Usage
Description
Add components or npm plugins to your project. Components are copied into.opencode/ (not node_modules) — you own the code and can customize freely.
Arguments
| Argument | Required | Description |
|---|---|---|
components... | Yes | Components to install (name/component or npm:package[@version]) |
Flags
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--dry-run | false | Show what would be installed without making changes | |
--skip-compat-check | false | Skip version compatibility checks | |
--trust | false | Skip npm plugin validation | |
--profile <name> | -p | Use specific profile | |
--from <url> | Use ephemeral registry (does not persist) | ||
--cwd <path> | Current directory | Working directory | |
--quiet | -q | false | Suppress output |
--verbose | -v | false | Verbose output |
--json | false | Output as JSON | |
--global | -g | false | Use global config |
Examples
Add a Component from a Configured Registry
Add Multiple Components
Add an npm Plugin
Add with a Specific Version
Preview What Would Be Installed
Use an Ephemeral Registry
--from flag provides a one-time registry reference without saving it to your configuration. The registry name is inferred from the component reference (e.g., kdco from kdco/workspace).
Integrity Verification
When a component is already present in your V1 receipt file (.ocx/receipt.jsonc), OCX computes the SHA-256 hash of the incoming content and compares it against the recorded hash. If the hashes do not match, the installation fails immediately with an INTEGRITY_ERROR.
To intentionally update a component whose source has changed, use ocx update instead.
See Also
- ocx init — Initialize before adding components.
- ocx registry — Configure registries.
- Enterprise Overview — Integrity verification details.
- Security Verification — How SHA-256 verification works.