Get metadata of a package from the npm registry
Installations
npm install package-jsonDeveloper Guide
Typescript
Yes
Module System
ESM
Min. Node Version
>=18
Node Version
18.20.2
NPM Version
10.6.0
Score
96.2
Supply Chain
97.7
Quality
77.3
Maintenance
100
Vulnerability
99.6
License
Releases
Contributors
Unable to fetch Contributors
Languages
JavaScript (78.76%)
TypeScript (21.24%)
Love this project? Help keep it running — sponsor us today! 🚀
Developer
sindresorhus
Download Statistics
Total Downloads
2,521,582,369
Last Day
1,448,508
Last Week
7,992,824
Last Month
32,772,111
Last Year
368,733,563
GitHub Statistics
MIT License
238 Stars
112 Commits
62 Forks
9 Watchers
1 Branches
18 Contributors
Updated on Feb 01, 2025
Bundle Size
66.20 kB
Minified
20.82 kB
Minified + Gzipped
Sponsor this package
Maintainers
Package Meta Information
Latest Version
10.0.1
Package Id
package-json@10.0.1
Unpacked Size
14.70 kB
Size
5.04 kB
File Count
5
NPM Version
10.6.0
Node Version
18.20.2
Published on
Jul 14, 2024
Total Downloads
Cumulative downloads
Total Downloads
2,521,582,369
Last Day
-1.8%
1,448,508
Compared to previous day
Last Week
5%
7,992,824
Compared to previous week
Last Month
42.5%
32,772,111
Compared to previous month
Last Year
-3.4%
368,733,563
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
4
Dev Dependencies
5
package-json
Get metadata of a package from the npm registry
Install
1npm install package-json
Usage
1import packageJson from 'package-json'; 2 3console.log(await packageJson('ava')); 4//=> {name: 'ava', …} 5 6// Also works with scoped packages 7console.log(await packageJson('@sindresorhus/df'));
API
packageJson(packageName, options?)
packageName
Type: string
Name of the package.
options
Type: object
version
Type: string
Default: latest
Package version such as 1.0.0 or a dist tag such as latest.
The version can also be in any format supported by the semver module. For example:
1- Get the latest1.x.x1.2- Get the latest1.2.x^1.2.3- Get the latest1.x.xbut at least1.2.3~1.2.3- Get the latest1.2.xbut at least1.2.3
fullMetadata
Type: boolean
Default: false
By default, only an abbreviated metadata object is returned for performance reasons. Read more, or see the type definitions.
allVersions
Type: boolean
Default: false
Return the main entry containing all versions.
registryUrl
Type: string
Default: Auto-detected
The registry URL is by default inferred from the npm defaults and .npmrc. This is beneficial as package-json and any project using it will work just like npm. This option is only intended for internal tools. You should not use this option in reusable packages. Prefer just using .npmrc whenever possible.
omitDeprecated
Type: boolean
Default: true
Whether or not to omit deprecated versions of a package.
If set, versions marked as deprecated on the registry are omitted from results. Providing a dist tag or a specific version will still return that version, even if it's deprecated. If no version can be found once deprecated versions are omitted, a VersionNotFoundError is thrown.
PackageNotFoundError
The error thrown when the given package name cannot be found.
VersionNotFoundError
The error thrown when the given package version cannot be found.
Authentication
Both public and private registries are supported, for both scoped and unscoped packages, as long as the registry uses either bearer tokens or basic authentication.
Proxies
Proxy support is not implemented in this package. If necessary, use a global agent that modifies fetch, which this package uses internally.
Support for this may come to Node.js in the future.
Related
- package-json-cli - CLI for this module
- latest-version - Get the latest version of an npm package
- pkg-versions - Get the version numbers of a package from the npm registry
- npm-keyword - Get a list of npm packages with a certain keyword
- npm-user - Get user info of an npm user
- npm-email - Get the email of an npm user
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
security policy file detected
Details
- Info: security policy file detected: .github/security.md:1
- Info: Found linked content: .github/security.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/security.md:1
- Info: Found text in security policy: .github/security.md:1
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: license:0
- Info: FSF or OSI recognized license: MIT License: license:0
Reason
Found 10/30 approved changesets -- score normalized to 3
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/package-json/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/package-json/main.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/main.yml:22
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 10 are checked with a SAST tool
Score
4.3
/10
Last Scanned on 2025-02-03
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to package-json
read-package-json
The thing npm uses to read package.json files with semantics and defaults and validation
sort-package-json
Sort an Object or package.json based on the well-known package.json keys
read-package-json-fast
Like read-package-json, but faster
package-json-from-dist
Load the local package.json from either src or dist folder