Product
Announcing Precomputed Reachability Analysis in Socket
Socket’s precomputed reachability slashes false positives by flagging up to 80% of vulnerabilities as irrelevant, with no setup and instant results.
By Martin Torp - Jul 30, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
zod-package-json
Advanced tools
zod-package-json
Zod schema for the package.json file format.
This package exports a zod schema (and a TypeScript type) named PackageJson
that can parse most well-formed package.json files.
The schema includes all currently supported properties listed in the npm docs as well as additional well-known properties specific to TypeScript and Node.js.
The schema also preserves unknown properties, which can be accessed by indexing the parsed data with the desired string keys.
The schema only validates the listed properties against the expected type
but does not do any additional normalization such as merging similar properties.
If necessary, that can be done by extending the schema with zod methods such as
.transform() or .refine().
Useful resources
- Explore the API on jsDocs.io
- View package contents on unpkg
- View repository on GitHub
- Read the changelog on GitHub
Install
Using npm:
npm add zod-package-json
Using yarn:
yarn add zod-package-json
Using pnpm:
pnpm add zod-package-json
Using bun:
bun add zod-package-json
Usage examples
import { PackageJson } from "zod-package-json";
// Parse data from a `package.json` file.
const packageJson = PackageJson.parse({
name: "foo",
version: "1.0.0",
unknownProp: "who knows",
});
// Access a known property.
packageJson.name; // "foo"
// Access an unknown property.
packageJson["unknownProp"]; // "who knows"
License
MIT
Copyright (c) 2025 Edoardo Scibona
See LICENSE file.
[1.2.0] - 2025-06-16
Changed
- Upgraded dependencies
FAQs
Zod schema for the package.json file format
The npm package zod-package-json receives a total of 31,813 weekly downloads. As such, zod-package-json popularity was classified as popular.
We found that zod-package-json demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 16 Jun 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Protects the Chrome Extension Ecosystem
Socket is launching experimental protection for Chrome extensions, scanning for malware and risky permissions to prevent silent supply chain attacks.
By Mix Irving, Alexandros Kapravelos, Eli Insua - Jul 30, 2025
Product
Introducing Socket MCP for Claude Desktop
Add secure dependency scanning to Claude Desktop with Socket MCP, a one-click extension that keeps your coding conversations safe from malicious packages.
By Alexandros Kapravelos - Jul 29, 2025