package-hash
Advanced tools
Generates a hash for an installed npm package, useful for salting caches
The package-hash npm package is designed to generate a hash from the contents of a Node.js package. It computes a hash based on the actual contents of the package files, making it useful for tasks such as cache busting, integrity checks, or detecting changes in package contents.
Generate hash from package contents
This feature allows you to generate a hash string from the contents of a package located at a specified path. The function returns a promise that resolves with the hash.
const packageHash = require('package-hash');
packageHash('path/to/package').then(hash => {
console.log('Package hash:', hash);
}).catch(err => {
console.error('Error generating package hash:', err);
});Hasha is a Node.js library for hashing using Node.js' built-in crypto module. It supports various algorithms and can hash strings, buffers, and streams. Compared to package-hash, hasha is more flexible in terms of input types but does not specifically target package contents for hashing.
Checksum is a simple package to create checksums of files and directories in Node.js. It is similar to package-hash in that it can be used to verify the integrity of package contents. However, checksum provides a simpler API with fewer configuration options compared to package-hash.
Generates a hash for an installed npm package, useful for salting caches. AVA for example caches precompiled test files. It generates a salt for its cache based on the various packages that are used when compiling the test files.
package-hash can generate an appropriate hash based on the package location
(on disk) and the package.json file. This hash is salted with a hash
for the package-hash itself.
package-hash can detect when the package-to-be-hashed is a Git repository. In
the AVA example this is useful when you're debugging one of the packages used to
compile the test files. You can clone it locally and use npm link so AVA can
find the clone. The hash will include the HEAD (.git/HEAD) and its
corresponding ref (e.g. .git/refs/heads/master), any packed refs
(.git/packed-refs), as well as the diff (git diff) for any non-committed
changes. This makes it really easy to test your changes without having to
explicitly clear the cache in the parent project.
$ npm install --save package-hash
const packageHash = require('package-hash')
// Asynchronously:
const hash = await packageHash(require.resolve('babel-core/package.json'))
// Synchronously:
const hash = packageHash.sync(require.resolve('babel-core/package.json'))
packageHash() / packageHash.sync() must be called with a file path for an
existing package.json file. To get the path to an npm package it's easiest to
use require.resolve('the-name/package.json').
You can provide multiple paths:
const hash = await packageHash([
require.resolve('babel-core/package.json'),
require.resolve('babel-preset-es2015/package.json')
])
An optional salt value can also be provided:
const hash = await packageHash(require.resolve('babel-core/package.json'), 'salt value')
packageHash(paths, salt?)paths: string | string[] ➜ can be a single file path, or an array of paths.
salt: Array | Buffer | Object | string ➜ optional. If an Array or Object (not null) it is first converted to a JSON string.
Returns a promise for the hex-encoded hash string.
packageHash.sync(paths, salt?)paths: string | string[] ➜ can be a single file path, or an array of paths.
salt: Array | Buffer | Object | string ➜ optional. If an Array or Object (not null) it is first converted to a JSON string.
Returns a hex-encoded hash string.
package-hash has been tested with Node.js 8 and above, including Windows
support.
FAQs
Generates a hash for an installed npm package, useful for salting caches
The npm package package-hash receives a total of 4,838,950 weekly downloads. As such, package-hash popularity was classified as popular.
We found that package-hash demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Meet Socket at Black Hat & DEF CON 2025 for 1:1s, insider security talks at Allegiant Stadium, and a private dinner with top minds in software supply chain security.
Security News
CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.
Security News
Deno 2.4 brings back bundling, improves dependency updates and telemetry, and makes the runtime more practical for real-world JavaScript projects.