Security News
npm Introduces minimumReleaseAge and Bulk OIDC Configuration
npm rolls out a package release cooldown and scalable trusted publishing updates as ecosystem adoption of install safeguards grows.
By Sarah Gooding - Feb 26, 2026
Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details →
npm-init-template
Advanced tools
npm-init-template
This is a library for building npm init packages more easily,
by providing a set of utility functions for collecting
information and then creating the starter package from a folder
of template files.
USAGE
Create a package that exports a single bin command:
{
"name": "create-my-special-thing",
"version": "1.0.0",
"description": "npm init my-special-thing",
"bin": "index.mjs"
}
Then in that bin script (shown here as index.mjs), put code
like this:
#!/usr/bin/env node
import { Init } from 'npm-init-template'
// Provide it with the path to this file, so we know how to find
// the template files. If using commonjs, use __filename instead.
const { prompt, build, values, positionals, run } = new Init(
import.meta.url,
)
// any prompts that the user already set in the command line,
// like with --foo=bar will be automatically set in the values
// already, and will skip the prompt
// Otherwise, these will update the values object appropriately.
await prompt('What is your name?', 'name')
await prompt('What is your quest?', 'quest')
// third arg is passed as options to `read`
await prompt('What is your favorite color?', 'color', {
default: 'blue',
})
await prompt(
'What is the flight average velocity of an unladen sparrow?',
'sparrow',
)
if (values.sparrow === "I don't know") {
throw new Error('AAAHHHH!!!!')
}
await build({
// The folder where the templates live
// Any files that named *.mustache will be expanded using
// the values object built up by the prompts.
// Any other kinds of files will be copied as-is.
//
// Default is './templates'
// templates: './templates',
// Set the settings for template file handling.
//
// By default:
//
// Any file named *.{json,js,ts,jsx,tsx}.mustache will use the
// template tags <% %> instead of {{ }}, and JSON.stringify
// escaping instead of HTML escaping.
//
// Any file named *.{html,xhtml,xml}.mustache will be escaped using
// HTML escaping by default.
//
// Any other kind of *.mustache file will not escape values
// (default behavior can be overridden by setting the '*'
// member here)
//
// add/adjust as you see fit
// templateSettings: {
// bash: {
// tags: ['(%', '%)'],
// escape: text => JSON.stringify(text),
// }
// },
// of course, you can also change the mustache tags in the
// template itself, using the syntax like `{{=(% %)=}}`
// the folder to build the package in. To build in place,
// use `target: '.'`
// this is required.
// positionals is the positional arguments read by parseArgs
target: positionals[0] || `${values.name}-${values.quest}`,
// glob pattern(s) of template files to include, defaults to '**'
// You can use this for example to conditionally only include
// tsconfig and .ts files if the user has opted into typescript
// This is matched against the file being written, so without
// the '.mustache' extension.
// include: '**',
// include: ['tsconfig*.json', 'src/**/*.ts'],
// excludes take priority over includes. This will omit
// templates from the built results. Defaults to undefined (ie,
// include everything.)
// exclude: 'files/to/exclude/**',
})
// after building, you can run stuff in the folder, if you want
await run('npm install')
In ./templates/quest.html.mustache, you can put mustache
templates, something like
this:
<html>
<body style="background-color:{{ color }}">
<h1>Hello, {{name}}!</h1>
<p>Good luck on {{quest}}.</p>
<p>
The average flight velocity of an unladen sparrow is {{ sparrow
}}.
</p>
</body>
</html>
JSON files use JSON.stringify as the default escaping
mechanism, so in templates/package.json.mustache, you can put
something like this:
{
"name": <% name %>,
"description": <% quest %>
}
Templates can also include each other as partials, each will be loaded with its name relative to the templates folder.
<html>
<body style="background-color:{{ color }}">
<h1>Hello, {{name}}!</h1>
<p>Good luck on {{quest}}.</p>
<p>
The average flight velocity of an unladen sparrow is {{ sparrow
}}.
</p>
<p>Your `package.json` file is:</p>
<pre>{{>package.json}}</pre>
</body>
</html>
FAQs
Create 'npm init' packages easily with templates and prompts
The npm package npm-init-template receives a total of 15 weekly downloads. As such, npm-init-template popularity was classified as not popular.
We found that npm-init-template demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 08 Jul 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Risky Biz Podcast: Open Source Risk Is Compounding as AI Agents Write 90% of New Code
AI agents are writing more code than ever, and that's creating new supply chain risks. Feross joins the Risky Business Podcast to break down what that means for open source security.
By Sarah Gooding - Feb 24, 2026
Research
/Security News
Four Malicious NuGet Packages Target ASP.NET Developers With JIT Hooking and Credential Exfiltration
Socket uncovered four malicious NuGet packages targeting ASP.NET apps, using a typosquatted dropper and localhost proxy to steal Identity data and backdoor apps.
By Kush Pandya - Feb 23, 2026