npmpackage.info

Gathering detailed insights and metrics for read-package-json-fast

read-package-json-fast

Like read-package-json, but faster

4.0.0

ISC

JavaScript

1.80 kB

895,782,731 7.1

Installations

npm install read-package-json-fast

Score

98.6

Supply Chain

91.9

Quality

82.8

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

1

Total

79

Closed

40

Merged

38

Issues

Open

1

Total

2

Closed

1

Releases

v4.0.0

Published on 25 Sept 2024

v3.0.2

Published on 13 Dec 2022

v3.0.1

Published on 17 Oct 2022

v3.0.0

Published on 10 Oct 2022

View all 4 releases

Developer

npm

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

^18.17.0 || >=20.5.0

Typescript Support

No

Node Version

22.9.0

NPM Version

10.8.3 Statistics

47 Stars

104 Commits

6 Forks

7 Watching

4 Branches

70 Contributors

Updated on 05 Nov 2024

Bundle Size

3.92 kB

Minified

1.80 kB

Minified + Gzipped

Bundlephobia

Languages

JavaScript (100%)

Total Downloads

Cumulative downloads

Total Downloads

895,782,731

Last day

-3.2%

1,212,192

Compared to previous day

Last week

6,976,411

Compared to previous week

Last month

6.3%

28,907,405

Compared to previous month

Last year

26.7%

332,628,875

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

json-parse-even-better-errors npm-normalize-package-bin

Dev Dependencies

@npmcli/eslint-config @npmcli/template-oss tap

Versions

read-package-json-fast

Like read-package-json, but faster and more accepting of "missing" data.

This is only suitable for reading package.json files in a node_modules tree, since it doesn't do the various cleanups, normalization, and warnings that are beneficial at the root level in a package being published.

USAGE

1const rpj = require('read-package-json-fast')
2
3// typical promisey type API
4rpj('/path/to/package.json')
5  .then(data => ...)
6  .catch(er => ...)
7
8// or just normalize a package manifest
9const normalized = rpj.normalize(packageJsonObject)

Errors raised from parsing will use json-parse-even-better-errors, so they'll be of type JSONParseError and have a code: 'EJSONPARSE' property. Errors will also always have a path member referring to the path originally passed into the function.

Indentation

To preserve indentation when the file is saved back to disk, use data[Symbol.for('indent')] as the third argument to JSON.stringify, and if you want to preserve windows \r\n newlines, replace the \n chars in the string with data[Symbol.for('newline')].

For example:

1const data = await readPackageJsonFast('./package.json')
2const indent = Symbol.for('indent')
3const newline = Symbol.for('newline')
4// .. do some stuff to the data ..
5const string = JSON.stringify(data, null, data[indent]) + '\n'
6const eolFixed = data[newline] === '\n' ? string
7  : string.replace(/\n/g, data[newline])
8await writeFile('./package.json', eolFixed)

Indentation is determined by looking at the whitespace between the initial { and the first " that follows it. If you have lots of weird inconsistent indentation, then it won't track that or give you any way to preserve it. Whether this is a bug or a feature is debatable ;)

WHAT THIS MODULE DOES

Parse JSON
Normalize bundledDependencies/bundleDependencies naming to just bundleDependencies (without the extra d)
Handle true, false, or object values passed to bundleDependencies
Normalize funding: <string> to funding: { url: <string> }
Remove any scripts members that are not a string value.
Normalize a string bin member to { [name]: bin }.
Fold optionalDependencies into dependencies.
Set the _id property if name and version are set. (This is load-bearing in a few places within the npm CLI.)

WHAT THIS MODULE DOES NOT DO

Warn about invalid/missing name, version, repository, etc.
Extract a description from the README.md file, or attach the readme to the parsed data object.
Read the HEAD value out of the .git folder.
Warn about potentially typo'ed scripts (eg, tset instead of test)
Check to make sure that all the files in the files field exist and are valid files.
Fix bundleDependencies that are not listed in dependencies.
Fix dependencies fields that are not strictly objects of string values.
Anything involving the directories field (ie, bins, mans, and so on).

No vulnerabilities found.

10

Security-Policy

Determines if the project has published a security policy.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

License

Determines if the project has defined a license.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

9

Maintained

Determines if the project is "actively maintained".

9

SAST

Determines if the project uses static code analysis.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/audit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/audit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/ci-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/ci-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/post-dependabot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/post-dependabot.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/post-dependabot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-integration.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/release-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-integration.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/release-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:236: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:274: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:283: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:303: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/read-package-json-fast/release.yml/main?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/audit.yml:38
Warn: npmCommand not pinned by hash: .github/workflows/ci-release.yml:58
Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:42
Warn: npmCommand not pinned by hash: .github/workflows/post-dependabot.yml:39
Warn: npmCommand not pinned by hash: .github/workflows/pull-request.yml:42
Warn: npmCommand not pinned by hash: .github/workflows/release-integration.yml:52
Warn: npmCommand not pinned by hash: .github/workflows/release.yml:50
Warn: npmCommand not pinned by hash: .github/workflows/release.yml:130
Info: 0 out of 26 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 12 third-party GitHubAction dependencies pinned
Info: 0 out of 8 npmCommand dependencies pinned

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Fuzzing

Determines if the project uses fuzzing.

Score

7.1

/10

Last Scanned on 2024-11-18

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to read-package-json-fast

Other packages similar to read-package-json-fast

read-package-json-fast

Installations

Score

Pull Requests

1

79

40

38

Issues

1

2

1

Releases

Developer

npm

Developer Guide

CommonJS

^18.17.0 || >=20.5.0

No

22.9.0

10.8.3

Statistics

Bundle Size

3.92 kB

1.80 kB

Languages

Total Downloads

895,782,731

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Dev Dependencies

read-package-json-fast

USAGE

Indentation

WHAT THIS MODULE DOES

WHAT THIS MODULE DOES NOT DO

10

10

10

10

10

10

9

9

0

0

0

0

7.1

/10