Security News
vlt Debuts New JavaScript Package Manager and Serverless Registry at NodeConf EU
vlt introduced its new package manager and a serverless registry this week, innovating in a space where npm has stagnated.
read-package-json
Advanced tools
The read-package-json npm package is used to read and parse package.json files in a way that npm also does. It normalizes some of the data and can handle different file encodings, comments, and trailing commas.
Read and parse package.json
This feature reads and parses the package.json file located at the specified path. It handles errors and outputs the package data.
const readPackageJson = require('read-package-json');
readPackageJson('/path/to/package.json', console.error, false, function (er, data) {
if (er) {
console.error("There was an error reading the file")
return
}
console.log('The package data is', data)
})
Normalize package data
This feature reads the package.json file and normalizes its data to ensure consistency in the structure and values of the package's metadata.
const readPackageJson = require('read-package-json');
readPackageJson('/path/to/package.json', console.error, true, function (er, data) {
if (er) {
console.error("There was an error reading the file")
return
}
console.log('The normalized package data is', data)
})
read-pkg is similar to read-package-json as it reads and parses package.json files. It returns a promise and uses the 'normalize-package-data' library to normalize the package data. It is a higher-level wrapper around 'load-json-file' and 'normalize-package-data'.
load-json-file is a package that reads and parses JSON files. It does not specifically target package.json files, but it can be used for that purpose. It returns a promise and throws more descriptive errors than the default JSON.parse.
normalize-package-data is a package that normalizes package metadata, similar to one of the features of read-package-json. It does not read the package.json file itself but is often used in conjunction with other packages that do.
This is the thing that npm uses to read package.json files. It validates some stuff, and loads some default things.
It keeps a cache of the files you've read, so that you don't end up reading the same package.json file multiple times.
Note that if you just want to see what's literally in the package.json
file, you can usually do var data = require('some-module/package.json')
.
This module is basically only needed by npm, but it's handy to see what npm will see when it looks at your package.
var readJson = require('read-package-json')
readJson('/path/to/package.json', function (er, data) {
if (er) {
console.error("There was an error reading the file")
return
}
console.error('the package data is', data)
}
file
{String} The path to the package.json filecb
{Function}Reads the JSON file and does the things.
package.json
FieldsSee man 5 package.json
or npm help json
.
By default this is a reference to the npmlog
module. But if that
module can't be found, then it'll be set to just a dummy thing that does
nothing.
Replace with your own {log,warn,error}
object for fun loggy time.
Run all the extra stuff relative to the file, with the parsed data.
Modifies the data as it does stuff. Calls the cb when it's done.
Array of functions that are called by extras
. Each one receives the
arguments fn(file, data, cb)
and is expected to call cb(er, data)
when done or when an error occurs.
Order is indeterminate, so each function should be completely independent.
Mix and match!
The lru-cache
object that readJson uses to not read the same file over
and over again. See
lru-cache for details.
package.json
Some other files have an effect on the resulting data object, in the following ways:
README?(.*)
If there is a README
or README.*
file present, then npm will attach
a readme
field to the data with the contents of this file.
Owing to the fact that roughly 100% of existing node modules have Markdown README files, it will generally be assumed to be Markdown, regardless of the extension. Please plan accordingly.
server.js
If there is a server.js
file, and there is not already a
scripts.start
field, then scripts.start
will be set to node server.js
.
AUTHORS
If there is not already a contributors
field, then the contributors
field will be set to the contents of the AUTHORS
file, split by lines,
and parsed.
bindings.gyp
If a bindings.gyp file exists, and there is not already a
scripts.install
field, then the scripts.install
field will be set to
node-gyp rebuild
.
wscript
If a wscript file exists, and there is not already a scripts.install
field, then the scripts.install
field will be set to node-waf clean ; node-waf configure build
.
Note that the bindings.gyp
file supercedes this, since node-waf has
been deprecated in favor of node-gyp.
index.js
If the json file does not exist, but there is a index.js
file
present instead, and that file has a package comment, then it will try
to parse the package comment, and use that as the data instead.
A package comment looks like this:
/**package
* { "name": "my-bare-module"
* , "version": "1.2.3"
* , "description": "etc...." }
**/
// or...
/**package
{ "name": "my-bare-module"
, "version": "1.2.3"
, "description": "etc...." }
**/
The important thing is that it starts with /**package
, and ends with
**/
. If the package.json file exists, then the index.js is not
parsed.
{directories.man}/*.[0-9]
If there is not already a man
field defined as an array of files or a
single file, and
there is a directories.man
field defined, then that directory will
be searched for manpages.
Any valid manpages found in that directory will be assigned to the man
array, and installed in the appropriate man directory at package install
time, when installed globally on a Unix system.
{directories.bin}/*
If there is not already a bin
field defined as a string filename or a
hash of <name> : <filename>
pairs, then the directories.bin
directory will be searched and all the files within it will be linked as
executables at install time.
When installing locally, npm links bins into node_modules/.bin
, which
is in the PATH
environ when npm runs scripts. When
installing globally, they are linked into {prefix}/bin
, which is
presumably in the PATH
environment variable.
FAQs
The thing npm uses to read package.json files with semantics and defaults and validation
The npm package read-package-json receives a total of 4,729,442 weekly downloads. As such, read-package-json popularity was classified as popular.
We found that read-package-json demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
vlt introduced its new package manager and a serverless registry this week, innovating in a space where npm has stagnated.
Security News
Research
The Socket Research Team uncovered a malicious Python package typosquatting the popular 'fabric' SSH library, silently exfiltrating AWS credentials from unsuspecting developers.
Security News
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.