New Relic developers

New Relic One: The CLI



This table gives descriptions and context for some of the most important CLI commands: 

Topic Command Description
Help nr1 help See all nr1 commands. For more details about a command, run nr1 help COMMAND_NAME.
Profiles nr1 profiles Controls the profile you’ll be running CLI commands as. You can have more than one profile, which is helpful for executing commands on multiple New Relic accounts. For more on this, see Authentication and the workshop.
Create nr1 create Create a new component template (Nerdpack, Nerdlet, or launcher). The CLI will walk you through this process.
Serve locally nr1 nerdpack:serve Serves your Nerdpack locally, for development purposes. For more on this, see Local development.
UUID controls nr1 nerdpack:uuid Commands related to the Nerdpack’s UUID (universal unique ID). This ID dictates who can access the Nerdpack. To deploy a Nerdpack you didn’t make, you’ll have to assign it a new UUID. For details on how to do this, see the workshop.
Publish nr1 nerdpack:publish Publishes your Nerdpack to New Relic. For more on publishing, see Deploy to New Relic One. After publishing, you can use nr1 nerdpack: deploy to deploy it to a channel and make it available to users.
Deploy nr1 nerdpack:deploy Deploys a Nerdpack version to a specific channel (for example, BETA, or STABLE). A channel can only have one Nerdpack version deployed to it at one time. If a channel has an existing Nerdpack associated with it, deploying a new Nerdpack version to that channel will undeploy the previous one. For more on deploying, see Deploy to New Relic One.
Subscribe nr1 nerdpack:subscribe Subscribe the account linked to your personal API key to a channel (default: STABLE). Can be run with a Nerdpack UUID or run in a specific Nerdpack's directory (the ID from the package.json file is used). An account can only be subscribed to one Nerdpack and channel at one time. For more details, see Deploy to New Relic One.
NRQL query nr1 nrql Fetches data from New Relic using NRQL (New Relic query language).

Permissions and access

New Relic One gives you a cross-account view, which is valuable for organizations that have complex hierarchies containing multiple New Relic master accounts and sub-accounts. For this reason, there are rules in place to control what accounts can access New Relic One applications and the data in them. This means that, depending on the account hierarchy, two people using the same New Relic One application may not be able to see the same data.

The next two sections will explain how permissions apply in these two situations: 

  • When building, deplying, and subscribing to a Nerdpack.
  • When interacting with a finished Nerdpack.

Permissions for building, deploying, and subscribing

When a Nerdpack is created with the CLI, it generates a personal New Relic API key. The Nerdpack’s unique ID (UUID) is tied to the account associated with that API key; that account is considered the Nerdpack's "owner."

Different CLI commands have different permissions and requirements, as shown in the table below. These are mostly related to ensuring that the person running a CLI command is an authorized user on the owner account of the Nerdpack. 

Action CLI command Account scoping Nerdpack manager required?
Create nr1 create User's API key account becomes Nerdpack owner. No
Recreate Nerdpack with new UUID nr1 nerdpack:uuid User's API key account becomes Nerdpack owner. No
Publish Nerdpack nr1 nerdpack:publish User's API key account is Nerdpack owner. Yes
Get Nerdpack info nr1 nerdpack:info User's API key account is Nerdpack owner. No
Deploy Nerdpack nr1 nerdpack:deploy User's API key account is Nerdpack owner. Yes
Undeploy Nerdpack nr1 nerdpack:undeploy User's API key account is Nerdpack owner. Yes
Get deploy info nr1 nerdpack:info User's API key account is Nerdpack owner. No
Subscribe nr1 nerdpack:subscribe User's API key account (or master account) is Nerdpack owner. Yes
Unsubscribe nr1 nerdpack:unsubscribe User's API key account is subscribed to Nerdpack. Yes


Permissions to view data in an application

A New Relic user can see an application in New Relic One if any of their New Relic accounts (or a master account of one of those accounts) is subscribed to that application.

An application can contain data from multiple New Relic sources. Once a user has opened the application, what data can they see? A user can see a data source if any of their New Relic accounts (or a master account of one of those accounts) is the owner of the application.

Publish and deploy

How code is loaded

Generally, you don't need to know how application code is loaded in New Relic. But understanding how this works can help you if you encounter issues.

When developing, your code is served from your local laptop by using an subdomain. This domain points to, and will use a variety of ports to connect, including 5000.

In order to load third-party code into the platform, (both in development and production), New Relic One uses an <IFRAME>, as well as a separate domain (a subdomain of to perform the load, relying on same-domain policy to sandbox the code.

For this reason, your network administrator may need to enable access to:

  • Any subdomain of, or, at the very least, to any domain of the shape of <UserId>, where UserId is a 32-hexadecimal character identifier that is unique to the user logged into the platform (you can use [0-9a-f]{32} to discriminate it).

  • Any subdomain of, or, at the very least, to any domain in the shape of <NerdpackUuid>.g<NerdpackGid>, where NerdpackUuid is the UUID assigned to your package, and NerdpackGid is zero, or a positive integer (you can use 0|[1-9]\d+ to discriminate it).