Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

npm-package-json-lint

Package Overview
Dependencies
Maintainers
1
Versions
91
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

npm-package-json-lint

CLI app for linting package.json files.

Source
npmnpm
Version
2.7.0
Version published
Weekly downloads
181K
-7.77%
Maintainers
1
Weekly downloads
 
Created
Source

npm-package-json-lint

A package.json linter for Node projects

license npm Travis Dependency Status devDependency Status

What is npm-package-json-lint?

npm-package-json-lint helps enforce standards for your package.json file. Currently it can check for:

  • validity of data types in nodes. Ex: name should always be a string.
  • whether a string is a lowercase
  • whether a version number is a valid
  • the presence of a given module
  • the presence of a pre-release version of a module
  • and much more!

Please see the wiki for a list of rules.

How do I install it?

First thing first, let's make sure you have the necessary pre-requisites.

System Dependencies

Node

Use the cli

  • npm install npm-package-json-lint -g

Commands and configuration

CommandAliasDescription
pjl-cli --help-hLists supported CLI options
pjl-cli --version-vLists the current version number
pjl-cli --file -fFile path including name. Defaults to package.json
pjl-cli --rule -rValid rule name to check. Defaults to nothing
pjl-cli --rules-file -cFile path of .npmpackagejsonlintrc
pjl-cli --rule-severity -s"error" or "warning". Defaults to "error"
pjl-cli --quiet-qReport errors only
pjl-cli --ignore-warnings-wIgnore warnings

Examples

Run a specific rule, require-author, on a file relative to the current working directory. pjl-cli -f "../relative-path/package.json" -r "require-author"

Run a specific rule, require-author, ignoring warnings on a file relative to the current working directory. pjl-cli -f "../relative-path/package.json" -r "require-author" --ignore-warnings

Run a specific rule, require-author, set severity to warning on a file relative to the current working directory. pjl-cli -f "../relative-path/package.json" -r "require-author" -s "warning"

Run using the config in .npmpackagejsonlintrc on a file relative to the current working directory. pjl-cli -f "../relative-path/package.json" -c "./.npmpackagejsonlintrc"

Run on file relative to the current working directory. npm-package-json-lint attempts to find config. See lookup order below. pjl-cli -f "../relative-path/package.json"

Run on file in the current working directory. npm-package-json-lint attempts to find config. See lookup order below. pjl-cli

Lint Rules

npm-package-json-lint has a configurable set of rules. Please see the wiki for a full list of available rules. By default no rules are enabled. If you would like to use npm-package-json-lint's default ruleset, please see npm-package-json-lint-config-default.

Each rule contains the following properties:

  • ID - example: require-author
  • Node - example: author
  • Message - example: author is required
  • Rule Type - example: required

As mentioned in the "Commands and configuration" section there are two ways to specify rule sets. The first is using --rule to specify a given rule. This will run npm-package-json-lint with just this rule. The second is providing a configuration object. As of v2.7.0, there are multiple ways to provide a configuration object.

  • Adding a --rules-file to the command to specify a JSON file. This file is typically named .npmpackagejsonlintrc; however, you may optionally add a .json extension if you prefer.
  • Add a npmPackageJsonLintConfig property in package.json file
  • Add a npmpackagejsonlint.config.js file that exports a config object in the current working directory.
  • Add a global .npmpackagejsonlintrc.json file in the root of your user directory
  • Add a global npmpackagejsonlint.config.js file that exports a config object in the root of your user directory

Configuring rules

npm-package-json-lint rules can either be run as an error, warning, or off.

  • "warning" - run the rule as a warning
  • "error" - run the rule as an error
  • "off" - disables the rule

Ex: "require-author": "error"

Migrating from v1.x.x to 2.x.x

Please see the migration guide.

Migrating from v0.x.x to 1.x.x

Please see the migration guide.

Contributing

Please see CONTRIBUTING.md.

Release History

Please see CHANGELOG.md.

Related

License

Copyright (c) 2016-2017 Thomas Lindner. Licensed under the MIT license.

Keywords

lint
linter
package.json
audit
auditor
npm-package-json-lint

FAQs

Package last updated on 09 Aug 2017

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases

Research

/

Security News

Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases

Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.

By Lauren Valencia, Kirill Boychenko  -  Sep 17, 2025
Ongoing Supply Chain Attack Targets CrowdStrike npm Packages

Application Security

/

Research

/

Security News

Ongoing Supply Chain Attack Targets CrowdStrike npm Packages

Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.

By Kush Pandya, Peter van der Zee, Olivia Brown  -  Sep 16, 2025