A linter for npm & node package.json files with a focus on security.
This is currently a proof of concept for a package that reads a .npmlint.json file in a directory and from this can parse a package.json file and enforce these rules.
This could then be used in pre-commit/pre-push hooks.
The currently implemented options are:
includes:This is an array of features a package must include.
nameandversionare hard coded as required, as per npm itself. Then you can add fields that are needed. There will be anexcludesalso added once the code is moved to be more plugin based.
scripts:
scriptsis an object that currently takes one property,allow. This scans each script for the know applications and reports anything that is not in the list. For example in this repo it will reportScript test has a unknown executable exit
FAQs
A configurable package.json linter with a focus on security
The npm package npm-lint receives a total of 2 weekly downloads. As such, npm-lint popularity was classified as not popular.
We found that npm-lint demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Create React App is officially deprecated due to React 19 issues and lack of maintenance—developers should switch to Vite or other modern alternatives.
Security News
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Security News
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
