Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
read-package-json-fast
Advanced tools
The read-package-json-fast npm package is designed to quickly read and parse package.json files in a Node.js environment. It is optimized for performance and provides a simple API for accessing package metadata.
Read and parse package.json
This feature allows you to read and parse the contents of a package.json file asynchronously. The function returns a promise that resolves with the parsed package data.
const readPackageJsonFast = require('read-package-json-fast');
async function getPackageData() {
try {
const packageData = await readPackageJsonFast('path/to/package.json');
console.log(packageData);
} catch (error) {
console.error('Error reading package.json:', error);
}
}
getPackageData();
This package is similar to read-package-json-fast but is not as performance-optimized. It provides more features, such as handling various edge cases and running scripts defined in the package.json file.
While not a direct alternative, this package can be used in conjunction with others to normalize the data from a package.json file. It doesn't read the file itself but can be used after reading the file to ensure the package data adheres to the npm package specification.
pkg-conf is a package that reads and parses configuration from package.json files. It is focused on the configuration aspect and allows you to easily retrieve nested configuration values.
Like read-package-json
, but faster and
more accepting of "missing" data.
This is only suitable for reading package.json files in a node_modules tree, since it doesn't do the various cleanups, normalization, and warnings that are beneficial at the root level in a package being published.
const rpj = require('read-package-json-fast')
// typical promisey type API
rpj('/path/to/package.json')
.then(data => ...)
.catch(er => ...)
// or just normalize a package manifest
const normalized = rpj.normalize(packageJsonObject)
Errors raised from parsing will use
json-parse-even-better-errors
,
so they'll be of type JSONParseError
and have a code: 'EJSONPARSE'
property. Errors will also always have a path
member referring to the
path originally passed into the function.
To preserve indentation when the file is saved back to disk, use
data[Symbol.for('indent')]
as the third argument to JSON.stringify
, and
if you want to preserve windows \r\n
newlines, replace the \n
chars in
the string with data[Symbol.for('newline')]
.
For example:
const data = await readPackageJsonFast('./package.json')
const indent = Symbol.for('indent')
const newline = Symbol.for('newline')
// .. do some stuff to the data ..
const string = JSON.stringify(data, null, data[indent]) + '\n'
const eolFixed = data[newline] === '\n' ? string
: string.replace(/\n/g, data[newline])
await writeFile('./package.json', eolFixed)
Indentation is determined by looking at the whitespace between the initial
{
and the first "
that follows it. If you have lots of weird
inconsistent indentation, then it won't track that or give you any way to
preserve it. Whether this is a bug or a feature is debatable ;)
bundledDependencies
/bundleDependencies
naming to just
bundleDependencies
(without the extra d
)true
, false
, or object values passed to bundleDependencies
funding: <string>
to funding: { url: <string> }
scripts
members that are not a string value.bin
member to { [name]: bin }
.optionalDependencies
into dependencies
._id
property if name and version are set. (This is
load-bearing in a few places within the npm CLI.)README.md
file, or attach the readme to
the parsed data object.HEAD
value out of the .git
folder.tset
instead of test
)files
field exist and are
valid files.dependencies
.dependencies
fields that are not strictly objects of string values.directories
field (ie, bins, mans, and so on).FAQs
Like read-package-json, but faster
The npm package read-package-json-fast receives a total of 6,331,627 weekly downloads. As such, read-package-json-fast popularity was classified as popular.
We found that read-package-json-fast demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.