# Installation

Install Viem via your package manager, a `<script>` tag, or build from source.

## Package Manager

Install the required packages.

:::code-group
```bash [pnpm]
pnpm add viem
```

```bash [npm]
npm install viem
```

```bash [yarn]
yarn add viem
```

```bash [bun]
bun add viem
```

```bash [deno]
deno add viem
```
:::

## CDN

If you're not using a package manager, you can also use Viem via an ESM-compatible CDN such as [esm.sh](https://esm.sh). Simply add a `<script type="module">` tag to the bottom of your HTML file with the following content.

```html
<script type="module">
  import { createClient } from 'https://esm.sh/viem'
</script>
```

## Using Unreleased Commits

If you can't wait for a new release to test the latest features, pull requests and commits are continuously released via [pkg.pr.new](https://pkg.pr.new) and can be installed using the pull request number or short commit ID.

:::code-group
```bash [pnpm]
pnpm add https://pkg.pr.new/viem@123
```

```bash [npm]
npm install https://pkg.pr.new/viem@123
```

```bash [yarn]
yarn add https://pkg.pr.new/viem@123
```

```bash [bun]
bun add https://pkg.pr.new/viem@123
```
:::

Or clone the [Viem repo](https://github.com/wevm/viem) to your local machine, build, and link it yourself.

```bash
gh repo clone wevm/viem
cd viem
pnpm install
pnpm build
pnpm link --global
```

Then go to the project where you are using Viem and run `pnpm link --global viem` (or the package manager that you used to link Viem globally).

## Security

Ethereum-related projects are often targeted in attacks to steal users' assets. Make sure you follow security best-practices for your project. Some quick things to get started.

* Pin package versions, upgrade mindfully, and inspect lockfile changes to minimize the risk of [supply-chain attacks](https://nodejs.org/en/guides/security/#supply-chain-attacks).
* Use [npm](https://docs.npmjs.com)'s [`min-release-age`](https://docs.npmjs.com/cli/v11/using-npm/config#min-release-age) or [pnpm](https://pnpm.io)'s [`minimumReleaseAge`](https://pnpm.io/settings#minimumreleaseage) and [`trustPolicy`](https://pnpm.io/settings#trustpolicy) to mitigate against supply-chain attacks.
* Install the [Socket](https://socket.dev) [GitHub App](https://github.com/apps/socket-security) to help detect and block supply-chain attacks.
* Add a [Content Security Policy](https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html) to defend against external scripts running in your app.
* Pin [GitHub Action](https://x.com/paulmillr/status/1900948425325031448) versions to commits instead of tags. [Actions Up](https://github.com/azat-io/actions-up) is a good tool for using commits instead of tags.
