Security News
How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
By Sarah Gooding - Apr 23, 2024
read-package-json-fast
Advanced tools
- Version published
- Weekly downloads
- 7.1M
- increased by1.08%
- Maintainers
- 6
- Install size
- 21.3 kB
- Created
- Weekly downloads
Package description
What is read-package-json-fast?
The read-package-json-fast npm package is designed to quickly read and parse package.json files in a Node.js environment. It is optimized for performance and provides a simple API for accessing package metadata.
What are read-package-json-fast's main functionalities?
Read and parse package.json
This feature allows you to read and parse the contents of a package.json file asynchronously. The function returns a promise that resolves with the parsed package data.
const readPackageJsonFast = require('read-package-json-fast');
async function getPackageData() {
try {
const packageData = await readPackageJsonFast('path/to/package.json');
console.log(packageData);
} catch (error) {
console.error('Error reading package.json:', error);
}
}
getPackageData();Other packages similar to read-package-json-fast
read-package-json
This package is similar to read-package-json-fast but is not as performance-optimized. It provides more features, such as handling various edge cases and running scripts defined in the package.json file.
normalize-package-data
While not a direct alternative, this package can be used in conjunction with others to normalize the data from a package.json file. It doesn't read the file itself but can be used after reading the file to ensure the package data adheres to the npm package specification.
pkg-conf
pkg-conf is a package that reads and parses configuration from package.json files. It is focused on the configuration aspect and allows you to easily retrieve nested configuration values.
Readme
read-package-json-fast
Like read-package-json, but faster and
more accepting of "missing" data.
This is only suitable for reading package.json files in a node_modules tree, since it doesn't do the various cleanups, normalization, and warnings that are beneficial at the root level in a package being published.
USAGE
const rpj = require('read-package-json-fast')
// typical promisey type API
rpj('/path/to/package.json')
.then(data => ...)
.catch(er => ...)
// or just normalize a package manifest
const normalized = rpj.normalize(packageJsonObject)
Errors raised from parsing will use
json-parse-even-better-errors,
so they'll be of type JSONParseError and have a code: 'EJSONPARSE'
property. Errors will also always have a path member referring to the
path originally passed into the function.
Indentation
To preserve indentation when the file is saved back to disk, use
data[Symbol.for('indent')] as the third argument to JSON.stringify, and
if you want to preserve windows \r\n newlines, replace the \n chars in
the string with data[Symbol.for('newline')].
For example:
const data = await readPackageJsonFast('./package.json')
const indent = Symbol.for('indent')
const newline = Symbol.for('newline')
// .. do some stuff to the data ..
const string = JSON.stringify(data, null, data[indent]) + '\n'
const eolFixed = data[newline] === '\n' ? string
: string.replace(/\n/g, data[newline])
await writeFile('./package.json', eolFixed)
Indentation is determined by looking at the whitespace between the initial
{ and the first " that follows it. If you have lots of weird
inconsistent indentation, then it won't track that or give you any way to
preserve it. Whether this is a bug or a feature is debatable ;)
WHAT THIS MODULE DOES
- Parse JSON
- Normalize
bundledDependencies/bundleDependenciesnaming to justbundleDependencies(without the extrad) - Handle
true,false, or object values passed tobundleDependencies - Normalize
funding: <string>tofunding: { url: <string> } - Remove any
scriptsmembers that are not a string value. - Normalize a string
binmember to{ [name]: bin }. - Fold
optionalDependenciesintodependencies. - Set the
_idproperty if name and version are set. (This is load-bearing in a few places within the npm CLI.)
WHAT THIS MODULE DOES NOT DO
- Warn about invalid/missing name, version, repository, etc.
- Extract a description from the
README.mdfile, or attach the readme to the parsed data object. - Read the
HEADvalue out of the.gitfolder. - Warn about potentially typo'ed scripts (eg,
tsetinstead oftest) - Check to make sure that all the files in the
filesfield exist and are valid files. - Fix bundleDependencies that are not listed in
dependencies. - Fix
dependenciesfields that are not strictly objects of string values. - Anything involving the
directoriesfield (ie, bins, mans, and so on).
FAQs
Like read-package-json, but faster
The npm package read-package-json-fast receives a total of 5,744,120 weekly downloads. As such, read-package-json-fast popularity was classified as popular.
We found that read-package-json-fast demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Last updated on 13 Dec 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
By Sarah Gooding - Apr 19, 2024
Research
Security News
npm Package for ReExt React Components Library Exfiltrates Git Credentials
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
By Sarah Gooding, Socket Research Team - Apr 18, 2024