Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
By Douglas Coburn - Sep 13, 2024
npm-package-arg
Advanced tools
What is npm-package-arg?
The npm-package-arg package is a utility for parsing package names and specifiers in the npm ecosystem. It helps in understanding and manipulating package references, whether they are simple names, version ranges, GitHub URLs, or local paths.
What are npm-package-arg's main functionalities?
Parsing Package Names
This feature allows you to parse a simple package name. The output will be an object containing details about the package, such as its name, type, and registry.
const npa = require('npm-package-arg');
const parsed = npa('express');
console.log(parsed);Parsing Version Ranges
This feature allows you to parse a package name with a version range. The output will include the specified version range and other details.
const npa = require('npm-package-arg');
const parsed = npa('express@^4.0.0');
console.log(parsed);Parsing GitHub URLs
This feature allows you to parse a GitHub URL. The output will include details about the repository, such as the user and repo names.
const npa = require('npm-package-arg');
const parsed = npa('github:user/repo');
console.log(parsed);Parsing Local Paths
This feature allows you to parse a local file path. The output will include details about the local path and the type of reference.
const npa = require('npm-package-arg');
const parsed = npa('file:./local-package');
console.log(parsed);Other packages similar to npm-package-arg
validate-npm-package-name
The validate-npm-package-name package is used to validate whether a string is a valid npm package name. Unlike npm-package-arg, it focuses solely on validation and does not parse version ranges, URLs, or paths.
semver
The semver package is used for parsing, validating, and comparing semantic versioning strings. While npm-package-arg can parse version ranges as part of a package specifier, semver provides more comprehensive tools for working with version numbers.
npm-registry-fetch
The npm-registry-fetch package is used to make requests to the npm registry. It can fetch package metadata and tarballs. While npm-package-arg helps in parsing package specifiers, npm-registry-fetch is focused on interacting with the npm registry.
npm-package-arg
Parses package name and specifier passed to commands like npm install or
npm cache add, or as found in package.json dependency sections.
EXAMPLES
var assert = require("assert")
var npa = require("npm-package-arg")
// Pass in the descriptor, and it'll return an object
try {
var parsed = npa("@bar/foo@1.2")
} catch (ex) {
…
}
USING
var npa = require('npm-package-arg')
var result = npa(arg[, where])
- arg - a string that you might pass to
npm install, like:foo@1.2,@bar/foo@1.2,foo@user/foo,http://x.com/foo.tgz,git+https://github.com/user/foo,bitbucket:user/foo,foo.tar.gz,../foo/bar/orbar. If the arg you provide doesn't have a specifier part, egfoothen the specifier will default tolatest. - where - Optionally the path to resolve file paths relative to. Defaults to
process.cwd()
Throws if the package name is invalid, a dist-tag is invalid or a URL's protocol is not supported.
var result = npa.resolve(name, spec[, where])
- name - The name of the module you want to install. For example:
fooor@bar/foo. - spec - The specifier indicating where and how you can get this module. Something like:
1.2,^1.7.17,http://x.com/foo.tgz,git+https://github.com/user/foo,bitbucket:user/foo,file:foo.tar.gzorfile:../foo/bar/. If not included then the default islatest. - where - Optionally the path to resolve file paths relative to. Defaults to
process.cwd()
Throws if the package name is invalid, a dist-tag is invalid or a URL's protocol is not supported.
var purl = npa.toPurl(arg, reg)
Returns the purl (package URL) form of the given package name/spec.
- arg - A package/version string. For example:
foo@1.0.0or@bar/foo@2.0.0-alpha.1. - reg - Optionally the URL to the package registry. If not specified, assumes the default
https://registry.npmjs.org.
Throws if the package name is invalid, or the supplied arg can't be resolved to a purl.
RESULT OBJECT
The objects that are returned by npm-package-arg contain the following keys:
type- One of the following strings:git- A git repotag- A tagged version, like"foo@latest"version- A specific version number, like"foo@1.2.3"range- A version range, like"foo@2.x"file- A local.tar.gz,.taror.tgzfile.directory- A local directory.remote- An http url (presumably to a tgz)alias- A specifier with an alias, likemyalias@npm:foo@1.2.3
registry- If true this specifier refers to a resource hosted on a registry. This is true fortag,versionandrangetypes.name- If known, thenamefield expected in the resulting pkg.scope- If a name is something like@org/modulethen thescopefield will be set to@org. If it doesn't have a scoped name, then scope isnull.escapedName- A version ofnameescaped to match the npm scoped packages specification. Mostly used when making requests against a registry. Whennameisnull,escapedNamewill also benull.rawSpec- The specifier part that was parsed out in calls tonpa(arg), or the value ofspecin calls to `npa.resolve(name, spec).saveSpec- The normalized specifier, for saving to package.json files.nullfor registry dependencies.fetchSpec- The version of the specifier to be used to fetch this resource.nullfor shortcuts to hosted git dependencies as there isn't just one URL to try with them.gitRange- If set, this is a semver specifier to match against git tags withgitCommittish- If set, this is the specific committish to use with a git dependency.hosted- Iffrom === 'hosted'then this will be ahosted-git-infoobject. This property is not included when serializing the object as JSON.raw- The original un-modified string that was provided. If called asnpa.resolve(name, spec)then this will bename + '@' + spec.subSpec- Iftype === 'alias', this is a Result Object for parsing the target specifier for the alias.
FAQs
Parse the things that can be arguments to `npm install`
The npm package npm-package-arg receives a total of 11,628,187 weekly downloads. As such, npm-package-arg popularity was classified as popular.
We found that npm-package-arg demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 22 Jul 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
The Wildcard Gamble: Understanding the Risks of Floating Dependency Ranges in npm
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
By Sarah Gooding - Sep 13, 2024
Security News
New Rust RFC Proposes Adding Support for Trusted Publishing to Crates.io
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.
By Sarah Gooding - Sep 12, 2024