Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
@pnpm/write-project-manifest
Advanced tools
Write a project manifest (called package.json in most cases)
@pnpm/write-project-manifest is an npm package that allows you to programmatically write and update the package.json file of a project. This can be useful for automating project setup, dependency management, and other tasks that involve modifying the package.json file.
Write a new package.json
This feature allows you to create a new package.json file with the specified content. The code sample demonstrates how to define a new package.json and write it to the current directory.
const { writeProjectManifest } = require('@pnpm/write-project-manifest');
const manifest = {
name: 'my-new-project',
version: '1.0.0',
description: 'A new project',
main: 'index.js',
scripts: {
start: 'node index.js'
},
dependencies: {}
};
writeProjectManifest('.', manifest).then(() => {
console.log('package.json has been written');
});
Update an existing package.json
This feature allows you to update an existing package.json file. The code sample demonstrates how to read the current package.json, modify its content, and write the updated content back to the file.
const { writeProjectManifest } = require('@pnpm/write-project-manifest');
const fs = require('fs');
const manifestPath = './package.json';
const manifest = JSON.parse(fs.readFileSync(manifestPath, 'utf-8'));
manifest.version = '1.0.1';
manifest.scripts.test = 'jest';
writeProjectManifest('.', manifest).then(() => {
console.log('package.json has been updated');
});
The write-pkg package provides similar functionality to @pnpm/write-project-manifest by allowing you to write and update package.json files. It offers a simple API for writing package.json files and is widely used in the npm ecosystem.
The edit-json-file package allows you to easily read, modify, and write JSON files, including package.json. While it is not specifically designed for package.json files, it provides a flexible API for working with any JSON file.
The jsonfile package is a simple utility for reading and writing JSON files. It can be used to manage package.json files, but it does not offer specialized features for package.json management like @pnpm/write-project-manifest.
Write a project manifest (called package.json in most cases)
pnpm add @pnpm/write-project-manifest
import writeProjectManifest from '@pnpm/write-project-manifest'
import path from 'path'
(async () => await writeProjectManifest(path.resolve('package.yaml'), { name: 'foo', version: '1.0.0' }))()
MIT
FAQs
Write a project manifest (called package.json in most cases)
The npm package @pnpm/write-project-manifest receives a total of 378,341 weekly downloads. As such, @pnpm/write-project-manifest popularity was classified as popular.
We found that @pnpm/write-project-manifest demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.