validate-npm-package-name
Advanced tools
Give me a string and I'll tell you if it's a valid npm package name
The validate-npm-package-name package is used to check if a given string is a valid npm package name. It ensures that the package name meets the npm naming constraints, such as length, format, and character restrictions. It is useful for developers who are creating new npm packages and want to validate their package names before publishing to the npm registry.
Validation of package names
This feature allows you to validate a string to see if it would be a valid npm package name. It checks against rules for both new packages and old packages that were allowed before stricter rules were applied. The result object contains two boolean properties: 'validForNewPackages' and 'validForOldPackages'.
{"validForNewPackages": true, "validForOldPackages": true}Error and warning messages
If the package name is invalid, the function will return an object with 'errors' and 'warnings' arrays that provide information about why the name is invalid. This is useful for giving feedback to users so they can correct their package names.
{"validForNewPackages": false, "validForOldPackages": false, "errors": ["name cannot start with a dot"], "warnings": ["name is discouraged"]}The npm-name package checks whether a package name is available on the npm registry. It differs from validate-npm-package-name in that it specifically checks for name availability rather than just format validity.
This package provides a regular expression to test if a string is a valid npm package name. It is similar to validate-npm-package-name but offers a lower-level approach using regex matching instead of a function that returns an object with details.
Give me a string and I'll tell you if it's a valid npm package name.
This package exports a single synchronous function that takes a string as
input and returns an object with two properties:
validForNewPackages :: BooleanvalidForOldPackages :: BooleanBelow is a list of rules that valid npm package name should conform to.
. or _~)('!*var validate = require("validate-npm-package-name")
validate("some-package")
validate("example.com")
validate("under_score")
validate("123numeric")
validate("@npm/thingy")
validate("@jane/foo.js")
All of the above names are valid, so you'll get this object back:
{
validForNewPackages: true,
validForOldPackages: true
}
validate("excited!")
validate(" leading-space:and:weirdchars")
That was never a valid package name, so you get this:
{
validForNewPackages: false,
validForOldPackages: false,
errors: [
'name cannot contain leading or trailing spaces',
'name can only contain URL-friendly characters'
]
}
In the old days of npm, package names were wild. They could have capital letters in them. They could be really long. They could be the name of an existing module in node core.
If you give this function a package name that used to be valid, you'll see
a change in the value of validForNewPackages property, and a warnings array
will be present:
validate("eLaBorAtE-paCkAgE-with-mixed-case-and-more-than-214-characters-----------------------------------------------------------------------------------------------------------------------------------------------------------")
returns:
{
validForNewPackages: false,
validForOldPackages: true,
warnings: [
"name can no longer contain capital letters",
"name can no longer contain more than 214 characters"
]
}
npm install
npm test
ISC
6.0.0 (2024-09-24)
validate-npm-package-name now supports node ^18.17.0 || >=20.5.0FAQs
Give me a string and I'll tell you if it's a valid npm package name
The npm package validate-npm-package-name receives a total of 7,521,826 weekly downloads. As such, validate-npm-package-name popularity was classified as popular.
We found that validate-npm-package-name demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.