Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
read-package-json-fast
Advanced tools
The read-package-json-fast npm package is designed to quickly read and parse package.json files in a Node.js environment. It is optimized for performance and provides a simple API for accessing package metadata.
Read and parse package.json
This feature allows you to read and parse the contents of a package.json file asynchronously. The function returns a promise that resolves with the parsed package data.
const readPackageJsonFast = require('read-package-json-fast');
async function getPackageData() {
try {
const packageData = await readPackageJsonFast('path/to/package.json');
console.log(packageData);
} catch (error) {
console.error('Error reading package.json:', error);
}
}
getPackageData();
This package is similar to read-package-json-fast but is not as performance-optimized. It provides more features, such as handling various edge cases and running scripts defined in the package.json file.
While not a direct alternative, this package can be used in conjunction with others to normalize the data from a package.json file. It doesn't read the file itself but can be used after reading the file to ensure the package data adheres to the npm package specification.
pkg-conf is a package that reads and parses configuration from package.json files. It is focused on the configuration aspect and allows you to easily retrieve nested configuration values.
Like read-package-json
, but faster and
more accepting of "missing" data.
This is only suitable for reading package.json files in a node_modules tree, since it doesn't do the various cleanups, normalization, and warnings that are beneficial at the root level in a package being published.
const rpj = require('read-package-json-fast')
// typical promisey type API
rpj('/path/to/package.json')
.then(data => ...)
.catch(er => ...)
// or just normalize a package manifest
const normalized = rpj.normalize(packageJsonObject)
Errors raised from parsing will use
json-parse-even-better-errors
,
so they'll be of type JSONParseError
and have a code: 'EJSONPARSE'
property. Errors will also always have a path
member referring to the
path originally passed into the function.
bundledDependencies
/bundleDependencies
naming to just
bundleDependencies
(without the extra d
)true
, false
, or object values passed to bundleDependencies
funding: <string>
to funding: { url: <string> }
scripts
members that are not a string value.bin
member to { [name]: bin }
.optionalDependencies
into dependencies
._id
property if name and version are set. (This is
load-bearing in a few places within the npm CLI.)README.md
file, or attach the readme to
the parsed data object.HEAD
value out of the .git
folder.tset
instead of test
)files
field exist and are
valid files.dependencies
.dependencies
fields that are not strictly objects of string values.directories
field (ie, bins, mans, and so on).FAQs
Like read-package-json, but faster
The npm package read-package-json-fast receives a total of 0 weekly downloads. As such, read-package-json-fast popularity was classified as not popular.
We found that read-package-json-fast demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.