You can import public packages from external package registries into your scripts. Postman supports importing public packages from npm and JSR registries. If you're on a Postman Professional or Enterprise plan, you can also import private packages from npm that a Team Admin configured access to. You can import external packages in your internal, partner, and public workspaces. External packages are supported in HTTP, gRPC, and GraphQL requests.
You can use the Collection Runner, Postman Flows, and the Postman CLI to run collections and requests that import external packages in scripts. External packages aren't supported in Monitors or Newman.
You can search for public external packages in npm and JSR and import them directly into your HTTP, gRPC, and GraphQL requests.
If you're on a Postman Enterprise plan, a Team Admin can manage external packages your team is allowed to use in scripts.
If you're on a Postman Enterprise plan, you can view external packages your Team Admin has allowed in scripts. Select Team > Team Settings in the Postman header, select Team resources in the sidebar, then select External packages.
To search and import a public external package, do the following:
You can view external packages in your script, including packages Postman was unable to import.
When you select a public external package from search, a JavaScript variable is automatically declared in the code editor. Use the variable to call functions and objects in the package. By default, the variable identifier is based on the external package name. The variable's value is the pm.require
method with the package registry, name, and latest version number as the argument in the registry-name:package-name@version-number
format.
The script will always use the defined package version when the request runs. You can omit the version number (@version-number
) from the argument to use the latest package version in all of your scripts.
You must use the exact version number in the argument. Postman doesn't support other ways to specify a version, such as version ranges or tags.
// package imported from npm
const npmVariableName = pm.require('npm:package-name@version-number');
npmVariableName.functionName()
// package imported from jsr
const jsrVariableName = pm.require('jsr:package-name@version-number');
jsrVariableName.functionName()
Private npm packages are supported on Postman Professional and Enterprise plans.
You can import private external packages from npm if a Team Admin configured access to the private package from your team's scripts. You can import private npm packages directly into your HTTP, gRPC, and GraphQL requests.
If you're on a Postman Enterprise plan, a Team Admin can manage external packages your team is allowed to use in scripts.
If you're on a Postman Professional or Enterprise plan, you can view external packages your Team Admin has allowed in scripts. Select Team > Team Settings in the Postman header, select Team resources in the sidebar, then select External packages.
To import a private external package, do the following:
pm.require
method with "npm", scope, package name, and latest version number as the argument in the npm:@scope/package-name@version-number
format.If you specified a version number, the script will always use the defined package version when the request runs. You can omit the version number (@version-number
) from the argument to use the latest package version in all of your scripts.
// package imported from npm
const npmVariableName = pm.require('npm:@scope/package-name@version-number');
npmVariableName.functionName()
You can view external packages in your script, including packages Postman was unable to import.
When you import an external package, you can configure the argument so the latest package version is used in all of your scripts. To do this, omit the version number (@version-number
) from the pm.require
method's argument. By default, scripts use the latest version number available when you first opened or ran the request.
Each script in your Postman app that imports the package without a version number will use the same version. The package version is specific to your Postman app, meaning the version may differ for your collaborators.
To update the package version number in your Postman app, do the following:
To view external packages in your request's script, select Packages at the lower right of the code editor. To learn more about a package, hover over the package and select
View in npm or
View in JSR.
Use the following to troubleshoot external packages in your script:
Postman runs scripts in a sandbox environment that's secure by default. There are strict measures in place to ensure external code that runs inside the sandbox environment doesn't get extra privileges or access. Because of this, there may be some limitations when running the contents of external packages in the sandbox environment, depending on the package's dependencies.
Consider the following when importing external packages into Postman:
Postman's sandbox environment runs code uniformly, regardless of whether the code runs on the browser or Node.js. External packages that use Nodes.js built-in modules may not work as expected in Postman because the modules aren't also available in the browser.
Postman doesn't support all of JavaScript's standard built-in objects. Learn about the JavaScript objects Postman supports.
Packages and their dependencies that exceed 50 MB aren't supported.
Packages that use the await
keyword outside of an async function aren't supported.
Packages that use both named and default exports must use specific syntax to access the default exports:
// access default exports
const fooDefaultExport = pm.require("npm:foo").default
// access named exports
const { fooNamedExport } = pm.require("npm:foo")
Last modified: 2025/04/11