Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
npm-package-json-lint
Advanced tools
npm-package-json-lint is a tool for linting package.json files, ensuring they adhere to a defined set of rules and best practices. It helps maintain consistency and correctness in package.json files across projects.
Linting package.json files
This feature allows you to define a set of rules for linting package.json files. The code sample shows a configuration file that extends the default configuration and specifies rules for the name type, version format, and requiring an author field.
module.exports = {
extends: 'npm-package-json-lint-config-default',
rules: {
'name-type': 'error',
'version-format': 'error',
'require-author': 'error'
}
};
Custom rule definitions
You can define custom rules to enforce specific requirements in your package.json files. The code sample demonstrates how to restrict certain dependencies and require the scripts field.
module.exports = {
rules: {
'no-restricted-dependencies': ['error', ['lodash', 'underscore']],
'require-scripts': 'error'
}
};
Command-line interface
The package provides a CLI for linting package.json files. The code sample shows how to run the linter using npx and a specified configuration file.
npx npm-package-json-lint . --config .npmpackagejsonlintrc.json
eslint-plugin-json is an ESLint plugin that allows you to lint JSON files, including package.json. It provides a way to enforce JSON-specific rules using the familiar ESLint framework. Compared to npm-package-json-lint, it integrates JSON linting into the broader ESLint ecosystem.
jsonlint is a pure JavaScript library for validating and formatting JSON data. While it doesn't provide package.json-specific rules, it ensures that JSON files are syntactically correct. It is more general-purpose compared to npm-package-json-lint.
json-schema is a library for validating JSON documents against a JSON Schema. It can be used to enforce a schema for package.json files, ensuring they adhere to a predefined structure. Unlike npm-package-json-lint, it focuses on schema validation rather than linting rules.
A package.json linter for Node projects
npm-package-json-lint helps enforce standards for your package.json file. Currently it can check for:
name
should always be a string.Please see the website for a list of rules.
First thing first, let's make sure you have the necessary pre-requisites.
npm install npm-package-json-lint -g
npm install npm-package-json-lint
Quick links
CLI commands and configuration | Node.js API
Please see the migration guide.
Please see the migration guide.
Please see the migration guide.
Please see the migration guide.
Please see the migration guide.
Please see the migration guide.
Please see CONTRIBUTING.md.
Please see CHANGELOG.md.
Copyright (c) 2016-2022 Thomas Lindner. Licensed under the MIT license.
FAQs
Configurable linter for package.json files.
The npm package npm-package-json-lint receives a total of 91,896 weekly downloads. As such, npm-package-json-lint popularity was classified as popular.
We found that npm-package-json-lint demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.