README.md
April 23, 2026 · View on GitHub
Kubo: IPFS Implementation in GO
Install Kubo (previously known as "go-ipfs") from NPM
Table of Contents
Install
Install the latest Kubo (go-ipfs) binary:
# Install globally
> npm install -g kubo
> ipfs version
ipfs version v0.23.0
# Install locally
> npm install kubo
> ./node_modules/.bin/ipfs
ipfs version v0.23.0
Usage
This module downloads Kubo (go-ipfs) binaries from https://dist.ipfs.tech into your project.
It will download the kubo version that matches the npm version of this module. So depending on kubo@0.23.0 will install kubo v0.23.0 for your current system architecture, in to your project at node_modules/kubo/kubo/ipfs and additional symlink to it at node_modules/kubo/bin/ipfs.
On Windows, ipfs.exe file is used, and if the symlink can't be created under a regular user, a copy of ipfs.exe is created instead.
After downloading you can find out the path of the installed binary by calling the path function exported by this module:
import { path } from 'kubo'
console.info('kubo is installed at', path())
An error will be thrown if the path to the binary cannot be resolved.
Caching
Downloaded archives are placed in OS-specific cache directory which can be customized by setting NPM_KUBO_CACHE in env.
Overriding with KUBO_BINARY env
If the KUBO_BINARY env variable is set at runtime this will override the path of the binary used.
This must point to the file, not the directory containing the file.
Development
Warning: the file bin/ipfs is a placeholder, when downloading stuff, it gets replaced. so if you run node install.js it will then be dirty in the git repo. Do not commit this file, as then you would be commiting a big binary and publishing it to npm. A pre-commit hook exists and should protect against this, but better safe than sorry.
Publish a new version
Publishing is automated. The Release to npm workflow runs hourly, checks https://dist.ipfs.tech/kubo/versions for a new release, and if one is found:
- bumps
versioninpackage.jsonvianpm version - publishes to npm as
kubo@<version>with a sigstore provenance attestation - pushes the version commit and tag back to
master
The workflow tags full kubo releases as latest and pre-releases (any version containing -, e.g. 0.41.0-rc2) as next.
Maintainers can also trigger a run manually from the Actions tab via workflow_dispatch.
Authentication (npm Trusted Publishing)
The workflow authenticates to npm via Trusted Publishing over GitHub OIDC, not a long-lived NPM_AUTH_TOKEN. To (re)configure trust on npmjs.com, a maintainer with publish rights should:
- Go to the
kubopackage settings on npmjs.com → Trusted Publishers → Add trusted publisher → GitHub Actions. - Set organization
ipfs, repositorynpm-kubo, workflow filenamemain.yml. Leave the environment field blank.
Contribute
Feel free to join in. All welcome. Open an issue!
This repository falls under the IPFS Code of Conduct.
