What is package-json?
The package-json npm package is used to fetch metadata about a package from the npm registry without needing to download the entire package. It can be used to get the latest version of a package, its dependencies, versions, and other useful metadata.
What are package-json's main functionalities?
Get the latest version of a package
Fetches the latest version of the specified package from the npm registry.
{"packageJson": require('package-json'), "getLatestPackageVersion": async function(packageName) { const packageData = await packageJson(packageName); return packageData.version; }}
Get metadata for a specific version of a package
Retrieves metadata for a specific version of a package, including dependencies, repository information, and more.
{"packageJson": require('package-json'), "getPackageDataForVersion": async function(packageName, version) { const packageData = await packageJson(packageName, {version: version}); return packageData; }}
Get all versions of a package
Fetches a list of all available versions of a package from the npm registry.
{"packageJson": require('package-json'), "getAllVersions": async function(packageName) { const packageData = await packageJson(packageName, {allVersions: true}); return Object.keys(packageData.versions); }}
Get the full metadata of a package
Retrieves the full metadata of a package, which includes additional information that's not part of the default output, such as deprecated versions and peerDependencies.
{"packageJson": require('package-json'), "getFullMetadata": async function(packageName) { const packageData = await packageJson(packageName, {fullMetadata: true}); return packageData; }}
Other packages similar to package-json
npm-registry-fetch
Similar to package-json, npm-registry-fetch is used to make requests to the npm registry. It provides more control over the HTTP requests, such as custom headers, but it's lower-level and requires more setup compared to package-json.
pacote
Pacote is a library that can fetch metadata and tarballs from npm. It's more feature-rich than package-json, offering manifest fetching, tarball extraction, and more. It's also used internally by npm CLI.
registry-auth-token
While not directly similar, registry-auth-token is often used in conjunction with packages like package-json to handle private packages that require authentication. It retrieves the auth token for the npm registry from the user's .npmrc file.
package-json
Get metadata of a package from the npm registry
Install
$ npm install package-json
Usage
const packageJson = require('package-json');
(async () => {
console.log(await packageJson('ava'));
console.log(await packageJson('@sindresorhus/df'));
})();
API
packageJson(packageName, options?)
packageName
Type: string
Name of the package.
options
Type: object
version
Type: string
Default: latest
Package version such as 1.0.0
or a dist tag such as latest
.
The version can also be in any format supported by the semver module. For example:
1
- Get the latest 1.x.x
1.2
- Get the latest 1.2.x
^1.2.3
- Get the latest 1.x.x
but at least 1.2.3
~1.2.3
- Get the latest 1.2.x
but at least 1.2.3
fullMetadata
Type: boolean
Default: false
By default, only an abbreviated metadata object is returned for performance reasons. Read more.
allVersions
Type: boolean
Default: false
Return the main entry containing all versions.
registryUrl
Type: string
Default: Auto-detected
The registry URL is by default inferred from the npm defaults and .npmrc
. This is beneficial as package-json
and any project using it will work just like npm. This option is only intended for internal tools. You should not use this option in reusable packages. Prefer just using .npmrc
whenever possible.
agent
Type: http.Agent | https.Agent | object | false
Overwrite the agent
option that is passed down to got
. This might be useful to add proxy support.
packageJson.PackageNotFoundError
The error thrown when the given package name cannot be found.
packageJson.VersionNotFoundError
The error thrown when the given package version cannot be found.
Authentication
Both public and private registries are supported, for both scoped and unscoped packages, as long as the registry uses either bearer tokens or basic authentication.
Related