CLI
Install and manage Morpha UI components from your terminal with the morpha-ui CLI.
Overview
morpha-ui is a thin wrapper around the shadcn CLI
that installs Morpha UI components from a gated registry. Free components
install with no authentication; pro components require a one-time browser
login. The CLI captures a short-lived token and forwards it to the registry
when you run add — every other command is delegated straight to shadcn.
Installation
No install step — run it with your package manager's runner:
npx morpha-ui@latest add buttonpnpm dlx morpha-ui@latest add buttonbunx --bun morpha-ui@latest add buttonPrerequisites
- A project with shadcn/ui configured (a valid
components.jsonin the project root). - Node.js ≥ 18.
- For pro components, an approved account (
plan: pro).
Authentication
Morpha UI authenticates through Clerk with a browser OAuth flow:
npx morpha-ui@latest login- The CLI starts a temporary local server on
127.0.0.1:<random-port>and opens/cli/authorizein your browser (the URL is printed as a fallback). - You sign in. If your account has pro access, the page redirects back to the local server with a signed token — you never copy/paste anything.
- The token is saved to
~/.morpha/config.json(permissions0600).
The token is a JWT that expires after ~30 days. When it expires, add prompts
you to run npx morpha-ui@latest login again.
Pro access is granted by the Morpha UI owner. A logged-in account without pro access sees an upgrade prompt and no token is issued.
Headless mode (CI)
When no browser is available, supply the token directly:
# paste a token captured from the authorize page
npx morpha-ui@latest login --token <jwt>
# or pass it ambiently to a single command (wins over the stored token)
MORPHA_TOKEN="$MORPHA_TOKEN" npx morpha-ui@latest add buttonCommands
| Command | Description |
|---|---|
npx morpha-ui@latest login | Authenticate via browser (Clerk OAuth). |
npx morpha-ui@latest login --token <jwt> | Authenticate headless with a pasted token. |
npx morpha-ui@latest logout | Remove the stored token. |
npx morpha-ui@latest add <name> [args…] | Add a component; extra args pass through to shadcn. |
npx morpha-ui@latest list | List all free and pro components. |
npx morpha-ui@latest whoami | Show the current plan and token expiry (never the token). |
npx morpha-ui@latest config | Show the site, store path, and auth status. |
npx morpha-ui@latest <other> | Delegated to shadcn@latest. |
npx morpha-ui@latest add button # add a component
npx morpha-ui@latest add card --overwrite # overwrite existing files
npx morpha-ui@latest add theme --dry-run # preview without writing
npx morpha-ui@latest whoami # check plan / expiryConfiguration
Two environment variables tune the CLI:
| Variable | Purpose | Default |
|---|---|---|
MORPHA_TOKEN | Ambient token for add (wins over the stored token). | — |
MORPHA_SITE_URL | Override the base URL the CLI talks to. | https://morphaui.com |
From MORPHA_SITE_URL the CLI derives the registry (${SITE}/r) and the
authorize URL (${SITE}/cli/authorize).
The token store at ~/.morpha/config.json (chmod 0600) looks like:
{
"token": "<jwt>",
"site": "https://morphaui.com",
"savedAt": "2026-06-11T10:00:00.000Z",
"exp": 1752230400
}The token is never printed — whoami and config only show the decoded
plan and exp.
Troubleshooting
| Status | Meaning | Fix |
|---|---|---|
| 401 | Registry got no token. | npx morpha-ui@latest login |
| 403 | Token expired/invalid, or account not pro. | npx morpha-ui@latest login |
| 404 | Unknown component name. | npx morpha-ui@latest list |