Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
validate-npm-package-name
Advanced tools
Give me a string and I'll tell you if it's a valid npm package name
The validate-npm-package-name package is used to check if a given string is a valid npm package name. It ensures that the package name meets the npm naming constraints, such as length, format, and character restrictions. It is useful for developers who are creating new npm packages and want to validate their package names before publishing to the npm registry.
Validation of package names
This feature allows you to validate a string to see if it would be a valid npm package name. It checks against rules for both new packages and old packages that were allowed before stricter rules were applied. The result object contains two boolean properties: 'validForNewPackages' and 'validForOldPackages'.
{"validForNewPackages": true, "validForOldPackages": true}
Error and warning messages
If the package name is invalid, the function will return an object with 'errors' and 'warnings' arrays that provide information about why the name is invalid. This is useful for giving feedback to users so they can correct their package names.
{"validForNewPackages": false, "validForOldPackages": false, "errors": ["name cannot start with a dot"], "warnings": ["name is discouraged"]}
The npm-name package checks whether a package name is available on the npm registry. It differs from validate-npm-package-name in that it specifically checks for name availability rather than just format validity.
This package provides a regular expression to test if a string is a valid npm package name. It is similar to validate-npm-package-name but offers a lower-level approach using regex matching instead of a function that returns an object with details.
Give me a string and I'll tell you if it's a valid npm package name
Download node at nodejs.org and install it, if you haven't already.
npm install validate-npm-package-name --save
var valid = require("validate-npm-package-name")
validate("some-package") // => {valid: true}
validate("example.com") // => {valid: true}
validate("under_score") // => {valid: true}
validate("123numeric") // => {valid: true}
validate("crazy!") // => {valid: true}
validate("@npm/thingy") // => {valid: true}
validate("@jane/foo.js") // => {valid: true}
validate("") // => {valid: false, errors:["name length must be greater than zero"]}
validate("ca$h") // => {valid: false, errors:["name can only contain URL-friendly characters"]}
validate("_flodash") // => {valid: false, errors:["name cannot start with an underscore"]}
validate("CAPITALS") // => {valid: false, errors:["name must be lowercase"]}
// Nowadays, package names have to be lowercase
// To validate older packages, do this:
validate("CAPITALS",
{allowMixedCase: true}) // => {valid: true}
npm install
npm test
None
ISC
Generated by package-json-to-readme
FAQs
Give me a string and I'll tell you if it's a valid npm package name
We found that validate-npm-package-name demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.