Socket
Socket
Sign inDemoInstall

package-json

Package Overview
Dependencies
37
Maintainers
2
Versions
34
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

package-json

Get metadata of a package from the npm registry


Version published
Maintainers
2
Weekly downloads
6,620,194
decreased by-7.35%

Weekly downloads

Package description

What is package-json?

The package-json npm package is used to fetch metadata about a package from the npm registry without needing to download the entire package. It can be used to get the latest version of a package, its dependencies, versions, and other useful metadata.

What are package-json's main functionalities?

Get the latest version of a package

Fetches the latest version of the specified package from the npm registry.

{"packageJson": require('package-json'), "getLatestPackageVersion": async function(packageName) { const packageData = await packageJson(packageName); return packageData.version; }}

Get metadata for a specific version of a package

Retrieves metadata for a specific version of a package, including dependencies, repository information, and more.

{"packageJson": require('package-json'), "getPackageDataForVersion": async function(packageName, version) { const packageData = await packageJson(packageName, {version: version}); return packageData; }}

Get all versions of a package

Fetches a list of all available versions of a package from the npm registry.

{"packageJson": require('package-json'), "getAllVersions": async function(packageName) { const packageData = await packageJson(packageName, {allVersions: true}); return Object.keys(packageData.versions); }}

Get the full metadata of a package

Retrieves the full metadata of a package, which includes additional information that's not part of the default output, such as deprecated versions and peerDependencies.

{"packageJson": require('package-json'), "getFullMetadata": async function(packageName) { const packageData = await packageJson(packageName, {fullMetadata: true}); return packageData; }}

Other packages similar to package-json

Readme

Source

package-json

Get metadata of a package from the npm registry

Install

npm install package-json

Usage

import packageJson from 'package-json';

console.log(await packageJson('ava'));
//=> {name: 'ava', …}

// Also works with scoped packages
console.log(await packageJson('@sindresorhus/df'));

API

packageJson(packageName, options?)

packageName

Type: string

Name of the package.

options

Type: object

version

Type: string
Default: latest

Package version such as 1.0.0 or a dist tag such as latest.

The version can also be in any format supported by the semver module. For example:

  • 1 - Get the latest 1.x.x
  • 1.2 - Get the latest 1.2.x
  • ^1.2.3 - Get the latest 1.x.x but at least 1.2.3
  • ~1.2.3 - Get the latest 1.2.x but at least 1.2.3
fullMetadata

Type: boolean
Default: false

By default, only an abbreviated metadata object is returned for performance reasons. Read more.

allVersions

Type: boolean
Default: false

Return the main entry containing all versions.

registryUrl

Type: string
Default: Auto-detected

The registry URL is by default inferred from the npm defaults and .npmrc. This is beneficial as package-json and any project using it will work just like npm. This option is only intended for internal tools. You should not use this option in reusable packages. Prefer just using .npmrc whenever possible.

agent

Type: object

Overwrite the agent option that is passed down to got. This might be useful to add proxy support.

PackageNotFoundError

The error thrown when the given package name cannot be found.

VersionNotFoundError

The error thrown when the given package version cannot be found.

Authentication

Both public and private registries are supported, for both scoped and unscoped packages, as long as the registry uses either bearer tokens or basic authentication.

package-json for enterprise

Available as part of the Tidelift Subscription.

The maintainers of package-json and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.

Keywords

FAQs

Last updated on 19 Jun 2022

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc