Gathering detailed insights and metrics for grunt-nice-package
Gathering detailed insights and metrics for grunt-nice-package
Installations
npm install grunt-nice-packageDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>= 0.8.0
Node Version
4.2.2
NPM Version
2.15.12
Score
46.7
Supply Chain
91.6
Quality
69.6
Maintenance
25
Vulnerability
96.4
License
Releases
5
Languages
1
JavaScript
JavaScript (100%)
Developer
bahmutov
Download Statistics
Total Downloads
49,829
Last Day
2
Last Week
56
Last Month
232
Last Year
3,225
GitHub Statistics
MIT License
12 Stars
114 Commits
5 Forks
3 Watchers
7 Branches
5 Contributors
Updated on Sep 08, 2023
Bundle Size
908.00 B
Minified
470.00 B
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
0.10.4
Package Id
grunt-nice-package@0.10.4
Size
6.26 kB
NPM Version
2.15.12
Node Version
4.2.2
Total Downloads
Cumulative downloads
Total Downloads
49,829
Dependencies
4
Peer Dependencies
1
grunt-nice-package
Opinionated package.json validator
You can read the description of each package.json property here. Example package.json that passes all checks (because it is using this module!) is kensho/ng-describe/package.json.
Install
1npm install grunt-nice-package --save-dev
Once the plugin has been installed, it may be enabled inside your Gruntfile with this line of JavaScript:
1grunt.loadNpmTasks('grunt-nice-package');
2grunt.initConfig({
3 'nice-package': {
4 all: {
5 options: {
6 // make sure package.json ends with \n\n, default false
7 blankLine: true|false,
8 version: function (value) {
9 // strict version number validation
10 return (/\d{1,2}\.\d{1,2}\.\d{1,2}/).test(value);
11 }
12 }
13 }
14 }
15});Alternative: default options
You can load the task with default options without specifying the configuration object
1grunt.loadNpmTasks('grunt-nice-package'); 2grunt.registerTask('default', ['nice-package']);
Note: you can use nicePackage as alias to nice-package task name
1 grunt.initConfig({ 2 nicePackage: { 3 all: { ... } 4 } 5 });
Install without Grunt
If you don't want to use grunt, but still need this project, run it via grunty
npm install -D grunt-nice-package grunty
Then add the following to the scripts section
1{ 2 "scripts": { 3 "nice": "grunty grunt-nice-package nice-package" 4 } 5}
Validator functions
Please return true if the check passes from custom validation functions.
After the property validators pass, package.json is further checked using package-json-validator by Nick Sullivan. It will check the required properties, and provide suggestions for the recommended ones.
Tight versions
The fix step in this task removes all fuzzy symbols from declared versions (~, ^), leaving just the numbers.
"dependencies": { "dependencies": {
"foo": "^0.1.0", ==> "foo": "0.1.0",
"bar": "~1.0.0" "bar": "1.0.0"
} }
Options
You can define a validation function for any property of the package.json, by default the validation will check:
- name
- version
- description
- license or licenses
- keywords (array of strings)
For complete list see nice_package.js for details.
Related projects
You can easily run this grunt task from gulp, see Using grunt tasks from gulp
Small print
Author: Gleb Bahmutov © 2013
License: MIT - do anything with the code, but don't blame me if it does not work.
Spread the word: tweet, star on github, etc.
Support: if you find any problems with this module, email / tweet / open issue on Github
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 2/23 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 9 are checked with a SAST tool
Reason
93 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
- Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
- Warn: Project is vulnerable to: GHSA-j4mr-9xw3-c9jx
- Warn: Project is vulnerable to: GHSA-7p89-p6hx-q4fw
- Warn: Project is vulnerable to: GHSA-pp7h-53gx-mx7r
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-9vvw-cc9w-f27h
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-hr2v-3952-633q
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-qrmc-fj45-qfc2
- Warn: Project is vulnerable to: GHSA-9qj9-36jm-prpv
- Warn: Project is vulnerable to: GHSA-957j-59c2-j692
- Warn: Project is vulnerable to: GHSA-62cx-5xj4-wfm4
- Warn: Project is vulnerable to: GHSA-pr45-cg4x-ff4m
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-m5pj-vjjf-4m3h
- Warn: Project is vulnerable to: GHSA-j383-35pm-c5h4
- Warn: Project is vulnerable to: GHSA-rm36-94g8-835r
- Warn: Project is vulnerable to: GHSA-w5mw-f2hq-5fw8
- Warn: Project is vulnerable to: GHSA-q42p-pg8m-cqh6
- Warn: Project is vulnerable to: GHSA-2cf5-4w76-r9qv
- Warn: Project is vulnerable to: GHSA-3cqr-58rm-57f8
- Warn: Project is vulnerable to: GHSA-g9r4-xpmj-mj65
- Warn: Project is vulnerable to: GHSA-q2c6-c6pm-g3gh
- Warn: Project is vulnerable to: GHSA-w457-6q6x-cgp9
- Warn: Project is vulnerable to: GHSA-9prh-257w-9277
- Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44
- Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988
- Warn: Project is vulnerable to: GHSA-62gr-4qp9-h98f
- Warn: Project is vulnerable to: GHSA-f52g-6jhx-586p
- Warn: Project is vulnerable to: GHSA-44pw-h2cw-w3vq
- Warn: Project is vulnerable to: GHSA-jp4x-w63m-7wgm
- Warn: Project is vulnerable to: GHSA-c429-5p7v-vgjp
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
- Warn: Project is vulnerable to: GHSA-4hpf-3wq7-5rpr
- Warn: Project is vulnerable to: GHSA-f522-ffg8-j8r6
- Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
- Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-282f-qqgm-c34q
- Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
- Warn: Project is vulnerable to: GHSA-fvqr-27wr-82fm
- Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574
- Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-qx2f-477c-35rq
- Warn: Project is vulnerable to: GHSA-wrvr-8mpx-r7pp
- Warn: Project is vulnerable to: GHSA-hxm2-r34f-qmc5
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-87vv-r9j6-g5qv
- Warn: Project is vulnerable to: GHSA-446m-mv8f-q348
- Warn: Project is vulnerable to: GHSA-8hfj-j24r-96c4
- Warn: Project is vulnerable to: GHSA-gwg9-rgvj-4h5j
- Warn: Project is vulnerable to: GHSA-3fx5-fwvr-xrjg
- Warn: Project is vulnerable to: GHSA-w9mr-4mfr-499f
- Warn: Project is vulnerable to: GHSA-7mc5-chhp-fmc3
- Warn: Project is vulnerable to: GHSA-57cf-349j-352g
- Warn: Project is vulnerable to: GHSA-4p35-cfcx-8653
- Warn: Project is vulnerable to: GHSA-7f3x-x4pr-wqhj
- Warn: Project is vulnerable to: GHSA-jpp7-7chh-cf67
- Warn: Project is vulnerable to: GHSA-q6wq-5p59-983w
- Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2
- Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v
- Warn: Project is vulnerable to: GHSA-gqgv-6jq5-jjj9
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-r2j6-p67h-q639
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-jgqf-hwc5-hh37
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-v633-x5vv-hqwc
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
- Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
- Warn: Project is vulnerable to: GHSA-2m39-62fm-q8r3
- Warn: Project is vulnerable to: GHSA-mf6x-7mm4-x2g7
- Warn: Project is vulnerable to: GHSA-29xr-v42j-r956
- Warn: Project is vulnerable to: GHSA-g7q5-pjjr-gqvp
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-xc7v-wxcw-j472
- Warn: Project is vulnerable to: GHSA-34r7-q49f-h37c
- Warn: Project is vulnerable to: GHSA-c9f4-xj24-8jqx
- Warn: Project is vulnerable to: GHSA-v2p6-4mp7-3r9v
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Score
1.7
/10
Last Scanned on 2025-06-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More