eslint-plugin-package-json
Advanced tools
Rules for consistent, readable, and valid package.json files. 🗂️
Rules for consistent, readable, and valid package.json files. 🗂️
This package requires ESLint 8 and jsonc-eslint-parser:
npm install eslint eslint-plugin-package-json jsonc-eslint-parser --save-dev
Add an override to your ESLint configuration file that specifies this plugin, jsonc-eslint-parser, and its recommended rules for your package.json file:
module.exports = {
overrides: [
{
extends: ["plugin:package-json/recommended"],
files: ["package.json"],
parser: "jsonc-eslint-parser",
plugins: ["package-json"],
},
],
};
You may also want to individually configure rules. See ESLint's Configure Rules guide for details on how to customize your rules.
module.exports = {
overrides: [
{
extends: ["plugin:package-json/recommended"],
files: ["package.json"],
parser: "jsonc-eslint-parser",
plugins: ["package-json"],
rules: {
"package-json/valid-package-def": "error",
},
},
],
};
prettier-plugin-packagejson is a Prettier plugin that enforces the same package.json keys ordering as the order-properties and sort-collections rules with default options.
We recommend using both the Prettier plugin and extends: ["plugin:package-json/recommended"].
The default settings don't conflict, and Prettier plugins can quickly fix up ordering in your editor on save and/or as a Git hook.
💼 Configurations enabled in.
✅ Set in the recommended configuration.
🔧 Automatically fixable by the --fix CLI option.
💡 Manually fixable by editor suggestions.
| Name | Description | 💼 | 🔧 | 💡 |
|---|---|---|---|---|
| order-properties | Package properties must be declared in standard order | ✅ | 🔧 | |
| prefer-repository-shorthand | Enforce shorthand declaration for GitHub repository. | ✅ | 🔧 | |
| sort-collections | Dependencies, scripts, and configuration values must be declared in alphabetical order. | ✅ | 🔧 | |
| unique-dependencies | Enforce that if repository directory is specified, it matches the path to the package.json file | ✅ | 💡 | |
| valid-local-dependency | Checks existence of local dependencies in the package.json | ✅ | ||
| valid-name | Enforce that package names are valid npm package names | ✅ | 💡 | |
| valid-package-def | Enforce that package.json has all properties required by the npm spec | ✅ | ||
| valid-repository-directory | Enforce that if repository directory is specified, it matches the path to the package.json file | ✅ | 💡 | |
| valid-version | Enforce that package versions are valid semver specifiers | ✅ | 💡 |
These rules only run on package.json files; they will ignore all other files being linted.
They can lint package.json files at project root and in any subfolder of the project, making this plugin great for monorepos.
Many thanks to @zetlen for creating the initial version and core infrastructure of this package! 💖
💙 This package was templated with create-typescript-app.
FAQs
Rules for consistent, readable, and valid package.json files. 🗂️
The npm package eslint-plugin-package-json receives a total of 26,855 weekly downloads. As such, eslint-plugin-package-json popularity was classified as popular.
We found that eslint-plugin-package-json demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST's new password guidelines remove periodic changes and special character requirements, focusing on longer, more secure passwords for better authentication practices.
Security News
A record 2,709 developers participated in the 2024 Ruby on Rails Community Survey, revealing key tools, practices, and trends shaping the Rails ecosystem.
Security News
In 2023, data breaches surged 78% from zero-day and supply chain attacks, but developers are still buried under alerts that are unable to prevent these threats.
