package-hash
Advanced tools
Generates a hash for an installed npm package, useful for salting caches. AVA for example caches precompiled test files. It generates a salt for its cache based on the various packages that are used when compiling the test files.
package-hash can generate an appropriate hash based on the package location
(on disk) and the package.json file. This hash is salted with a hash
for the package-hash itself.
package-hash can detect when the package-to-be-hashed is a Git repository. In
the AVA example this is useful when you're debugging one of the packages used to
compile the test files. You can clone it locally and use npm link so AVA can
find the clone. The hash will include the HEAD (.git/HEAD) and its
corresponding ref (e.g. .git/refs/heads/master), any packed refs
(.git/packed-refs), as well as the diff (git diff) for any non-committed
changes. This makes it really easy to test your changes without having to
explicitly clear the cache in the parent project.
$ npm install --save package-hash
const packageHash = require('package-hash')
// Asynchronously:
const hash = await packageHash(require.resolve('babel-core/package.json'))
// Synchronously:
const hash = packageHash.sync(require.resolve('babel-core/package.json'))
packageHash() / packageHash.sync() must be called with a file path for an
existing package.json file. To get the path to an npm package it's easiest to
use require.resolve('the-name/package.json').
You can provide multiple paths:
const hash = await packageHash([
require.resolve('babel-core/package.json'),
require.resolve('babel-preset-es2015/package.json')
])
An optional salt value can also be provided:
const hash = await packageHash(require.resolve('babel-core/package.json'), 'salt value')
packageHash(paths, salt?)paths: string | string[] ➜ can be a single file path, or an array of paths.
salt: Array | Buffer | Object | string ➜ optional. If an Array or Object (not null) it is first converted to a JSON string.
Returns a promise for the hex-encoded hash string.
packageHash.sync(paths, salt?)paths: string | string[] ➜ can be a single file path, or an array of paths.
salt: Array | Buffer | Object | string ➜ optional. If an Array or Object (not null) it is first converted to a JSON string.
Returns a hex-encoded hash string.
package-hash has been tested with Node.js 8 and above, including Windows
support.
Hasha is a Node.js library for hashing using Node.js' built-in crypto module. It supports various algorithms and can hash strings, buffers, and streams. Compared to package-hash, hasha is more flexible in terms of input types but does not specifically target package contents for hashing.
Checksum is a simple package to create checksums of files and directories in Node.js. It is similar to package-hash in that it can be used to verify the integrity of package contents. However, checksum provides a simpler API with fewer configuration options compared to package-hash.
FAQs
Generates a hash for an installed npm package, useful for salting caches
The npm package package-hash receives a total of 2,458,290 weekly downloads. As such, package-hash popularity was classified as popular.
We found that package-hash demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket CEO Feross Aboukhadijeh joins Insecure Agents to discuss CVE remediation and why supply chain attacks require a different security approach.
Security News
Tailwind Labs laid off 75% of its engineering team after revenue dropped 80%, as LLMs redirect traffic away from documentation where developers discover paid products.
Security News
The planned feature introduces a review step before releases go live, following the Shai-Hulud attacks and a rocky migration off classic tokens that disrupted maintainer workflows.