Socket
Socket
Sign inDemoInstall

package-json

Package Overview
Dependencies
Maintainers
1
Versions
35
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

package-json - npm Package Compare versions

Comparing version 9.0.0 to 10.0.0

349

index.d.ts

@@ -1,5 +0,228 @@

import {Agent as HttpAgent} from 'node:http';
import {Agent as HttpsAgent} from 'node:https';
import {type Agents} from 'got';
import type {PackageJson} from 'type-fest';
type Person = Readonly<PackageJson.Person>;
type PersonObject = Exclude<Person, string>;
// eslint-disable-next-line unicorn/prevent-abbreviations
type Dist = Readonly<{
/**
The URL of the tarball containing the payload for the package.
*/
tarball: string;
/**
The SHA-1 sum of the tarball.
*/
shasum: string;
/**
A string in the format `<hashAlgorithm>-<base64-hash>`. Refer to the {@link https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity Subresource Integrity} docs on MDN and the {@link https://github.com/npm/cacache#integrity `cacache`} package for more information.
@since April 2017
*/
integrity?: string;
/**
The number of files in the tarball, folder excluded.
@since February 2018
*/
fileCount?: number;
/**
The total bytes of the unpacked files in the tarball.
@since February 2018
*/
unpackedSize?: number;
/**
A PGP signature in the format `<package>@<version>:<integrity>`.
@since April 2018
@deprecated April 2023, see https://docs.npmjs.com/about-registry-signatures
*/
'npm-signature'?: string;
/**
ECDSA signature(s).
@see https://docs.npmjs.com/about-registry-signatures
@since April 2023
*/
signatures?: Array<{
/**
A SHA-256 public key.
*/
keyid: string;
sig: string;
}>;
}>;
type AbbreviatedVersionPackageJsonFields = (
| 'dependencies'
| 'optionalDependencies'
| 'devDependencies'
| 'bundleDependencies'
| 'peerDependencies'
| 'peerDependenciesMeta'
| 'bin'
| 'directories'
| 'engines'
| 'cpu'
| 'os'
| 'funding'
);
type AbbreviatedVersion = Readonly<{
/**
The name of the package.
*/
name: string;
/**
Package version, parseable by [`node-semver`](https://github.com/npm/node-semver).
*/
version: string;
dist: Dist;
/**
The deprecation warnings message of this version. A version is deprecated if this field is set.
*/
deprecated?: string;
/**
Whether or not this version has a shrinkwrap used to install it. If this field is `undefined`, the client must determine through other means if a shrinkwrap exists.
*/
_hasShrinkwrap?: boolean;
/**
Whether or not this version has an `install` script.
*/
hasInstallScript?: boolean;
}> & Pick<Readonly<PackageJson>, AbbreviatedVersionPackageJsonFields>;
// eslint-disable-next-line unicorn/prevent-abbreviations
type DistTags = {
[tagName: string]: string;
latest: string;
};
type AbbreviatedMetadata = Readonly<{
/**
The name of the package.
*/
name: string;
/**
An {@link https://en.wikipedia.org/wiki/ISO_8601#Combined_date_and_time_representations ISO timestamp} of the last time the package was modified.
*/
modified: string;
'dist-tags': DistTags;
versions: Record<string, AbbreviatedVersion>;
}>;
type Repository = Readonly<Exclude<PackageJson['repository'], string>>;
type HoistedPackageJsonFields = (
| 'author'
| 'bugs'
| 'contributors'
| 'description'
| 'homepage'
| 'keywords'
| 'license'
);
// Hoisted from latest version
type HoistedData = Readonly<{
/**
People with permission to publish the package. Not authoritative but informational.
*/
maintainers?: PersonObject[];
/**
The first 64K of the readme data for the most-recently published version of the package.
*/
readme?: string;
/**
The name of the file from which the readme data was taken.
*/
readmeFilename?: string;
repository?: Repository;
}> & Pick<Readonly<PackageJson>, HoistedPackageJsonFields>;
type FullVersion = Readonly<{
/**
`package@version`
*/
_id: string;
_shasum: string;
_from: string;
/**
The version of npm used to publish the package.
*/
_npmVersion: string;
/**
The version of Node.js used to publish the package.
*/
_nodeVersion: string;
/**
The npm user who published this version.
*/
_npmUser: PersonObject;
licenseText?: string;
gitHead?: string;
}> & Readonly<Omit<PackageJson, 'repository'>> & Omit<AbbreviatedVersion, 'hasInstallScript'> & HoistedData;
type FullMetadata = Readonly<{
/**
The name of the package, used as an ID in CouchDB.
*/
_id: string;
/**
The revision number of this version of the document in CouchDB.
*/
_rev: string;
/**
A mapping of versions to the time they were published. Each value is an {@link https://en.wikipedia.org/wiki/ISO_8601#Combined_date_and_time_representations ISO timestamp}.
*/
time: {
[version: string]: string;
/**
When the package was created.
*/
created: string;
/**
When the package was last modified.
*/
modified: string;
};
/**
NPM users who have starred the package.
*/
users?: Readonly<Record<string, boolean>>;
versions: Readonly<Record<string, FullVersion>>;
}> & AbbreviatedMetadata & HoistedData;
/**

@@ -23,3 +246,3 @@ The error thrown when the given package version cannot be found.

export type Options = {
export type Options = Readonly<{
/**

@@ -36,3 +259,3 @@ Package version such as `1.0.0` or a [dist tag](https://docs.npmjs.com/cli/dist-tag) such as `latest`.

*/
readonly version?: string;
version?: string;

@@ -44,3 +267,3 @@ /**

*/
readonly fullMetadata?: boolean;
fullMetadata?: boolean;

@@ -52,3 +275,3 @@ /**

*/
readonly allVersions?: boolean;
allVersions?: boolean;

@@ -58,103 +281,14 @@ /**

*/
readonly registryUrl?: string;
registryUrl?: string;
/**
Overwrite the `agent` option that is passed down to [`got`](https://github.com/sindresorhus/got#agent). This might be useful to add [proxy support](https://github.com/sindresorhus/got#proxies).
*/
readonly agent?: Agents;
};
Whether or not to omit deprecated versions of a package.
export type FullMetadataOptions = {
/**
By default, only an abbreviated metadata object is returned for performance reasons. [Read more.](https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md)
If set, versions marked as deprecated on the registry are omitted from results. Providing a dist tag or a specific version will still return that version, even if it's deprecated. If no version can be found once deprecated versions are omitted, a `VersionNotFoundError` is thrown.
@default false
@default true
*/
readonly fullMetadata: true;
} & Options;
omitDeprecated?: boolean;
}>;
type DistTags = {
readonly [tagName: string]: string;
readonly latest: string;
};
type AbbreviatedVersion = {
readonly [key: string]: unknown;
readonly name: string;
readonly version: string;
readonly dist: {
readonly shasum: string;
readonly tarball: string;
readonly integrity?: string;
};
readonly deprecated?: string;
readonly dependencies?: Readonly<Record<string, string>>;
readonly optionalDependencies?: Readonly<Record<string, string>>;
readonly devDependencies?: Readonly<Record<string, string>>;
readonly bundleDependencies?: Readonly<Record<string, string>>;
readonly peerDependencies?: Readonly<Record<string, string>>;
readonly bin?: Readonly<Record<string, string>>;
readonly directories?: readonly string[];
readonly engines?: Readonly<Record<string, string>>;
readonly _hasShrinkwrap?: boolean;
};
type Person = {
readonly name?: string;
readonly email?: string;
readonly url?: string;
};
type HoistedData = {
readonly author?: Person;
readonly bugs?:
| {readonly url: string; readonly email?: string}
| {readonly url?: string; readonly email: string};
readonly contributors?: readonly Person[];
readonly description?: string;
readonly homepage?: string;
readonly keywords?: readonly string[];
readonly license?: string;
readonly maintainers?: readonly Person[];
readonly readme?: string;
readonly readmeFilename?: string;
readonly repository?: {readonly type: string; readonly url: string};
};
type FullVersion = {
readonly [key: string]: unknown;
readonly _id: string;
readonly _nodeVersion: string;
readonly _npmUser: string;
readonly _npmVersion: string;
readonly main?: string;
readonly files?: readonly string[];
readonly man?: readonly string[];
readonly scripts?: Readonly<Record<string, string>>;
readonly gitHead?: string;
readonly types?: string;
readonly typings?: string;
} & AbbreviatedVersion & HoistedData;
export type FullMetadata = {
readonly [key: string]: unknown;
readonly _id: string;
readonly _rev: string;
readonly time: {
readonly [version: string]: string;
readonly created: string;
readonly modified: string;
};
readonly users?: Readonly<Record<string, boolean>>;
readonly versions: Readonly<Record<string, FullVersion>>;
} & AbbreviatedMetadata & HoistedData;
export type AbbreviatedMetadata = {
readonly [key: string]: unknown;
readonly 'dist-tags': DistTags;
readonly modified: string;
readonly name: string;
readonly versions: Readonly<Record<string, AbbreviatedVersion>>;
};
/**

@@ -176,3 +310,10 @@ Get metadata of a package from the npm registry.

*/
export default function packageJson(packageName: string, options: FullMetadataOptions): Promise<FullMetadata>;
export default function packageJson(packageName: string, options?: Options): Promise<AbbreviatedMetadata>;
export default function packageJson<ProvidedOptions extends Options>(packageName: string, options?: ProvidedOptions): Promise<(
ProvidedOptions extends {fullMetadata: true}
? ProvidedOptions extends {allVersions: true}
? FullMetadata
: FullVersion & Pick<FullMetadata, 'time'>
: ProvidedOptions extends {allVersions: true}
? AbbreviatedMetadata
: AbbreviatedVersion
)>;

53

index.js

@@ -1,4 +0,2 @@

import {Agent as HttpAgent} from 'node:http';
import {Agent as HttpsAgent} from 'node:https';
import got from 'got';
import ky from 'ky';
import registryUrl from 'registry-url';

@@ -8,12 +6,2 @@ import registryAuthToken from 'registry-auth-token';

// These agent options are chosen to match the npm client defaults and help with performance
// See: `npm config get maxsockets` and #50
const agentOptions = {
keepAlive: true,
maxSockets: 50,
};
const httpAgent = new HttpAgent(agentOptions);
const httpsAgent = new HttpsAgent(agentOptions);
export class PackageNotFoundError extends Error {

@@ -33,10 +21,8 @@ constructor(packageName) {

export default async function packageJson(packageName, options) {
options = {
version: 'latest',
...options,
};
export default async function packageJson(packageName, options = {}) {
let {version = 'latest'} = options;
const {omitDeprecated = true} = options;
const scope = packageName.split('/')[0];
const registryUrl_ = options.registryUrl || registryUrl(scope);
const registryUrl_ = options.registryUrl ?? registryUrl(scope);
const packageUrl = new URL(encodeURIComponent(packageName).replace(/^%40/, '@'), registryUrl_);

@@ -57,19 +43,7 @@ const authInfo = registryAuthToken(registryUrl_.toString(), {recursive: true});

const gotOptions = {
headers,
agent: {
http: httpAgent,
https: httpsAgent,
},
};
if (options.agent) {
gotOptions.agent = options.agent;
}
let data;
try {
data = await got(packageUrl, gotOptions).json();
data = await ky(packageUrl, {headers, keepalive: true}).json();
} catch (error) {
if (error?.response?.statusCode === 404) {
if (error?.response?.status === 404) {
throw new PackageNotFoundError(packageName);

@@ -85,3 +59,2 @@ }

let {version} = options;
const versionError = new VersionNotFoundError(packageName, version);

@@ -94,3 +67,13 @@

} else if (version) {
if (!data.versions[version]) {
const versionExists = Boolean(data.versions[version]);
if (omitDeprecated && !versionExists) {
for (const [metadataVersion, metadata] of Object.entries(data.versions)) {
if (metadata.deprecated) {
delete data.versions[metadataVersion];
}
}
}
if (!versionExists) {
const versions = Object.keys(data.versions);

@@ -97,0 +80,0 @@ version = semver.maxSatisfying(versions, version);

19

package.json
{
"name": "package-json",
"version": "9.0.0",
"version": "10.0.0",
"description": "Get metadata of a package from the npm registry",

@@ -23,4 +23,3 @@ "license": "MIT",

"scripts": {
"//test": "xo && ava && tsd",
"test": "xo && ava"
"test": "xo && ava && tsd"
},

@@ -43,14 +42,14 @@ "files": [

"dependencies": {
"got": "^13.0.0",
"ky": "^1.2.0",
"registry-auth-token": "^5.0.2",
"registry-url": "^6.0.1",
"semver": "^7.5.4"
"semver": "^7.6.0"
},
"devDependencies": {
"@types/node": "^20.11.5",
"ava": "^6.1.0",
"mock-private-registry": "^1.1.2",
"tsd": "^0.30.4",
"xo": "^0.56.0"
"@types/node": "^18",
"ava": "^6.1.1",
"private-registry-mock": "^0.3.0",
"tsd": "^0.30.7",
"xo": "^0.57.0"
}
}

17

readme.md

@@ -56,3 +56,3 @@ # package-json

By default, only an abbreviated metadata object is returned for performance reasons. [Read more.](https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md)
By default, only an abbreviated metadata object is returned for performance reasons. [Read more](https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md), or see the [type definitions](index.d.ts).

@@ -73,8 +73,11 @@ ##### allVersions

##### agent
##### omitDeprecated
Type: `object`
Type: `boolean`\
Default: `true`
Overwrite the `agent` option that is passed down to [`got`](https://github.com/sindresorhus/got#agent). This might be useful to add [proxy support](https://github.com/sindresorhus/got#proxies).
Whether or not to omit deprecated versions of a package.
If set, versions marked as deprecated on the registry are omitted from results. Providing a dist tag or a specific version will still return that version, even if it's deprecated. If no version can be found once deprecated versions are omitted, a [`VersionNotFoundError`](#versionnotfounderror) is thrown.
### PackageNotFoundError

@@ -92,2 +95,8 @@

## Proxies
Proxy support is not implemented in this package. If necessary, use a global agent that modifies [`fetch`](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API), which this package uses internally.
Support for this may come to [Node.js in the future](https://github.com/nodejs/undici/issues/1650).
## Related

@@ -94,0 +103,0 @@

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc