Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
By Sarah Gooding - Feb 07, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
validate-npm-package-name
Advanced tools
validate-npm-package-name
Give me a string and I'll tell you if it's a valid npm package name
What is validate-npm-package-name?
The validate-npm-package-name package is used to check if a given string is a valid npm package name. It ensures that the package name meets the npm naming constraints, such as length, format, and character restrictions. It is useful for developers who are creating new npm packages and want to validate their package names before publishing to the npm registry.
What are validate-npm-package-name's main functionalities?
Validation of package names
This feature allows you to validate a string to see if it would be a valid npm package name. It checks against rules for both new packages and old packages that were allowed before stricter rules were applied. The result object contains two boolean properties: 'validForNewPackages' and 'validForOldPackages'.
{"validForNewPackages": true, "validForOldPackages": true}Error and warning messages
If the package name is invalid, the function will return an object with 'errors' and 'warnings' arrays that provide information about why the name is invalid. This is useful for giving feedback to users so they can correct their package names.
{"validForNewPackages": false, "validForOldPackages": false, "errors": ["name cannot start with a dot"], "warnings": ["name is discouraged"]}Other packages similar to validate-npm-package-name
npm-name
The npm-name package checks whether a package name is available on the npm registry. It differs from validate-npm-package-name in that it specifically checks for name availability rather than just format validity.
package-name-regex
This package provides a regular expression to test if a string is a valid npm package name. It is similar to validate-npm-package-name but offers a lower-level approach using regex matching instead of a function that returns an object with details.
validate-npm-package-name
Give me a string and I'll tell you if it's a valid npm package name.
This package exports a single synchronous function that takes a string as
input and returns an object with two properties:
validForNewPackages::BooleanvalidForOldPackages::Boolean
Contents
Naming Rules
Below is a list of rules that valid npm package name should conform to.
- package name length should be greater than zero
- all the characters in the package name must be lowercase i.e., no uppercase or mixed case names are allowed
- package name can consist of hyphens
- package name must not contain any non-url-safe characters (since name ends up being part of a URL)
- package name should not start with
.or_ - package name should not contain any spaces
- package name should not contain any of the following characters:
~)('!* - package name cannot be the same as a node.js/io.js core module nor a reserved/blacklisted name. For example, the following names are invalid:
- http
- stream
- node_modules
- favicon.ico
- package name length cannot exceed 214
Examples
Valid Names
var validate = require("validate-npm-package-name")
validate("some-package")
validate("example.com")
validate("under_score")
validate("123numeric")
validate("@npm/thingy")
validate("@jane/foo.js")
All of the above names are valid, so you'll get this object back:
{
validForNewPackages: true,
validForOldPackages: true
}
Invalid Names
validate("excited!")
validate(" leading-space:and:weirdchars")
That was never a valid package name, so you get this:
{
validForNewPackages: false,
validForOldPackages: false,
errors: [
'name cannot contain leading or trailing spaces',
'name can only contain URL-friendly characters'
]
}
Legacy Names
In the old days of npm, package names were wild. They could have capital letters in them. They could be really long. They could be the name of an existing module in node core.
If you give this function a package name that used to be valid, you'll see
a change in the value of validForNewPackages property, and a warnings array
will be present:
validate("eLaBorAtE-paCkAgE-with-mixed-case-and-more-than-214-characters-----------------------------------------------------------------------------------------------------------------------------------------------------------")
returns:
{
validForNewPackages: false,
validForOldPackages: true,
warnings: [
"name can no longer contain capital letters",
"name can no longer contain more than 214 characters"
]
}
Tests
npm install
npm test
License
ISC
Keywords
FAQs
Give me a string and I'll tell you if it's a valid npm package name
We found that validate-npm-package-name demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Package last updated on 25 Sep 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not Optional
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
By Sarah Gooding - Feb 06, 2025
Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025