Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
read-pkg-up
Advanced tools
Package description
The read-pkg-up npm package is used to read the nearest package.json file in a directory tree. It starts from the specified directory and searches upwards for a package.json file, then parses it and returns the result. This can be useful for Node.js projects that need to access metadata about themselves or their dependencies.
Read the closest package.json
This feature allows you to asynchronously read the nearest package.json file from the current directory and log its contents and the path where it was found.
const readPkgUp = require('read-pkg-up');
(async () => {
const { packageJson, path } = await readPkgUp();
console.log(packageJson);
console.log(`Found at ${path}`);
})();
Synchronous reading of package.json
This feature provides a synchronous method to read the nearest package.json file and log its contents and the path where it was found.
const readPkgUp = require('read-pkg-up');
const { packageJson, path } = readPkgUp.sync();
console.log(packageJson);
console.log(`Found at ${path}`);
Custom starting directory
This feature allows you to specify a custom starting directory when searching for the package.json file.
const readPkgUp = require('read-pkg-up');
(async () => {
const { packageJson, path } = await readPkgUp({ cwd: 'some/subdirectory' });
console.log(packageJson);
console.log(`Found at ${path}`);
})();
read-pkg is similar to read-pkg-up but does not search upwards from the current directory. It simply reads the package.json file from the specified directory or the current directory if no directory is specified. It is less flexible when you need to find package.json files in parent directories.
pkg-up is another package that finds the closest package.json file by searching upwards from a given directory. It is similar to read-pkg-up but does not read or parse the package.json file, it only returns the path to it. This package is useful if you only need the path and not the contents.
find-up is a more general tool that can be used to find files or directories by searching upwards from a given directory. While it is not limited to package.json files, it can be used for a similar purpose as read-pkg-up. However, it requires additional work to read and parse the package.json file after finding it.
Readme
Read the closest package.json file
npm install read-pkg-up
import {readPackageUp} from 'read-pkg-up';
console.log(await readPackageUp());
/*
{
packageJson: {
name: 'awesome-package',
version: '1.0.0',
…
},
path: '/Users/sindresorhus/dev/awesome-package/package.json'
}
*/
Returns a Promise<object>
or Promise<undefined>
if no package.json
was found.
Returns the result object or undefined
if no package.json
was found.
Type: object
Type: URL | string
Default: process.cwd()
The directory to start looking for a package.json file.
Type: boolean
Default: true
Normalize the package data.
Available as part of the Tidelift Subscription.
The maintainers of read-pkg-up and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.
FAQs
Read the closest package.json file
The npm package read-pkg-up receives a total of 26,336,480 weekly downloads. As such, read-pkg-up popularity was classified as popular.
We found that read-pkg-up demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.