Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
pkg-up
Advanced tools
Package description
The pkg-up npm package is used to find the closest package.json file in the directory tree, starting from a given directory. It is useful for Node.js projects where you need to locate the package.json file of the current project or a related package.
Find the closest package.json
This feature allows you to asynchronously find the nearest package.json file from the current directory.
const pkgUp = require('pkg-up');
(async () => {
const filePath = await pkgUp();
console.log(filePath);
//=> '/Users/sindresorhus/foo/package.json'
})();
Find the closest package.json synchronously
This feature provides a synchronous method to find the nearest package.json file.
const pkgUp = require('pkg-up');
const filePath = pkgUp.sync();
console.log(filePath);
//=> '/Users/sindresorhus/foo/package.json'
Find package.json from a specific directory
This feature allows you to find the nearest package.json file starting from a specific directory.
const pkgUp = require('pkg-up');
(async () => {
const filePath = await pkgUp({cwd: 'some/subdirectory'});
console.log(filePath);
//=> '/Users/sindresorhus/foo/package.json'
})();
find-up is similar to pkg-up but is more generic. It allows you to find files or directories by name, moving upwards from a given directory. It's not limited to package.json files, making it more versatile for different use cases.
read-pkg-up is built on top of pkg-up and not only finds the closest package.json file but also reads and parses it. This package combines the functionality of pkg-up and read-pkg, providing a more comprehensive solution for accessing package information.
look-up is another package that can be used to find files in parent directories, similar to pkg-up. However, it is less focused on package.json files and more on file patterns, which can be useful for different kinds of file searches.
Readme
Find the closest package.json file
npm install pkg-up
/
└── Users
└── sindresorhus
└── foo
├── package.json
└── bar
├── baz
└── example.js
// example.js
import {pkgUp} from 'pkg-up';
console.log(await pkgUp());
//=> '/Users/sindresorhus/foo/package.json'
Returns a Promise<string>
for the file path, or Promise<undefined>
if it could not be found.
Returns the file path, or undefined
if it could not be found.
Type: object
Type: string
Default: process.cwd()
The directory to start from.
FAQs
Find the closest package.json file
The npm package pkg-up receives a total of 6,930,065 weekly downloads. As such, pkg-up popularity was classified as popular.
We found that pkg-up demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.