New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

scriptlint

Package Overview
Dependencies
Maintainers
9
Versions
27
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

scriptlint

an enforcable script naming standard for package.json

3.0.0
latest
Source
npm
Version published
Weekly downloads
1.2K
3.23%
Maintainers
9
Weekly downloads
 
Created
Source


scriptlint status
npm version badge
dependency badge
Issue badge
CI badge

scriptlint

Enforceable standards for your package.json scripts – like eslint for npm run

⚠️ Requires nodejs >= 14.x.x

Intro

package.json scripts are an integral part of the Node dev experience: we use them to start our projects, run our dev environments and for all kinds of formatting, linting and tooling in general. They are just as important as our code. Yet we don't treat them with the same meticulous attention to detail. Scripts need :heart: too!

One of the main goals for scriptlint was to enable people to use memorable and consistent script names across their projects. Tools like nps are great when you have to organize scripts with a certain level of complexity, but they don't help you with the structure and naming of your scripts.

This is where the scriptlint CLI shines: it makes best practices outlined in this documentation enforceable throughout your project(s). Think of it as eslint for your "scripts" section.

Rules

Here's the tl;dr of all the best practices we consider the "scriptlint standard"

Your package.json's "scripts" section should…

  • have a test script that is not the default script from npm init
  • have a dev script and a start script
  • abstract script names from their implementation (test, not jest)
  • use namespaces to categorize scripts ("test:unit": "jest")
  • use : as a namespace separator
  • have the scripts in alphabetic order
  • have a trigger script for all hooks (ex: if you have prefoobar, there must be a foobar script)
  • use camelCase for all script names
  • not alias devDependencies (no "jest": "jest")
  • not use && or & for sequential or parallel script execution

(italic = strict rule)

Read more about the standard rules here

Usage

Install locally:

npm install scriptlint -D (or yarn add scriptlint -D)

… then run npx scriptlint --strict

Read about configuration here

Documentation

Badge

Would you like a scriptlint badge for your project readme? No problem: have a look at https://scriptlint.peerigon.io/ or adapt the snippet below:

[![scriptlint status](https://img.shields.io/endpoint?url=https://scriptlint.peerigon.io/api/shield/scriptlint/latest)](https://scriptlint.peerigon.io/issues/scriptlint/latest)

Sponsors

FAQs

Package last updated on 25 Apr 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Socket and Seal Security Collaborate to Fix Critical npm Overrides Bug

Security News

Socket and Seal Security Collaborate to Fix Critical npm Overrides Bug

Socket and Seal Security collaborate to fix a critical npm overrides bug, resolving a three-year security issue in the JavaScript ecosystem's most popular package manager.

By Sarah Gooding  -  Mar 11, 2025