Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
By Douglas Coburn - Sep 13, 2024
package-json
Advanced tools
What is package-json?
The package-json npm package is used to fetch metadata about a package from the npm registry without needing to download the entire package. It can be used to get the latest version of a package, its dependencies, versions, and other useful metadata.
What are package-json's main functionalities?
Get the latest version of a package
Fetches the latest version of the specified package from the npm registry.
{"packageJson": require('package-json'), "getLatestPackageVersion": async function(packageName) { const packageData = await packageJson(packageName); return packageData.version; }}Get metadata for a specific version of a package
Retrieves metadata for a specific version of a package, including dependencies, repository information, and more.
{"packageJson": require('package-json'), "getPackageDataForVersion": async function(packageName, version) { const packageData = await packageJson(packageName, {version: version}); return packageData; }}Get all versions of a package
Fetches a list of all available versions of a package from the npm registry.
{"packageJson": require('package-json'), "getAllVersions": async function(packageName) { const packageData = await packageJson(packageName, {allVersions: true}); return Object.keys(packageData.versions); }}Get the full metadata of a package
Retrieves the full metadata of a package, which includes additional information that's not part of the default output, such as deprecated versions and peerDependencies.
{"packageJson": require('package-json'), "getFullMetadata": async function(packageName) { const packageData = await packageJson(packageName, {fullMetadata: true}); return packageData; }}Other packages similar to package-json
npm-registry-fetch
Similar to package-json, npm-registry-fetch is used to make requests to the npm registry. It provides more control over the HTTP requests, such as custom headers, but it's lower-level and requires more setup compared to package-json.
pacote
Pacote is a library that can fetch metadata and tarballs from npm. It's more feature-rich than package-json, offering manifest fetching, tarball extraction, and more. It's also used internally by npm CLI.
registry-auth-token
While not directly similar, registry-auth-token is often used in conjunction with packages like package-json to handle private packages that require authentication. It retrieves the auth token for the npm registry from the user's .npmrc file.
package-json 
Get the package.json of a package from the npm registry
Install
$ npm install --save package-json
Usage
const packageJson = require('package-json');
packageJson('pageres', 'latest').then(json => {
console.log(json);
//=> {name: 'pageres', ...}
});
// also works with scoped packages
packageJson('@company/package', 'latest').then(json => {
console.log(json);
//=> {name: 'package', ...}
});
API
packageJson(name, [version])
You can optionally specify a version (e.g. 1.0.0) or latest.
If you don't specify a version you'll get the main entry containing all versions.
The version can also be in any format supported by the semver module. For example:
1- get the latest1.x.x1.2- get the latest1.2.x^1.2.3- get the latest1.x.xbut at least1.2.3~1.2.3- get the latest1.2.xbut at least1.2.3
Authentication
Both public and private registries are supported, for both scoped and unscoped packages, as long as the registry uses either bearer tokens or basic authentication.
Related
- package-json-cli - CLI for this module
- latest-version - Get the latest version of an npm package
- pkg-versions - Get the version numbers of a package from the npm registry
- npm-keyword - Get a list of npm packages with a certain keyword
- npm-user - Get user info of an npm user
- npm-email - Get the email of an npm user
License
MIT © Sindre Sorhus
FAQs
Get metadata of a package from the npm registry
We found that package-json demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 25 Aug 2016
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
The Wildcard Gamble: Understanding the Risks of Floating Dependency Ranges in npm
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
By Sarah Gooding - Sep 13, 2024
Security News
New Rust RFC Proposes Adding Support for Trusted Publishing to Crates.io
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.
By Sarah Gooding - Sep 12, 2024