic is a clear developer-intent signal: someone is evaluating or using your library and followed through to your docs or homepage, which is different from casual content discovery.
Why some clicks arrive as direct and what to do
Package pages can apply a referrer policy that downgrades or omits the Referer header, so a portion of npm-driven clicks will arrive as direct rather than npmjs.com. This is normal and not a measurement error.
The homepage and docs URLs come from your package metadata, which you control, so add utm_source=npm and utm_medium=referral to those links in your package configuration. The query string persists, so package-page clicks stay attributable even when the referrer is downgraded.
- Host you may see: npmjs.com
- Recommended tags: utm_source=npm, utm_medium=referral
- Set tagged homepage/docs links in package metadata you control
How it appears in analytics and logs
A referrer on npmjs.com means a visitor followed a link from a package page — typically the homepage, repository, or docs link of a library. It signals package-discovery interest, not general browsing.
Diagnostic use case
Identify developer traffic arriving from your package's npmjs.com page, and recover homepage and documentation clicks driven by package discovery.
What WebmasterID can help detect
WebmasterID groups npmjs.com referrals as a developer/registry channel and reconciles them with your UTM tags, so package-page clicks stay distinct from generic referral.
Common mistakes
- Treating npm referrals as generic traffic instead of developer-intent signals.
- Expecting every package click to show npmjs.com — referrer policy sends some to direct.
- Not tagging the homepage/docs URLs in your package metadata.
Privacy and accuracy notes
Attribution uses only the Referer host. No npm user or developer is identified. WebmasterID records the package-discovery channel, not the person.
Related pages
- GitHub referrer traffic
GitHub drives traffic through links in READMEs, profiles, and repository pages, typically arriving with a github.com referrer. The audience skews technical, which can matter for how you interpret the visits. UTM tags help attribute GitHub links you control.
- GitLab referrer traffic
GitLab referrals come from links in repositories, issues, merge requests, wikis, and snippets on gitlab.com or self-managed instances. A gitlab.com referrer indicates developer-context traffic, though self-hosted GitLab instances use their own domains and links rendered in READMEs can carry restrictive referrer policies.
- Referrer-Policy and missing referrers
Referrer-Policy is the web standard that controls how much of the referrer a browser sends with a request. Site owners set it via an HTTP header or a meta tag, and modern browsers default to a privacy-leaning value. Understanding the policy values explains why so many referrers arrive trimmed to the origin or missing entirely.
- Campaign links
Tag package homepage and docs links so registry clicks are attributable despite referrer downgrades.
Sources and verification notes
- npmJavaScript package registry; homepage/docs links come from package metadata.
- MDN — Referrer-Policy
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.