package-hash

What is package-hash?

The package-hash npm package is designed to generate a hash from the contents of a Node.js package. It computes a hash based on the actual contents of the package files, making it useful for tasks such as cache busting, integrity checks, or detecting changes in package contents.

What are package-hash's main functionalities?

Generate hash from package contents

This feature allows you to generate a hash string from the contents of a package located at a specified path. The function returns a promise that resolves with the hash.

const packageHash = require('package-hash');

packageHash('path/to/package').then(hash => {
  console.log('Package hash:', hash);
}).catch(err => {
  console.error('Error generating package hash:', err);
});

Other packages similar to package-hash

hasha

Hasha is a Node.js library for hashing using Node.js' built-in crypto module. It supports various algorithms and can hash strings, buffers, and streams. Compared to package-hash, hasha is more flexible in terms of input types but does not specifically target package contents for hashing.

checksum

Checksum is a simple package to create checksums of files and directories in Node.js. It is similar to package-hash in that it can be used to verify the integrity of package contents. However, checksum provides a simpler API with fewer configuration options compared to package-hash.

README

package-hash

Generates a hash for an installed npm package, useful for salting caches. AVA for example caches precompiled test files. It generates a salt for its cache based on the various packages that are used when compiling the test files.

package-hash can generate an appropriate hash based on the package location (on disk) and the package.json file. This hash is salted with a hash for the package-hash itself.

package-hash can detect when the package-to-be-hashed is a Git repository. In the AVA example this is useful when you're debugging one of the packages used to compile the test files. You can clone it locally and use npm link so AVA can find the clone. The hash will include the HEAD (.git/HEAD) and its corresponding ref (e.g. .git/refs/heads/master), any packed refs (.git/packed-refs), as well as the diff (git diff) for any non-committed changes. This makes it really easy to test your changes without having to explicitly clear the cache in the parent project.

Installation

$ npm install --save package-hash

Usage

const packageHash = require('package-hash')

// Asynchronously:
const hash = await packageHash(require.resolve('babel-core/package.json'))

// Synchronously:
const hash = packageHash.sync(require.resolve('babel-core/package.json'))

packageHash() / packageHash.sync() must be called with a file path for an existing package.json file. To get the path to an npm package it's easiest to use require.resolve('the-name/package.json').

You can provide multiple paths:

const hash = await packageHash([
  require.resolve('babel-core/package.json'),
  require.resolve('babel-preset-es2015/package.json')
])

An optional salt value can also be provided:

const hash = await packageHash(require.resolve('babel-core/package.json'), 'salt value')

API

packageHash(paths, salt?)

paths: string | string[] ➜ can be a single file path, or an array of paths.

salt: Array | Buffer | Object | string ➜ optional. If an Array or Object (not null) it is first converted to a JSON string.

Returns a promise for the hex-encoded hash string.

packageHash.sync(paths, salt?)

paths: string | string[] ➜ can be a single file path, or an array of paths.

salt: Array | Buffer | Object | string ➜ optional. If an Array or Object (not null) it is first converted to a JSON string.

Returns a hex-encoded hash string.

Compatibility

package-hash has been tested with Node.js 8 and above, including Windows support.