Description
The package.json
file must be a JSON formatted file and not a JavaScript Object.
Most of the points that will be covered in this section are related to the configuration settings described in config.
name
If you are publishing a package, name
and version
are the most important and essential fields. name
and version
must be able to be combined into a completely unique identifier. If the package generates an update, then the version
field must also be updated to generate a new unique name-version identifier. If you do not intend to publish your package, then the name
and version
fields are optional.
name
is the name of the package. It is referred to as the package name.
Some rules.
- Package names must be less than or equal to 214 characters in length. Include the scope of scoped packages.
- The package name of scoped packages can start with a dot or an underscore. This rule does not apply to unscoped packages (non-scoped packages).
- Names are not allowed to contain uppercase letters.
- A package name can be treated as part of a URL, a parameter on the command line, or the name of a folder. Therefore, package names are not allowed to contain non-URL-safe characters.
Some suggestions.
- Do not use the name of a node core module as a package name.
- Do not include “js” or “node” in the name. Packages will default to js because you are writing a
package.json
file, use the “engines” field if you need to specify an engine. (mentioned below) - The package name is passed as an argument to the
require()
function, so the name should be as short as possible, but needs to ensure some semantics. - Before naming a package, you may want to check if the npm repository already contains a package with the same name. https://www.npmjs.com/
The name can optionally be preceded by a scope, e.g. @myorg/mypackage
. Click scope for more details.
version
If you are publishing a package, name
and version
are the most important and essential fields. name
and version
must be able to be combined into a completely unique identifier. If the package generates an update, then the version
field must also be updated to generate a new unique name-version identifier. If you do not intend to release your package, then the name
and version
fields are optional.
The Version value must be parsable by node-semver.
description
The description of the package, a string that will help people find your package and can be displayed in the npm search
list.
keywords
Package related keywords, an array of strings to help people find your package, which can be displayed in the npm search
list.
homepage
The package’s homepage url.
For example.
|
|
bugs
The url address of the issue tracking page for the package, or an email address where bug messages can be sent. Users who use this package can send you issue details if they encounter a bug or other problem.
It should look like this.
You can specify at least one of the url
or email
fields. If you only want to provide an url, you can specify the value of bugs
as a normal string instead of an object.
If an url is provided, it will be used by the npm bugs
command.
license
You can specify a license for your package to let others know if there are license restrictions on using the package.
If a regular license is specified, such as BSD-2-Clause
or MIT
, the current SPDX license identifier needs to be added to the license being used.
|
|
You can check the SPDX License IDS Complete List. Normally you should select the license recognized by OSI.
If multiple licenses are included, you can use SPDX License Expression Syntax v2.0, like the following.
|
|
If you are using a license that is not in the scope of SPDX, or if you are using a custom license, then you can specify it like the following.
|
|
Then include the <filename>
file under the root path of the package.
Some older packages specify the license using objects or the licenses
attribute that contains an array of licensed objects.
|
|
These styles are currently discarded. Use SPDX expressions instead.
Finally, if you do not want to grant others the right to use private or unpublished packages under any terms. You can specify this:
|
|
Also consider setting "private": true
to prevent accidental publication.
Person fields: author, contributors
author
is a person and contributors
is an array of persons. A person is an object containing the name
attribute and optionally the url
and email
attributes, like this.
Or you can use the following string shorthand and npm will parse the following string for you.
|
|
emial and url are optional fields.
npm will set a top-level maintainers
field with your npm user information.
funding
You can specify an object containing a URL that provides up-to-date information about funding your package development, either as a string URL or as an array.
|
|
Users can use the npm fund
command to list the funding url for all the project’s dependent packages, or they can use npm fund <projectname>
to list the funding url for a given package (when there are multiple URLS, the first one will be accessed).
files
The optional files
field is a file-matching string, and when your package is installed as a project dependency, the files specified by the files
field will be included. File matching uses a syntax similar to that of the .gitignore
file. Ignoring this field is equivalent to ["*"]
, which means that all files are included.
Some special files will be included or excluded, whether they are specified by the files
field or not (see below).
You can also provide a .npmignore
file in the package root or subdirectory, similar to .gitignore
, which will prevent files from being included. If .npmignore
is in the root of the package, it will not overwrite the contents of the files
field, but if .npmignore
is in a subdirectory, it will overwrite the contents of the files
field. If there is a .gitignore
file but no .npmignore
file, then the contents of the .gitignore
file will be used as the contents of .npmignore
by default.
The files specified by the files
field cannot be excluded by .npmignore
or .gitignore
.
Some files will always be included in packages, no matter how they are set.
package.json
README
CHANGES
/CHANGELOG
/HISTORY
LICENSE
/LICENCE
NOTICE
- The file specified by the “main” field
README
, CHANGES
, LICENSE
& NOTICE
can be any file extensions.
Some files will always be excluded from the package, no matter how it is set.
.git
CVS
.svn
.hg
.lock-wscript
.wafpickle-N
.DS_Store
npm-debug.log
.npmrc
node_modules
config.gypi
package-lock.json
- All files containing the
*
character (not compatible with Windows)
main
The main
field is a module ID that is just the entry point for your program. If your package is named foo
and the user installs your package and imports your package using require("foo")
, then the object exported from the file specified in the main
field of your application’s package.json
file will be returned.
It should be a module ID relative to the root path of the package.
For most modules, it makes the most sense to have a main script and not much else.
browser
If your package is intended to be used in a client application, then the browser
field should be specified instead of the main
field. This can hint to the user that it may depend on something basic that is not available in the nodejs environment (like window
).
|
|
bin
Many packages have one or more executables that they want to install in the PATH. npm makes this easy (in fact, it is the npm executable that is installed using this feature).
To use this feature, you need to specify the bin
field in the package.json file, which represents the mapping of commands to local file names. When doing a global install, npm symbolically links this file to prefix/bin
(symlink), and when doing a local install, it symbolically links this file to node_modules/.bin/
.
For example, package.json
for myapp
contains the following.
|
|
When you install myapp
globally, npm will create a symbolic link from the cli.js
script to the usr/local/bin/myapp
directory.
If you only have one executable, then you can provide a string like this.
The above is written in a way that is equivalent to
Finally, make sure that the contents of the file referenced by the bin
field starts with #! /usr/bin/env node
to indicate that node is required for the script to execute.
directories
The package documentation structure is described by this field and is rarely used.
- directories.lib
- directories.bin
- directories.man
- directories.doc
- directories.example
- directories.test
repository
Tells you where the package repository is located. If the git repository is on Github, using the npm docs
command will redirect you to the repository page.
If it’s a Github, Github gist Bitbucker or GitLab repository, you can use the abbreviated form.
If the package.json
file is not in the project’s root directory, you can specify the directory where the package is located.
scripts
The scripts
property is a dictionary containing script commands that run at different times during the package’s lifecycle.
More detailed information is available on the scripts page.
config
The config
object can be used to configure the parameters of scripts, for example.
There is a start command and the port can be referenced via the npm_package_config_port
variable. Users can also override the configuration via npm config set foo:port 8001
.
More information can be found at config and scripts.
dependencies
Specifies project dependencies, the value is the package name plus the version number.
The version number can specify a range, and has the following syntax.
version
: the exact version, e.g.1.0.0
>version
: greater thanversion
>=version
: greater than or equal to<version
: less than<=version
: less than or equal to~version
: allows patch-level changes, e.g.~1.2.3
means>=1.2.3 <1.3.0
^version
: allows changes that do not change the leftmost non-zero version number, e.g.^1.2.3
means>=1.2.3 <2.0.0
1.2.x
http://...
*
version1 - version2
is the same as>=version1 <=version2
You can get more information about version at semver.
|
|
URLs can be used instead of version numbers.
You can also use the local path.
devDependencies
Dependency packages for the development environment.
peerDependencies
Field to prevent packages from being installed repeatedly.
For example, suppose your application depends on packages A, B and C, and B and C depend on A. When you install A, B and C, B and C will install A repeatedly, so you can add A to C under the peerDependencies
field, so that when your application installs dependencies, A will only be installed once, and B and C will not install A repeatedly.
This is generally used to specify the host version that the current package is compatible with. For example, if we want to write a webpack plugin that is currently compatible with webpack 3.x
, we can specify it as follows.
bundledDependencies
The bundled dependencies will be packaged together with the package specified by this object in the final package to be released.
optionalDependencies
Optional dependencies, use this field to specify optional packages if you want the project to work even if the installation fails, or if you want npm to keep running.
engines
You can specify some runtime environments, such as node and npm.