Unpkg is a content delivery network for everything on npm.
Websites Using Unpkg
No websites detected yet. Analyze a website to contribute data.
What Is unpkg?
unpkg is a fast, free public content delivery network (CDN) that serves everything published on the npm registry directly to the browser. The short answer for anyone asking what unpkg is: it is a global CDN mirror of npm, so any file inside any package on npm can be loaded straight into a web page through a simple unpkg.com URL, with no build step, no account, and no manual upload. If a library exists on npm, it is already available through unpkg.
unpkg was created by Michael Jackson, co-author of React Router, and is operated as a community service backed by CDN infrastructure (historically Cloudflare). Its guiding idea is radical simplicity: rather than curating a list of libraries or supporting many different sources, unpkg does exactly one thing well, which is expose the npm registry over a clean, predictable URL scheme. Because npm is the largest software registry in the world, that single capability covers an enormous range of front-end libraries, from React and Vue to tiny single-purpose utilities.
A precise current market-share figure is hard to state with confidence, because CDN usage is measured inconsistently across detection surveys and many sites load assets from several CDNs simultaneously. What detection sources such as Wappalyzer and BuiltWith consistently report is that unpkg is among the most frequently detected public CDNs, particularly on documentation sites, demos, CodePen-style examples, prototypes, and modern JavaScript projects that want to pull a library straight from npm without bundling it. unpkg's popularity grew alongside the rise of npm as the center of the JavaScript ecosystem and the trend of loading ES modules directly in the browser.
How unpkg Works
unpkg works as a caching proxy in front of the npm registry. When a browser requests a file from a unpkg.com URL, unpkg looks up the matching package and version on npm, fetches the requested file, caches it at edge locations worldwide, and serves it to the visitor from the nearest node. Once cached, the same file is served directly from the edge on future requests, so npm itself is rarely contacted.
The URL structure is the heart of how unpkg is used and detected. It is deliberately minimal:
- Basic form:
https://unpkg.com/package@version/file. For example,https://unpkg.com/[email protected]/umd/react.production.min.js. - Latest version: Omitting the version (
https://unpkg.com/react/) serves the latest published release. - Version ranges: A semver range such as
react@^18resolves to the newest matching version. - Default file: Requesting just
package@version(without a specific file) serves the package's main entry point, as declared in itspackage.json. - Directory browsing: Appending
/to a package path (for exampleunpkg.com/[email protected]/) lists the files inside the package, which is useful for discovering exact file paths.
unpkg also supports a couple of distinctive query features. The ?module query rewrites a package's bare import specifiers so the file can be loaded as a native ES module in the browser, and the service sets long-lived cache headers so that versioned URLs (which never change content) can be cached aggressively. Because every published version on npm is immutable, a fully pinned unpkg URL points to bytes that will never change, which makes caching extremely effective.
A typical request lifecycle looks like this: a browser encounters a <script src="https://unpkg.com/..."> tag or a native ES-module import from unpkg.com, performs a DNS lookup for unpkg.com, connects to the nearest edge node, and receives the cached, compressed file with caching headers that allow the browser to reuse it. For a versioned URL the response is almost always served from a warm cache, which is why unpkg is fast for popular packages.
How to Tell if a Website Uses unpkg
unpkg leaves obvious fingerprints because its asset URLs appear directly in a page's HTML and network requests. Here are the signals to look for and the tools that surface them.
Signals in the page and network
- Asset domain. The clearest signal is
unpkg.comappearing in<script src="...">,<link href="...">, or an ES-moduleimportstatement. Any reference to this domain means the page loads at least one asset through unpkg. package@version/fileURL pattern. unpkg URLs follow the recognizableunpkg.com/name@version/path/to/fileshape, frequently ending in a minified bundle such as.min.js, a UMD build, or an ES-module file.- Unversioned URLs. A URL like
unpkg.com/somelib/without a version is also a strong signal, indicating the site is loading the latest release of a package. - Response headers. A request to an unpkg asset returns CDN caching headers. Look for long
cache-controlmax-age values andx-served-byor similar markers identifying the serving network. - Module-style usage. The presence of
?modulein an unpkg URL, or<script type="module">importing fromunpkg.com, indicates native ES-module loading.
Tools to confirm it
| Tool | What you do | What it reveals |
|---|---|---|
| View Source | Open the page source in your browser | unpkg.com/package@version/file script, link, and import references |
| DevTools Network | Open DevTools, reload, and filter requests by unpkg | Every asset loaded from unpkg, with full URLs and response headers |
| curl -I | Run curl -I https://unpkg.com/[email protected]/umd/react.production.min.js | Response headers showing caching behavior and the serving network |
| Wappalyzer | Run the browser extension on the page | Flags unpkg in the CDN category |
| BuiltWith | Enter the domain on the BuiltWith site | Reports current and historical unpkg detection |
Spotting the CDN is often the first step in identifying the libraries a site relies on. For a broader walkthrough, see our guide on how to check what JavaScript libraries a website uses and the primer on what a CDN is and whether you need one. Because an unpkg URL embeds the exact package name and version, it usually tells you precisely which library and release a site is loading.
Key Features
unpkg's feature set is intentionally narrow, prioritizing simplicity and speed over breadth of sources.
- Complete npm coverage. Any file in any package on npm is instantly available, with no upload or curation step.
- Clean, predictable URLs. The
package@version/filescheme is easy to read, write, and reason about. - Flexible version resolution. Pin an exact version, use a semver range, or request the latest release.
- Default entry-point resolution. Requesting a package without a file path serves its main entry as declared in
package.json. - Directory listing. Appending
/to a package path lists its files, helping you find exact paths. - ES-module support. The
?modulequery rewrites imports so packages can load as native browser modules. - Aggressive caching. Immutable versioned URLs are cached for long periods, keeping popular files fast.
- Free and account-free. No signup, no cost, no configuration.
A few of these deserve emphasis. The directory-listing feature is genuinely useful during development, because it lets you browse a published package's contents to find the exact file you need without leaving the browser. The ?module rewriting reflects unpkg's role in the modern shift toward loading native ES modules directly, bypassing bundlers for quick experiments. And the default entry-point resolution means you can often load a library with the shortest possible URL, letting npm's own package.json decide which file to serve.
Pros and Cons
unpkg's trade-offs come from its single-minded focus on mirroring npm as simply as possible.
Pros
- Instant access to the entire npm registry through clean, memorable URLs.
- Completely free with no account or configuration.
- Excellent for prototyping, demos, and documentation where a build step is undesirable.
- Strong caching of immutable versioned URLs delivers fast performance for popular packages.
- Native ES-module support fits modern, build-less workflows.
- Reduces bandwidth and load on the site's own origin server.
Cons
- npm-only; unlike some CDNs it does not serve files directly from GitHub or other sources.
- Adds a third-party dependency, so an unpkg outage would break affected assets unless a fallback exists.
- Loading scripts from an external domain is a supply-chain consideration, making Subresource Integrity (SRI) hashes advisable.
- An unversioned or wide-range URL can change the served code when a package publishes a new release, which may introduce unexpected behavior.
- Less infrastructural control than self-hosting, since the site owner does not run the serving network.
unpkg vs Alternatives
unpkg competes with other public CDNs that deliver open-source libraries. The comparison below frames where it sits relative to the most common alternatives.
| CDN | Primary sources | Distinctive trait | Best for |
|---|---|---|---|
| unpkg | npm | Simple, direct npm mirror with directory listing | Quick loading of any npm package |
| jsDelivr | npm, GitHub, WordPress | Multi-CDN, file combining, GitHub support | Reliable hosting plus GitHub assets |
| cdnjs | Curated open-source libraries | Hand-curated, vetted library list | Trusted, well-known libraries only |
| Google Hosted Libraries | A small fixed set of major libraries | Backed by Google's network | jQuery and a few classic libraries |
The most instructive comparison is unpkg versus jsDelivr. Both serve npm packages through clean URLs and are go-to choices for loading libraries without self-hosting. The difference is one of scope: unpkg deliberately does one thing, mirror npm, and does it with minimal ceremony, including a handy directory-browsing feature. jsDelivr does more, serving files from GitHub as well as npm, offering automatic file combining, and running as a multi-CDN for extra redundancy. If your need is simply to pull a package from npm quickly and you value a no-frills, predictable service, unpkg is an excellent fit. If you also want GitHub hosting, bundling, or multi-provider failover, jsDelivr is the broader option. Against curated CDNs, unpkg trades human vetting for the complete breadth of npm.
Use Cases
unpkg fits a recognizable set of scenarios centered on loading npm packages without a build pipeline.
- Prototyping and experiments. Dropping a single
<script>tag or ES-module import to try a library instantly, with no tooling. - Documentation and demos. Loading the exact version of a library a tutorial or example depends on, straight from npm.
- CodePen-style and educational snippets. Sharing runnable examples that pull dependencies directly from unpkg URLs.
- Native ES-module workflows. Importing modules in the browser without a bundler, using unpkg's module rewriting.
- Lightweight production loading. Serving a small library from a fast CDN rather than bundling it, when self-hosting is unnecessary.
For competitive research and lead generation, finding unpkg on a prospect's site reveals the precise package and version they load, since both are embedded in the URL. That is a strong signal about a site's front-end dependencies and how it approaches build tooling.
Frequently Asked Questions
Is unpkg free, and do I need an account?
Yes, unpkg is free and requires no account. It is a community-operated public CDN backed by CDN infrastructure, and there is no signup or cost for loading packages. This is why it is so common on demos, documentation, prototypes, and many production sites.
How is unpkg different from jsDelivr?
Both are free public CDNs that serve npm packages, but unpkg focuses solely on mirroring npm with a very simple URL scheme and a useful directory-listing feature, while jsDelivr also serves files directly from GitHub, supports automatic file combining, and runs as a multi-CDN across several providers for added reliability. unpkg favors simplicity; jsDelivr favors breadth and redundancy.
How do I find the exact file path inside a package?
Append a trailing slash to the package URL, for example https://unpkg.com/[email protected]/. unpkg returns a directory listing of the package's files, letting you locate the precise path you need. You can then request that file directly with a full unpkg.com/package@version/path URL.
Is it safe to load production code from unpkg?
unpkg is widely used in production and is fast and reliable, but loading any script from a third-party domain is a supply-chain consideration. The recommended safeguard is to pin an exact version and add a Subresource Integrity (SRI) hash to the tag, so the browser verifies the file's contents before running it. Pinning a version also prevents unexpected code changes from new releases.
Why might a site use an unversioned unpkg URL?
An unversioned URL like unpkg.com/somelib/ always serves the latest published release, which is convenient during prototyping because it stays current automatically. The trade-off is that the served code can change when the package publishes a new version, so production sites usually pin a specific version instead for predictability.
Want to identify the CDNs, libraries, and full technology stack behind any website instantly? Try StackOptic at https://stackoptic.com.