Security News
JSR Working Group Kicks Off with Ambitious Roadmap and Plans for Open Governance
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
sort-package-json
Advanced tools
Sort an Object or package.json based on the well-known package.json keys
The sort-package-json npm package is a utility that automatically sorts the properties in package.json files according to a standard convention. This helps in maintaining consistency and readability in package.json files across different projects.
Sorting package.json
This feature sorts the keys in a package.json object. It takes an unsorted package.json object as input and returns a string with the keys sorted in a standard order.
const sortPackageJson = require('sort-package-json');
const sortedContent = sortPackageJson(JSON.stringify(packageJsonObject));
CLI Usage
sort-package-json can be used directly from the command line to sort the package.json file in the current directory. This is useful for quick formatting without writing any JavaScript code.
npx sort-package-json
API Usage
The package provides an API that can be used in Node.js scripts. This example reads a package.json file, sorts it, and then writes the sorted JSON back to the file.
const fs = require('fs');
const sortPackageJson = require('sort-package-json');
const packageJson = fs.readFileSync('package.json', 'utf8');
const sortedPackageJson = sortPackageJson(packageJson);
fs.writeFileSync('package.json', sortedPackageJson);
prettier-package-json is a package that formats package.json files. It sorts the keys and formats the JSON structure. It is similar to sort-package-json but also includes formatting capabilities that adhere to Prettier's styling rules.
fixpack is a package that not only sorts the keys in package.json but also validates and fixes missing or incorrect fields. It is more opinionated than sort-package-json and includes additional checks for common issues in package.json files.
Sort Package.json
Pass it a JSON string, it'll return a new JSON string, sorted by the keys typically found in a package.json
Pass it an object, it'll return an object sorted by the keys typically found in a package.json
JSON.stringify(sortPackageJson({
dependencies: {},
version: '1.0.0',
keywords: ['thing'],
name: 'foo',
}), null, 2)
/* string:
{
"name": "foo",
"version": "1.0.0",
"keywords": [
"thing"
],
"dependencies": {}
}
*/
$ cd my-project
$ cat package.json
{
"dependencies": {},
"version": "1.0.0",
"keywords": [
"thing"
],
"name": "foo"
}
$ npm i -g sort-package-json
$ sort-package-json
Ok, your package.json is sorted
$ cat package.json
{
"name": "foo",
"version": "1.0.0",
"keywords": [
"thing"
],
"dependencies": {}
}
It sorts using sort-object-keys
. It sorts using the well-known keys of a package.json. For the full list it's just easier to read the code. It sorts sub-keys too - sometimes by a well-known order, other times alphabetically. The initial order was derived from the package.json docs with a few extras added for good measure.
Cool. Send a PR! It might get denied if it is a specific vendor key of an unpopular project (e.g. "my-super-unknown-project"
). We sort keys like "browserify" because it is a project with millions of users. If your project has, say, over 100 users, then we'll add it. Sound fair?
Could be. I wanted this one because at the time of writing, nothing is:
Well, it's nice to have the keys of a package.json in a well sorted order. Almost everyone would agree having "name" at the top of a package.json is sensible (rather than sorted alphabetically or somewhere silly like the bottom), so why not the rest of the package.json?
FAQs
Sort an Object or package.json based on the well-known package.json keys
The npm package sort-package-json receives a total of 1,496,253 weekly downloads. As such, sort-package-json popularity was classified as popular.
We found that sort-package-json demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.