package.json validator

Tools to validate package.json files.

Usage

npm install package-json-validator

import { validate } from "package-json-validator";

validate(/* ... */);

For tools that run these validations, see:

eslint-plugin-package-json: to detect all violations and keep them warned against via ESLint
package-json-validator-cli: if you want just a one-shot tool to run in the CLI

Result Types

Following are the types involved in the return type of our granular validate* functions.

Result

The Result type, is the common top-level return type for all of our granular validate* functions. It provides rich information about the nature of the issues encountered as part of validating. For complex objects like exports, its tree structure can give information on which parts of the structure have issues.

errorMessages: string[]

The full collection of error messages (including errors from child element). This consists of the Issue.message for all of the items in this Result's issues, as well as the messages of all descendent issues.

issues: Issue[]

Collection of issues for this object (property or array element).

childResults: ChildResult[]

Collection of result objects for child elements (either properties or array elements), if this property is an object or array.

ChildResult extends Result

Result object for a child (either a property in an object or an element of an array).

index: number

The index of this property in relation to its parent's collection (properties or array elements).

Issue

message: string

The message with information about this issue.

API

validate(data, options?)

This function validates an entire package.json and returns a list of errors, if any violations are found.

Parameters

data packageData object or a JSON-stringified version of the package data.

options is an object with the following:

interface Options {
	recommendations?: boolean; // show recommendations
	warnings?: boolean; // show warnings
}

Examples

Example using an object:

import { validate } from "package-json-validator";

const packageData = {
	name: "my-package",
	version: "1.2.3",
};

validate(packageData);

Example using a string:

import { validate } from "package-json-validator";

const text = JSON.stringify({
	name: "packageJsonValidator",
	version: "0.1.0",
	private: true,
	dependencies: {
		"date-fns": "^2.29.3",
		install: "^0.13.0",
		react: "^18.2.0",
		"react-chartjs-2": "^5.0.1",
		"react-dom": "^18.2.0",
		"react-material-ui-carousel": "^3.4.2",
		"react-multi-carousel": "^2.8.2",
		"react-redux": "^8.0.5",
		"react-router-dom": "^6.4.3",
		"react-scripts": "5.0.1",
		redux: "^4.2.0",
		"styled-components": "^5.3.6",
		"web-vitals": "^2.1.4",
	},
	scripts: {
		start: "react-scripts start",
	},
	eslintConfig: {
		extends: ["react-app", "react-app/jest"],
	},
	browserslist: {
		production: [">0.2%", "not dead", "not op_mini all"],
		development: [
			"last 1 chrome version",
			"last 1 firefox version",
			"last 1 safari version",
		],
	},
});

const data = validate(text);

Output for above example:

console.log(data);
// {
//  valid: true,
//   warnings: [
//    'Missing recommended field: description',
//    'Missing recommended field: keywords',
//    'Missing recommended field: bugs',
//    'Missing recommended field: licenses',
//    'Missing recommended field: author',
//    'Missing recommended field: contributors',
//    'Missing recommended field: repository'
//  ],
//  recommendations: [
//    'Missing optional field: homepage',
//    'Missing optional field: engines'
//  ]
// }

validateAuthor(value)

This function validates the value of the author property of a package.json. It takes the value, and validates it against the following criteria.

the property is either a string or an object
if it's an object, it should include a name field and, optionally, email and / or url fields.
if present, the email and url fields should be valid email and url, respectively.

It returns a Result object (See Result Types).

Examples

import { validateAuthor } from "package-json-validator";

const packageData = {
	author: {
		email: "b@rubble.com",
		name: "Barney Rubble",
		url: "http://barnyrubble.tumblr.com/",
	},
};

const result = validateAuthor(packageData.author);

import { validateAuthor } from "package-json-validator";

const packageData = {
	author: "Barney Rubble <b@rubble.com> (http://barnyrubble.tumblr.com/)",
};

const result = validateAuthor(packageData.author);

validateBin(value)

This function validates the value of the bin property of a package.json. It takes the value, and validates it against the following criteria.

It should be of type string or object.
If it's a string, it should be a relative path to an executable file.
If it's an object, it should be a key to string value object, and the values should all be relative paths.

It returns a Result object (See Result Types).

Examples

import { validateBin } from "package-json-validator";

const packageData = {
	bin: "./my-cli.js",
};

const result = validateBin(packageData.bin);

import { validateBin } from "package-json-validator";

const packageData = {
	bin: {
		"my-cli": "./my-cli.js",
		"my-dev-cli": "./dev/my-cli.js",
	},
};

const result = validateBin(packageData.bin);

validateBundleDependencies(value)

This function validates the value of the bundleDependencies property of a package.json. It takes the value, and validates it against the following criteria.

the property is either an array or a boolean
if it's an array, all items should be strings

It returns a Result object (See Result Types).

Examples

import { validateBundleDependencies } from "package-json-validator";

const packageData = {
	bundleDependencies: ["renderized", "super-streams"],
};

const result = validateBundleDependencies(packageData.bundleDependencies);

validateConfig(value)

This function validates the value of the config property of a package.json. It takes the value, and validates that it's an object.

It returns a Result object (See Result Types).

Examples

import { validateConfig } from "package-json-validator";

const packageData = {
	config: {
		debug: true,
		host: "localhost",
		port: 8080,
	},
};

const result = validateConfig(packageData.config);

validateContributors(value)

This function validates the value of the contributors property of a package.json. It takes the value, and validates it against the following criteria.

the property is an Array of objects
each object in the array should be a "person" object with at least a name and optionally email and url
the email and url properties, if present, should be valid email and URL formats.

It returns a Result object (See Result Types).

Examples

import { validateContributors } from "package-json-validator";

const packageData = {
	contributors: [
		{
			email: "b@rubble.com",
			name: "Barney Rubble",
			url: "http://barnyrubble.tumblr.com/",
		},
	],
};

const result = validateContributors(packageData.contributors);

validateCpu(value)

This function validates the value of the cpu property of a package.json. It takes the value, and validates it against the following criteria.

the property is an array
all items in the array should be one of the following:

"arm", "arm64", "ia32", "loong64", "mips", "mipsel", "ppc64", "riscv64", "s390", "s390x", "x64"

[!NOTE] These values are the list of possible process.arch values documented by Node.

It returns a Result object (See Result Types).

Examples

import { validateCpu } from "package-json-validator";

const packageData = {
	cpu: ["x64", "ia32"],
};

const result = validateCpu(packageData.cpu);

validateDependencies(value)

Also: validateDevDependencies(value), validateOptionalDependencies(value), and validatePeerDependencies(value)

These functions validate the value of their respective dependency property. They take the value, and validate it against the following criteria.

It should be of type an object.
The object should be a record of key value pairs
For each property, the key should be a valid package name, and the value should be a valid version

It returns a Result object (See Result Types).

Examples

import { validateDependencies } from "package-json-validator";

const packageData = {
	dependencies: {
		"@catalog/package": "catalog:",
		"@my/package": "^1.2.3",
		"@workspace/package": "workspace:^",
	},
};

const result = validateDependencies(packageData.dependencies);

validateDescription(value)

This function validates the value of the description property of a package.json, checking that the value is a non-empty string.

It returns a Result object (See Result Types).

Examples

import { validateDescription } from "package-json-validator";

const packageData = {
	description: "The Fragile",
};

const result = validateDescription(packageData.description);

validateDirectories(value)

This function validates the value of the directories property of a package.json. It takes the value, and validates it against the following criteria.

the property is an object
its keys are non-empty strings
its values are all non-empty strings

It returns a Result object (See Result Types).

Examples

import { validateDirectories } from "package-json-validator";

const packageData = {
	directories: {
		bin: "dist/bin",
		man: "docs",
	},
};

const result = validateDirectories(packageData.directories);

validateEngines(value)

This function validates the value of the engines property of a package.json. It takes the value, and validates it against the following criteria.

It should be of type object.
It should be a key to string value object, and the values should all be non-empty.

It returns a Result object (See Result Types).

Examples

import { validateEngines } from "package-json-validator";

const packageData = {
	engines: {
		node: "^20.19.0 || >=22.12.0",
	},
};

const result = validateEngines(packageData.engines);

validateExports(value)

This function validates the value of the exports property of a package.json. It takes the value, and validates it against the following criteria.

It should be of type string or object.
If it's a string, it should be a path to an entry point.
If it's an export condition object, its properties should have values that are either a path to an entry point, or another exports condition object.

It returns a Result object (See Result Types).

Examples

import { validateExports } from "package-json-validator";

const packageData = {
	exports: "./index.js",
};

const result = validateExports(packageData.exports);

import { validateExports } from "package-json-validator";

const packageData = {
	exports: {
		".": {
			types: "./index.d.ts",
			default: "./index.js",
		},
		"./secondary": {
			types: "./secondary.d.ts",
			default: "./secondary.js",
		},
	},
};

const result = validateExports(packageData.exports);

validateFiles(value)

This function validates the value of the files property of a package.json. It takes the value, and validates it against the following criteria.

the property is an array
all items in the array should be non-empty strings

It returns a Result object (See Result Types).

Examples

import { validateFiles } from "package-json-validator";

const packageData = {
	files: ["dist", "CHANGELOG.md"],
};

const result = validateFiles(packageData.files);

validateHomepage(value)

This function validates the value of the homepage property of a package.json, checking that the value is a string containing a valid url.

It returns a Result object (See Result Types).

Examples

import { validateHomepage } from "package-json-validator";

const packageData = {
	homepage: "The Fragile",
};

const result = validateDescription(packageData.homepage);

validateKeywords(value)

This function validates the value of the keywords property of a package.json. It takes the value, and validates it against the following criteria.

the property is an array
all items in the array should be non-empty strings

It returns a Result object (See Result Types).

Examples

import { validateKeywords } from "package-json-validator";

const packageData = {
	keywords: ["eslint", "package.json"],
};

const result = validateKeywords(packageData.keywords);

validateLicense(value)

This function validates the value of the license property of a package.json. It takes the value, and validates it using validate-npm-package-license, which is the same package that npm uses.

It returns a Result object (See Result Types).

Examples

import { validateLicense } from "package-json-validator";

const packageData = {
	license: "MIT",
};

const result = validateLicense(packageData.license);

validateMain(value)

This function validates the value of the main property of a package.json, checking that the value is a non-empty string.

It returns a Result object (See Result Types).

Examples

import { validateMain } from "package-json-validator";

const packageData = {
	main: "index.js",
};

const result = validateMain(packageData.main);

validateMan(value)

This function validates the value of the man property of a package.json. It takes the value, and validates it against the following criteria.

the property is either a string or an array of strings
the string(s) must end in a number (and optionally .gz)

It returns a Result object (See Result Types).

Examples

import { validateMan } from "package-json-validator";

const packageData = {
	man: ["./man/foo.1", "./man/bar.1"],
};

const result = validateMan(packageData.man);

validateName(value)

This function validates the value of the name property of a package.json. It takes the value, and validates it using validate-npm-package-name, which is the same package that npm uses.

It returns a Result object (See Result Types).

Examples

import { validateName } from "package-json-validator";

const packageData = {
	name: "some-package",
};

const result = validateName(packageData.name);

validateOs(value)

This function validates the value of the os property of a package.json. It takes the value, and validates it against the following criteria.

the property is an array
all items in the array should be one of the following:

"aix", "android", "darwin", "freebsd", "linux", "openbsd", "sunos", and "win32"

[!NOTE] These values are the list of possible process.platform values documented by Node.

It returns a Result object (See Result Types).

Examples

import { validateOs } from "package-json-validator";

const packageData = {
	os: ["linux", "win32"],
};

const result = validateOs(packageData.os);

validatePrivate(value)

This function validates the value of the private property of a package.json. It takes the value, and checks that it's a boolean.

It returns a Result object (See Result Types).

Examples

import { validatePrivate } from "package-json-validator";

const packageData = {
	private: true,
};

const result = validatePrivate(packageData.private);

validatePublishConfig(value)

This function validates the value of the publishConfig property of a package.json. It takes the value, and validates it against the following criteria.

the property is an object
if any of the following properties are present, they should conform to the type defined by the package manager
- access
- bin
- cpu
- directory
- exports
- main
- provenance
- tag

[!NOTE] These properties are a (non-exhaustive) combination of those supported by npm, pnpm, and yarn.

https://docs.npmjs.com/cli/v11/commands/npm-publish#configuration

https://pnpm.io/package_json#publishconfig

https://yarnpkg.com/configuration/manifest#publishConfig

It returns a Result object (See Result Types).

Examples

import { validatePublishConfig } from "package-json-validator";

const packageData = {
	publishConfig: {
		provenance: true,
	},
};

const result = validatePublishConfig(packageData.publishConfig);

validateRepository(value)

This function validates the value of the repository property of a package.json. It takes the value, and validates it against the following criteria.

It should be of type object or string.
If it's an object, it should have type, url, and optionally directory.
type and directory (if present) should be non-empty strings
url should be a valid repo url
If it's a string, it should be the shorthand repo string from a supported provider.

It returns a Result object (See Result Types).

Examples

import { validateRepository } from "package-json-validator";

const packageData = {
	repository: {
		type: "git",
		url: "git+https://github.com/JoshuaKGoldberg/package-json-validator.git",
		directory: "packages/package-json-validator",
	},
};

const result = validateRepository(packageData.repository);

import { validateRepository } from "package-json-validator";

const packageData = {
	repository: "github:JoshuaKGoldberg/package-json-validator",
};

const result = validateRepository(packageData.repository);

validateScripts(value)

This function validates the value of the scripts property of a package.json. It takes the value, and validates it against the following criteria.

the property is an object
its keys are non-empty strings
its values are all non-empty strings

It returns a Result object (See Result Types).

Examples

import { validateScripts } from "package-json-validator";

const packageData = {
	scripts: {
		build: "rollup -c",
		lint: "eslint .",
		test: "vitest",
	},
};

const result = validateScripts(packageData.scripts);

validateSideEffects(value)

This function validates the value of the sideEffects property of a package.json. It takes the value, and validates it against the following criteria.

The value is either a boolean or an Array.
If it's an array, all items should be non-empty strings.

It returns a Result object (See Result Types).

Examples

import { validateSideEffects } from "package-json-validator";

const packageData = {
	sideEffects: false,
};

const result = validateSideEffects(packageData.sideEffects);

validateType(value)

This function validates the value of the type property of a package.json. It takes the value, and validates it against the following criteria.

the property is a string
its value is either 'commonjs' or 'module'

It returns a Result object (See Result Types).

Examples

import { validateType } from "package-json-validator";

const packageData = {
	type: "module",
};

const result = validateType(packageData.type);

validateVersion(value)

This function validates the value of the version property of a package.json. It takes the value, and validates it using semver, which is the same package that npm uses.

It returns a Result object (See Result Types).

Examples

import { validateVersion } from "package-json-validator";

const packageData = {
	version: "1.2.3",
};

const result = validateVersion(packageData.version);

validateWorkspaces(value)

This function validates the value of the workspaces property of a package.json. It takes the value, and validates it against the following criteria.

the property is an array
all items in the array should be non-empty strings

It returns a Result object (See Result Types).

Examples

import { validateWorkspaces } from "package-json-validator";

const packageData = {
	workspaces: ["./app", "./packages/*"],
};

const result = validateWorkspaces(packageData.cpu);

Specification

This package uses the npm spec along with additional supporting documentation from node, as its source of truth for validation.

Deprecation Policy

We never want to remove things, when we're building them! But the reality is that libraries evolve and deprecations are a fact of life. Following are the different timeframes that we've defined as it relates to deprecating APIs in this project.

RFC Timeframe (6 weeks)

When some aspect of our API is going to be deprecated (and eventually removed), it must initially go through an RFC phase. Whoever's motivating the removal of the api, should create an RFC issue explaining the proposal and inviting feedback from the community. That RFC should remain active for at least 6 weeks. The RFC text should make clear what the target date is for closing the RFC. Once the RFC period is over, if the removal is still moving forward, the API(s) should be officially deprecated.

Removal Timeframe (6 months)

Once an API has been marked as deprecated, it will remain intact for at least 6 months. After 6 months from the date of deprecation, the API is subject to removal.

Development

See .github/CONTRIBUTING.md, then .github/DEVELOPMENT.md. Thanks! ????

Contributors

_Alan ????	_{Amila Welihinda} ????	_{Andreas Brekken} ????	_{August Valera} ????	_{Azat S.} ????	_{Brad Jorsch} ????	_{Brett Zamir} ????
_{Chris Montgomery} ????	_{Clay Carpenter} ????	_{Daniel Bayley} ????	_{Dav Glass} ????	_Denis ????	_DjDCH ????	_Eli ???? ????
_{Eric Cornelissen} ????	_{Gord Tanner} ????	_{Hannah Wolfe} ????	_{Hemanth HM} ????	_{J Rob Gant} ????	_{Jason Jarrett} ????	_{Jason Karns} ????
_{Jatin Chopra} ????	_{Josh Goldberg ✨} ???? ???? ???? ???? ???? ???? ???? ???? ????	_{L N M Anudeep} ????	_{Linus Unnebäck} ????	_{Matthew Holloway} ????	_{Morrison Cole} ???? ????	_{Nick Sullivan} ???? ???? ???? ???? ????
_{Norman Sue} ????	_{Peter deHaan} ???? ????	_Reggi ????	_{Sebastien Dubois} ????	_Simon ????	_{Slava Fomin II} ????	_{Stephen Zhou} ????
_{Veniamin Krol} ????	_gramergrater ????	_{michael faith} ???? ???? ???? ???? ???? ???? ????	_{sarahhagstrom} ????