Microsoft just released npm for AI agents

Every developer knows npm, pip, or Cargo — the tools that automatically install the right libraries when you clone a project. Microsoft just built the same thing, but for AI coding agents. It's called APM (Agent Package Manager), and it could change how teams share and manage their AI setups.

The Problem APM Solves

AI coding agents like GitHub Copilot, Claude Code, and Cursor need context to be useful — custom instructions, prompts, skills, plugins, and MCP servers (the connections that let AI talk to external tools). Right now, every developer sets these up manually. There's no standard way to share or reproduce an AI configuration.

When a new teammate joins a project, they spend hours recreating the same AI setup everyone else uses. When a team discovers a great prompt or skill, they share it through Slack messages or docs that quickly go stale.

One Config File, Four AI Agents

Here's what an apm.yml looks like:

name: your-project
version: 1.0.0
dependencies:
  apm:
    - anthropics/skills/skills/frontend-design
    - github/awesome-copilot/plugins/context-engineering

When you run apm install, it downloads packages into apm_modules/ and automatically deploys the right files to .github/ (for Copilot), .claude/ (for Claude Code), .cursor/ (for Cursor), and .opencode/ (for OpenCode). Each agent gets exactly what it needs, from a single source of truth.

The tool handles transitive dependencies (if package A needs package B, both get installed automatically) and creates a lock file (apm.lock.yaml) so everyone gets identical versions.

Security Scanning Built In

Here's where APM gets interesting beyond convenience. Every skill, prompt, instruction, or hook that your AI agent executes is an attack surface. A malicious package could inject hidden instructions that change how your AI behaves — essentially prompt injection through the supply chain.

APM includes two defenses:

Try It Right Now

APM installs in one command:

# macOS / Linux
curl -sSL https://aka.ms/apm-unix | sh

# Windows (PowerShell)
irm https://aka.ms/apm-windows | iex

# Or via pip
pip install apm-cli

# Or Homebrew
brew install microsoft/apm/apm

Then in any project:

# Initialize APM in your project
apm init

# Install a sample package
apm install microsoft/apm-sample-package#v1.0.0

# Your AI agents are now configured

Who Should Care

If you lead a dev team — APM means onboarding a new developer includes your team's AI knowledge by default. No more "ask Sarah for her Claude Code prompt" or "check the wiki for the Copilot config."

If you build AI plugins or skills — APM gives you a distribution channel. Package your skill once, and any team can install it with a single command. The project supports installing from GitHub, GitLab, Bitbucket, and Azure DevOps.

If you use Claude Code or Cursor daily — you can now version-control your agent setup and share it across machines or with teammates.

Early Days, Big Ambition

APM is at v0.8.3 with 32 releases so far, MIT-licensed, and growing fast on GitHub (600+ stars, trending today). Microsoft is positioning it alongside GitHub's Spec Kit and the broader AGENTS.md ecosystem.

The key question: will the AI agent community converge on a shared package format the way web developers converged on npm? If APM gets traction, it could standardize how AI knowledge flows between teams — turning one developer's breakthrough prompt into every developer's default.

Related Content — Get Started with Easy Claude Code | Free Learning Guides | More AI News