Gathering detailed insights and metrics for prettier-package-json
Gathering detailed insights and metrics for prettier-package-json
Prettier formatter for package.json files
Installations
npm install prettier-package-jsonDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Releases
Unable to fetch releases
Languages
2
TypeScript
JavaScript
TypeScript (85.56%)
JavaScript (14.44%)
Developer
cameronhunter
Download Statistics
Total Downloads
8,398,719
Last Day
2,718
Last Week
57,890
Last Month
256,545
Last Year
1,967,956
GitHub Statistics
154 Stars
124 Commits
18 Forks
2 Watchers
2 Branches
12 Contributors
Updated on Jun 27, 2025
Bundle Size
137.78 kB
Minified
44.76 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
2.8.0
Package Id
prettier-package-json@2.8.0
Unpacked Size
28.31 kB
Size
8.37 kB
File Count
20
Total Downloads
Cumulative downloads
Total Downloads
8,398,719
Last Day
-17.8%
2,718
Compared to previous day
Last Week
-33.5%
57,890
Compared to previous week
Last Month
41%
256,545
Compared to previous month
Last Year
4.2%
1,967,956
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Prettier package.json
prettier-package-json is a JSON formatter inspired by prettier. It removes all original styling and ensures that the outputted package.json conforms to a consistent style. By default it uses opinionated defaults but can be configured to your individual needs.
Features
Consistent key order
Keys in package.json will be sorted in an opinionated order but may be configured to your own preferences.
Input:
1{ 2 "description": "Prettier formatter for package.json files", 3 "name": "prettier-package-json", 4 "license": "MIT", 5 "version": "1.0.1", 6 "author": "Cameron Hunter <hello@cameronhunter.co.uk>" 7}
Output:
1{ 2 "name": "prettier-package-json", 3 "description": "Prettier formatter for package.json files", 4 "author": "Cameron Hunter <hello@cameronhunter.co.uk>", 5 "license": "MIT", 6 "version": "1.0.1" 7}
Sensibly sorted scripts
The scripts field is sorted alphabetically but keeps pre and post scripts surrounding their named script.
Input:
1{ 2 "name": "prettier-package-json", 3 "version": "1.0.1", 4 "scripts": { 5 "test": "test", 6 "pretest": "pretest", 7 "version": "version", 8 "postversion": "postversion", 9 "build": "build" 10 } 11}
Output:
1{ 2 "name": "prettier-package-json", 3 "version": "1.0.1", 4 "scripts": { 5 "build": "build", 6 "pretest": "pretest", 7 "test": "test", 8 "version": "version", 9 "postversion": "postversion" 10 } 11}
Expand/contract author, contributors, and maintainers
The author, contributors and maintainers fields will be shortened to their string versions and sorted by name. Use
the --expand-users option if you prefer user objects.
Input:
1{ 2 "name": "prettier-package-json", 3 "version": "1.0.1", 4 "author": { 5 "name": "Cameron Hunter", 6 "email": "hello@cameronhunter.co.uk", 7 "url": "https://cameronhunter.co.uk" 8 }, 9 "contributors": ["Barry", "Adam <adam@email.com>"] 10}
Output:
1{ 2 "name": "prettier-package-json", 3 "version": "1.0.1", 4 "author": "Cameron Hunter <hello@cameronhunter.co.uk> (https://cameronhunter.co.uk)", 5 "contributors": ["Adam <adam@email.com>", "Barry"] 6}
Filter and sort files field
Some files are included or excluded automatically by npm, these are removed from the files field before sorting
alphabetically.
Input:
1{ 2 "name": "prettier-package-json", 3 "version": "1.0.1", 4 "main": "src/index.js", 5 "files": ["src/index.js", "src", "CHANGELOG.md", "readme.md", "package-lock.json"] 6}
Output:
1{ 2 "name": "prettier-package-json", 3 "version": "1.0.1", 4 "main": "src/index.js", 5 "files": ["src"] 6}
Usage
Install:
1yarn add prettier-package-json --dev
You can install it globally if you like:
1yarn global add prettier-package-json
We're defaulting to yarn but you can use npm if you like:
1npm install [-g] prettier-package-json
CLI
Run prettier-package-json through the CLI with this script. Run it without any arguments to see the options.
To format a file in-place, use --write. You may want to consider committing your file before doing that, just in case.
1prettier-package-json [opts] [filename]
In practice, this may look something like:
1prettier-package-json --write ./package.json
Pre-commit hook for changed files
You can use this with a pre-commit tool. This can re-format your files that are marked as "staged" via git add before you commit.
1. lint-staged
Install it along with husky:
1yarn add lint-staged husky --dev
and add this config to your package.json:
1{ 2 "scripts": { 3 "precommit": "lint-staged" 4 }, 5 "lint-staged": { 6 "package.json": ["prettier-package-json --write", "git add"] 7 } 8}
See https://github.com/okonet/lint-staged#configuration for more details about how you can configure lint-staged.
2. bash script
Alternately you can just save this script as .git/hooks/pre-commit and give it execute permission:
1#!/bin/sh 2packagejsonfiles=$(git diff --cached --name-only --diff-filter=ACM | grep 'package\.json$' | tr '\n' ' ') 3[ -z "$packagejsonfiles" ] && exit 0 4 5diffs=$(node_modules/.bin/prettier-package-json -l $packagejsonfiles) 6[ -z "$diffs" ] && exit 0 7 8echo "here" 9echo >&2 "package.json files must be formatted with prettier-package-json. Please run:" 10echo >&2 "node_modules/.bin/prettier-package-json --write "$diffs"" 11 12exit 1
API
The API has two functions, exported as format and check. Usage is as follows:
1import { format, check } from 'prettier-package-json'; 2 3const options = {}; // optional 4 5format(json, options); 6check(json, options);
check checks to see if the file has been formatted with prettier-package-json given those options and returns a Boolean.
This is similar to the --list-different parameter in the CLI and is useful for running in CI scenarios.
CI
For usage in CI scenarios, you can use the --list-different CLI flag. The command will list all invalid files and return
with a proper default error code, so that in case of an error or invalid file the build pipeline automatically fails.
These are the status codes:
0: all files valid, no error occured.1: an error ocurred, for example a JSON parse error. See message onstderrfor details.2: not all files are valid.
These exit codes are only set when in --list-different mode.
Options
prettier-package-json ships with a handful of customizable format options, usable in both the CLI, API, and configuration file.
| Option | Default | CLI override | API override |
|---|---|---|---|
| Tab Width - Specify the number of spaces per indentation-level. | 2 | --tab-width <int> | tabWidth: <int> |
| Tabs - Indent lines with tabs instead of spaces. | false | --use-tabs | useTabs: <bool> |
| Expand Users - Expand author and contributors into objects. | false | --expand-users | expandUsers: <bool> |
| Key Order - Specify the order of keys. | See default options | --key-order <comma,separated,list...> | keyOrder: <array|function> |
A configuration file will be searched for using cosmiconfig rules:
prettier-package-jsonfield inpackage.json.prettier-package-jsonfile (JSON or YAML), extentionless "rc" file.prettier-package-jsonfile with the extensions.json,.yaml,.yml,.js, or.cjs.prettier-package-json.config.jsorprettier-package-json.config.cjsCommonJS module.
Configuration file may also be passed using the --config CLI parameter.
Contributing
See CONTRIBUTING.md.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
Found 8/23 approved changesets -- score normalized to 3
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cameronhunter/prettier-package-json/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/cameronhunter/prettier-package-json/ci.yml/main?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 15 are checked with a SAST tool
Reason
21 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-4g88-fppr-53pp
- Warn: Project is vulnerable to: GHSA-4jqc-8m5r-9rpr
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
Score
2.5
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More