npm-package-json-lint
Advanced tools
npm-package-json-lint is a tool for linting package.json files, ensuring they adhere to a defined set of rules and best practices. It helps maintain consistency and correctness in package.json files across projects.
Linting package.json files
This feature allows you to define a set of rules for linting package.json files. The code sample shows a configuration file that extends the default configuration and specifies rules for the name type, version format, and requiring an author field.
module.exports = {
extends: 'npm-package-json-lint-config-default',
rules: {
'name-type': 'error',
'version-format': 'error',
'require-author': 'error'
}
};Custom rule definitions
You can define custom rules to enforce specific requirements in your package.json files. The code sample demonstrates how to restrict certain dependencies and require the scripts field.
module.exports = {
rules: {
'no-restricted-dependencies': ['error', ['lodash', 'underscore']],
'require-scripts': 'error'
}
};Command-line interface
The package provides a CLI for linting package.json files. The code sample shows how to run the linter using npx and a specified configuration file.
npx npm-package-json-lint . --config .npmpackagejsonlintrc.jsoneslint-plugin-json is an ESLint plugin that allows you to lint JSON files, including package.json. It provides a way to enforce JSON-specific rules using the familiar ESLint framework. Compared to npm-package-json-lint, it integrates JSON linting into the broader ESLint ecosystem.
jsonlint is a pure JavaScript library for validating and formatting JSON data. While it doesn't provide package.json-specific rules, it ensures that JSON files are syntactically correct. It is more general-purpose compared to npm-package-json-lint.
json-schema is a library for validating JSON documents against a JSON Schema. It can be used to enforce a schema for package.json files, ensuring they adhere to a predefined structure. Unlike npm-package-json-lint, it focuses on schema validation rather than linting rules.
A package.json linter for Node projects
npm-package-json-lint helps enforce standards for your package.json file. This helps to ensure that your files are of the highest standard and quality. It is also customisable to match your specific project guidline requirements/desires. It has support for both command line and programmatic usage. Currently it can check for:
name should always be a string.Please see the website for a list of rules.
First thing first, let's make sure you have the necessary pre-requisites.
npm install npm-package-json-lint -gnpm install npm-package-json-lintnpx npm-package-json-lint. This will go through the process of linting/validating
your code to meet your desired specifications.The linter can also be used as a module in the program and the output be displayed via a log message. Adding the following code to your file can accomplish this.
const npmPackageJsonLint = require("npm-package-json-lint");
const result = npmPackageJsonLint.lintFiles(["package.json"]);
console.log(result);
npm-package-json-lint has the ability to be constomly configured to match your desires. To configure the linter navigate to the .npmpackagejsonlintrc file in the repository and add in or remove your desired rules.
Follow these steps to get your local environement set up to allow you to contribute to the repository
git clone https://github.com/tclindner/npm-package-json-lint.gitQuick links
CLI commands and configuration | Node.js API | Integrations
Please see the migration guide.
Please see the migration guide.
Please see the migration guide.
Please see the migration guide.
Please see the migration guide.
Please see the migration guide.
Please see the migration guide.
Please see the migration guide.
Please see the migration guide.
Please see CONTRIBUTING.md.
Please see CHANGELOG.md.
Copyright (c) 2016-2023 Thomas Lindner. Licensed under the MIT license.
FAQs
Configurable linter for package.json files.
We found that npm-package-json-lint demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Application Security
/Security News
Socket CEO Feross Aboukhadijeh and a16z partner Joel de la Garza discuss vibe coding, AI-driven software development, and how the rise of LLMs, despite their risks, still points toward a more secure and innovative future.
Research
/Security News
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
Research
/Security News
Socket researchers investigate 4 malicious npm and PyPI packages with 56,000+ downloads that install surveillance malware.