CLI to optimize package.json for NPM
culls is a minimal CLI that removes unnecessary fields from package.json intended to be run before publishing to NPM. The changes to package.json should not be checked into source control. The goal of culls is to create the absolute smallest possible package.json file for publishing to NPM.
For example, culls will remove devDependencies from package.json, which, while automatically excluded during package installation, still adds unnecessary bulk to your published package. Other development-specific fields that can be removed include linting or testing configs, like for Prettier, Jest, or ESLint.
The CLI must be run with a valid package.json file in the current working directory.
# NPM
npx culls
# Bun
bunx culls
By default, culls preserves fields that are typically required for publishing NPM packages.
package.json fieldsTo specify fields to preserve, use the --preserve flag. Fields should be comma-separated.
# NPM
npx culls --preserve=scripts,customField
# Bun
bunx culls --preserve=scripts,customField
This sample workflow demonstrates using culls when automating package publishing.
# .github/workflows/publish.yml
on:
push:
# Trigger on tag push.
# E.g., `git tag v1.0.0; git push origin v1.0.0`
tags:
- "v*"
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "20.x"
registry-url: "https://registry.npmjs.org"
- name: Install dependencies
run: npm install
# Run any necessary build steps.
# In this case, `scripts` are still needed.
- name: Build package
run: npm run build
# Run `culls` to remove unnecessary fields.
- name: Prune package.json
run: npx culls
- name: Publish package
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
run: npm publish --provenance --access public
0.1.1 - 2024-12-15
cull to cullsFAQs
Optimize package.json for NPM
The npm package culls receives a total of 24 weekly downloads. As such, culls popularity was classified as not popular.
We found that culls demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.