Fetch a package from the registry and run its bin:

nub dlx create-vite my-app
nub x create-vite my-app                       # short alias
nub dlx -p cowsay -c 'cowsay hi | tr a-z A-Z'  # shell pipeline

The command is the explicit downloader (short alias nub x, mirroring bunx/bun x): invoking it is the consent. Unlike nubx's implicit fallthrough — which prompts on the first fetch and fails closed in CI — nub dlx downloads without a prompt and runs in CI, because asking for it is already the deliberate gesture. Both share the same persistent cache and registry safeguards.

-p, --package

When the bin name differs from the package name, name the package explicitly:

nub dlx -p @angular/cli ng new my-app

-c, --shell-mode

Run a shell one-liner with the fetched package's bin on PATH:

nub dlx -p cowsay -c 'cowsay hi | tr a-z A-Z'

Lifecycle scripts

A fetched package's preinstall/install/postinstall scripts stay skipped — downloading a tool is not consent to run its dependencies' build scripts. Approve a package with --allow-build=<pkg>, the same allowlist nub install uses.

Cooling window

A fetch runs through Nub's normal install resolver, so the minimumReleaseAge cooling window applies: a resolved version must be older than the window (default 24 hours) before it's used. See the trust floor for the full posture.

  • Runnernubx, the unified runner that fetches only on a local miss, with a prompt.
  • Local bin runnernub exec, for a tool that's already installed.
  • Script runnernub run, the package.json script runner.
  • Package manager — installing dependencies for real, not just running them.