Gathering detailed insights and metrics for nice-package
Gathering detailed insights and metrics for nice-package
📦 Clean up messy package metadata from the npm registry
Installations
npm install nice-packageDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>=4
Node Version
12.16.1
NPM Version
6.14.4
Score
77.1
Supply Chain
98.3
Quality
79.3
Maintenance
100
Vulnerability
99.6
License
Releases
3
Languages
1
JavaScript
JavaScript (100%)
Developer
nice-registry
Download Statistics
Total Downloads
43,434
Last Day
1
Last Week
17
Last Month
116
Last Year
3,115
GitHub Statistics
37 Stars
87 Commits
7 Forks
1 Watchers
6 Branches
12 Contributors
Updated on May 02, 2025
Bundle Size
98.98 kB
Minified
32.78 kB
Minified + Gzipped
Maintainers
2
Package Meta Information
Latest Version
3.1.2
Package Id
nice-package@3.1.2
Unpacked Size
762.90 kB
Size
48.97 kB
File Count
12
NPM Version
6.14.4
Node Version
12.16.1
Total Downloads
Cumulative downloads
Total Downloads
43,434
Last Day
-66.7%
1
Compared to previous day
Last Week
-26.1%
17
Compared to previous week
Last Month
-54.3%
116
Compared to previous month
Last Year
37.2%
3,115
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
nice-package ✨📦✨ 
Clean up messy package metadata from the npm registry
The package data served by the npm registry is messy and confusing. The folks at npm, Inc maintain a tool called normalize-package-data which does a lot of work to clean this data up, but the resulting object is still a bit confusing.
nice-package uses normalize-package-data as a starter, then does even more
package cleanup:
- uses the
doc['dist-tags'].latestas the baseline for package metadata - derives
starsCountfrom theusersobject - derives a
versionsarray from thetimeobject - renames
_npmUsertolastPublisher, because it's a more intuitive name. - renames
maintainerstoowners, for consistency with the CLI commands. - normalizes GitHub repository URLs to
httpsformat - moves internal bookkeeping properties like
_idand_frominto anotherobject that can easily be omitted. - more...
See Also
- package-stream: streams nice packages from the npm registry.
- nice-registry: A server that dishes out nice packges.
- fetch-nice-package: fetch a nice package by name.
Installation
1npm install nice-package --save
Usage
nice-package exports a class. To create a new package instance,
call new Package(doc), where doc is a JSON package object from the npm registry:
1const got = require('got') 2const Package = require('nice-package') 3 4got('https://registry.npmjs.com/express', {json: true}) 5 .then(function (doc) { 6 var pkg = new Package(doc) 7 console.log(JSON.stringify(pkg, null, 2)) 8 })
You can also instantiate a nice package from package.json data:
1const Package = require('nice-package')
2const pkg = new Package(require('node_modules/express/package.json'))
3
4pkg.dependsOn('array-flatten')
5// => trueCustomizing the Package Object
You can pick specific properties to return:
1const pkg = new Package(pkgData, {pick: ['name', 'description']}) 2 3// { 4// name: 'tlds', 5// description: 'List of TLDs' 6// }
or you can omit properties.
Sometimes you don't want the other data, the readme, etc.
1const pkg = new Package(pkgData, {omit: ['other', 'readme', 'versions']})
Note: pick and omit will also accept comma-delimited strings instead
of arrays. This works nicely if you're using query params from a URL as options to
nice-package:
1const pkg = new Package(pkgData, {omit: 'other,readme,versions'})Convenience Methods
A nice package comes with convenience methods:
pkg.mentions(query)
queryString
Performs a case-insensitive search against the JSON-stringified object. Returns a Boolean indicating whether the given query is present in the object.
pkg.dependsOn(pkgName)
pkgNameString - The name of another package
Returns a Boolean indicating whether the given pkgName is listed in dependencies.
pkg.devDependsOn(pkgName)
pkgNameString - The name of another package
Returns a Boolean indicating whether the given pkgName is listed in devDependencies.
pkg.somehowDependsOn(pkgName)
pkgNameString - The name of another package
Returns a Boolean indicating whether the given pkgName is listed in
dependencies or devDependencies.
pkg.depNames
A getter method that returns an array of the dependencies keys.
pkg.devDepNames
A getter method that returns an array of the devDependencies keys.
pkg.allDepNames
A getter method that returns an array of all the dependencies and
devDependencies keys.
Validation
nice-package uses a JSON schema to validate packages.
The following properties are required:
nameStringdescriptionStringversionString
To determine if a package is valid, use the pkg.valid getter method:
1pkg.valid 2// => false
To see validation errors on a package, use the pkg.validationErrors getter method:
1pkg.validationErrors
The result is an array of revalidator errors.
Tests
1npm install 2npm test
Dependencies
- github-url-to-object: Extract user, repo, and other interesting properties from GitHub URLs
- normalize-registry-metadata: clean package metadata objects you get from registry changes feeds
- revalidator: A cross-browser / node.js validator powered by JSON Schema
- semver: The semantic version parser used by npm.
Dev Dependencies
- require-dir: Helper to require() directories.
- standard: JavaScript Standard Style
- tap-spec: Formatted TAP output like Mocha's spec reporter
- tape: tap-producing test harness for node and browsers
License
MIT
Credits
💛 Thanks to emilyrose for giving up
the nice-package name on npm.
Generated by package-json-to-readme
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
Found 3/25 approved changesets -- score normalized to 1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 16 are checked with a SAST tool
Score
2.7
/10
Last Scanned on 2025-06-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More