Gathering detailed insights and metrics for parent-package-json
Gathering detailed insights and metrics for parent-package-json
Installations
npm install parent-package-jsonDeveloper Guide
BETA
Typescript
No
Module System
ESM
Min. Node Version
>= 18.0.0
Score
75.5
Supply Chain
78.5
Quality
75.5
Maintenance
100
Vulnerability
100
License
Releases
7
Languages
1
TypeScript
TypeScript (100%)
Developer
maxrimue
Download Statistics
Total Downloads
1,930,857
Last Day
29
Last Week
3,290
Last Month
21,042
Last Year
238,627
GitHub Statistics
ISC License
6 Stars
88 Commits
2 Forks
1 Watchers
19 Branches
3 Contributors
Updated on Oct 17, 2023
Bundle Size
847.00 B
Minified
471.00 B
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
3.0.0
Package Id
parent-package-json@3.0.0
Unpacked Size
7.15 kB
Size
2.99 kB
File Count
12
Published on
Jun 10, 2023
Total Downloads
Cumulative downloads
Total Downloads
1,930,857
Last Day
16%
29
Compared to previous day
Last Week
-36.6%
3,290
Compared to previous week
Last Month
19.4%
21,042
Compared to previous month
Last Year
-73.6%
238,627
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
4
parent-package-json
Find, read and parse the package.json that sits above your module. Provide a custom ignore count or start path to define where to look for a parent package.
1npm install --save parent-package-json
1import parentJSON from "parent-package-json";
Getting Started
To get the nearest parent package.jsons path, content (as string) or parsed content (using JSON.parse):
1const parent = parentJSON(); 2 3const pathToParentPackageJSON = parent.path.relative; 4const parentContentAsString = parent.read(); 5const parentContentAsObject = parent.parse(); 6 7const parentVersion = parentContentAsObject.version;
The parent package.json is looked up starting from the current working directory of your script. If none is found, paths, .read() and .parse() will return undefined.
Custom Path and Ignore Count
If you need to determine the parent package.json of a custom path instead of the current working directory, which should be the module from which you are running the code, you can specify it via the path option:
1const startPath = path.join(...); 2const parent = parent({ startPath });
You can also specify a count of parent directories to skip:
1const parent = parent({ ignoreCount: 1 });
Note: A package.json file in the provided startPath is always ignored. Set the startPath one layer below the one where you expect to find a parent package file.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: License:0
- Info: FSF or OSI recognized license: ISC License: License:0
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/maxrimue/parent-package-json/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/maxrimue/parent-package-json/test.yml/main?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
Found 0/16 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 19 are checked with a SAST tool
Reason
16 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-c24v-8rfc-w8vw
- Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g
- Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
- Warn: Project is vulnerable to: GHSA-x574-m823-4x7w
- Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8
- Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x
- Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
- Warn: Project is vulnerable to: GHSA-859w-5945-r5v3
Score
3
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More