This results in gitHead not being published, e.g. in context of CircleCI.
STR:

• git pack-refs --all
• npm publish
• npm show

Actual result: no gitHead present

Expected result: gitHead should be there

This results e.g. in semantic-release/semantic-release#256

This module shouldn't log to stderr. We could have it return an array of warnings and then the module calling this module could do the logging.

Commit 04bef29 added json-parse-better-errors, which uses ES6 syntax.

See npm/npm-www#571

init-package-json does this, maybe we could figure out some way to reasonably add to read-package-json

What / Why

In an npm package.json script on Windows, \n gobbles the rest of the command.

When

• A package.json script contains \n

Where

• npm scripts declared in package.json

My environment is:

• Windows PowerShell 5.1.18362.752
• npm 6.14.6
• node v12.18.4

How

Current Behavior

Everything until the \n is executed. Everything after the \n is ignored.

Steps to Reproduce

In package.json:

{
  "scripts": {
    "bad": "echo a\nb && echo c"
  }
}

In Windows Powershell:

npm run bad

Output (note that everything except the last line is a reprint of the command, so really the command's output is just "a"):

> [email protected] bad C:\My\Location
> echo a
b && echo c

a

Expected Behavior

\n is a common sequence when writing scripts for Mac or Linux, so I expect it not to break unrelated parts of the script when running on Windows. \n could be treated literally, which is the normal PowerShell behavior, or it could be treated like the empty string, `n (the Powershell newline sequence), or n.

Who

• n/a

References

• May be a bug in npm/run-script, rather than a bug in npm/read-package-json. I have cross-posted there.

Edit: see my later comment for a better description of the issue

Could we use something like

git rev-parse --show-toplevel

to find the directory? Otherwise, when publishing out of subdirectories, the git root isn't found.

Also: how would this be implemented? Running git directly?

For projects that won't be published as npm modules, but that instead use npm only as a means for installing local dependencies (think of the package.json in this case like a Gemfile) the currently required name and version fields are unnecessary. It would be great if they were optional.

I've done npm install read-package-json I've tried to use it and immediately got following error:

module.js:337
    throw new Error("Cannot find module '" + request + "'");
          ^
Error: Cannot find module 'slide'
    at Function._resolveFilename (module.js:337:11)
    at Function._load (module.js:279:25)
    at Module.require (module.js:359:17)
    at require (module.js:375:17)
    at Object.<anonymous> (/Users/medikoo/Projects/_tests/node_modules/read-package-json/read-json.js:27:13)
    at Module._compile (module.js:446:26)
    at Object..js (module.js:464:10)
    at Module.load (module.js:353:31)
    at Function._load (module.js:311:12)
    at Module.require (module.js:359:17)

OSX, Node v0.6.18

Hello,

I'm packaging atom [1] for debian [2].
Your software is there included.

I found some issues in your software:

• In your source files are no copyright / license tags [3]
  and / or
• you have no LICENSE file at your top directory

Regards,
Jörg Frings-Fürst

[1] http://atom.io
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747824
[3]
// Copyright 20xx-20xx your name
// License: [your license eg. MIT / GPL-2 ....]

Please add a license file to clarify what license this is distributed under.

I'd like to use node/npm for a project at work, but npm depends on this package and I'm not allowed to use software that doesn't have a clear license.

Thanks!

What / Why

This module is too slow. It does too much stuff, and much of it is unnecessary or inefficient.

When

Running npm ls in a project with 2000 or more deps.

Current Behavior

• It takes a really long time.

Expected Behavior

• It should not take a really long time.

Who

• @npm/cli-team

Proposal

Here's what it does today:

• If the package.json file can't be found, look for a magic comment in an index.js file instead.
• bundleDependencies - normalize the bundledDependencies/bundleDependencies key and value (this is fast and worthwhile).
• gypfile - glob for any file matching *.gyp, and if any are found, set data.gypfile = true and add an install script of node-gyp rebuild.
• serverjs - glob for a file named server.js, and if found, set scripts.start to node server.js
• scriptpath - strip ./node_modules/.bin from the start of any scripts
• authors - Read a file named AUTHORS and add the contents to data.contributors
• readme - Glob for a file named README.*. Save the file name as data.readmeFilename, and the data as data.readme.
• mans - If there is a data.directories.man, then glob in it for files named *.[0-9] and add the list to data.man.
• bins - Same as mans, but for data.directory.bin. Also turns "bin": [array, of, scripts] into a proper object.
• githead - Read the file at .git/HEAD and save the shasum as data.githead.
• assign data._id as the name@version
• Make sure that all the bin references exist
• call normalize-package-data on the data, which again fixes a couple of things on the list above, but mostly just enforces various data type constraints.

Here's what I intend to make it do:

• Drop the indexjs stuff. It's dumb and no one uses it.
• Keep the bundleDeps, script ./node_modules/.bin path checking, and other basic data-checking normalizing stuff, but refactor it so that it's not calling a bunch of functions with constructed strings, as that seems like it prevents some of v8's optimizations.
• Drop githead entirely.
• We should handle the directories.* stuff when installing and linking a package, not when reading the json. Drop it from here.
• Drop all the readme/readmeFilename stuff.
• Don't warn if a name/version/etc are missing. It's kind of noisy and annoying to be nagged about adding a version to a package that is never going to be published. We should just require that at publish time.

Just monkeypatching this module with something that does a simple JSON.parse(fs.readFile(..)) brought it from this:

$ time node ../npm/arborist/la.js .

real	0m2.081s
user	0m2.875s
sys	0m0.642s

to this:

$ time node ../npm/arborist/la.js .

real	0m0.649s
user	0m0.830s
sys	0m0.253s

(la.js is a script that loads an actual tree and prints it, but doesn't do anything else.)

Is it possible to intercept the process by which NPM reads package.json so I can do some processing on it? I have some stuff I would like to try out with that, if it's possible. What I would like is to intercept commands like

$ npm run start

so I get the chance to do some processing on package.json before NPM sees the results.

On my system README files are ignored unless they are capitalized. For instance, when installing jade via npm:

npm WARN package.json [email protected] No README.md file found!

Jade's readme file is called Readme.md. As far as I can tell, the glob at read-json.js:231 should match this, but it doesn't. I'm not sure whether this is a bug in node-glob or in read-package-json.

(NPM version v1.1.16, read-package-json v0.1.5.)

The functionality of this package has been moved to @npmcli/package-json as part of npm/package-json#32. We should consider deprecating and archiving this package after examining its use across the rest of our packages and the ecosystem.

Also any open issues and PRs should be triaged and moved to the other repo if appropriate.

Implement same logic as read-package-json-fast.

I'm moving this from npm/npm#4585 to here because I think the issue might be within read-package-json.

NOTE: The readme is showing up right now on this package do to the globOpts.sync hack I describe below.

I have an NPM package (gulp-cdnizer) that I'm working on. If I don't manually include the readme property in my package.json, then I get "ERROR: No README data found!" for the readme data.

I'm not doing anything funny with the .npmignore, and I don't actually understand how this is supposed to work. I've manually updated the readme on the previous packages I've published, but in researching this, I realized I shouldn't have to do this.

Hopefully you can help.

versions:

node: 0.10.25
npm:  1.3.25
read-package-json: 1.1.6

What / Why

I 'm using the read-installed package with locked version 4.0.3, but read-installed itself don't has an package-lock.json(in version 4.0.3) and use read-package-json: ^2.0.0.

read-package-json version 2.1.1 add dep package npm-normalize-package-bin, there are object destructring syntax in it, which not supported by Node 4.x by default.

So my CI failed on Node 4.x due to the deps chain:

MyAppliation -> read-installed 4.0.3(locked) -> read-package-json ^2.0.0(no lock)

read-package-json 2.1.0 -> OK
read-package-json 2.1.1 -> npm-normalize-package-bin 1.0.0(locked) -> Fail

Question

Is this breaking change expected?

Can we make it 3.0.0?

Hello!

I hope you are doing well!

We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.

Can you enable it, so that we can report it?

Thanks in advance!

PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

From: https://github.com/isaacs/read-package-json/blob/master/read-json.js#L217

Discovered on nodejitsu where the user had no README.md

Currently having a look on #28

When I run npm i ./foo to test normalize-package-data which can handle the scripts-property and is logging them, it turns out that the log function from package.json gets changed from addLocalDirectory before npm-log can log the log message.

Hi! I'm having an issue where the readJson method is not properly getting the right file path to my package.json. I have the following code:

const readJson = require('read-package-json');
const Promise = require('bluebird');

const readJSON = Promise.promisify(readJson);

readJSON('./package.json', console.error, true)
    .then(response => {
        console.log(response);
    }); 

While the code above works and returns my package.json as an object, the problem is that the actual file path to my package.json is in ('../package.json'). Additionally, I've also tried running this without promises. I'm not sure if this is something that you have built in, but it seemed strange that this method would work for the incorrect file path but then not work for the correct one. Let me know!

I have a description field but this is showing up instead:
dnode-protocol ==============

http://search.npmjs.org/#/dnode-protocol

In my setup:

• package.json has "gypfile": false
• .npmignore has *.gyp in place

However when publishing, these lines https://github.com/npm/read-package-json/blob/master/read-json.js#L140-L153 will force gypfile to true and force-add an install script. This makes the project impossible to install.

The gyp file is present because it's a chromium project and I cannot remove it from the repo, but since i've blacklisted it in both the manifest and npmignore, i'd like to avoid this bit.

proposal: If data.gypfile is defined and false, can we honor that setting?

As discussed, I put data-normalization code that I had extracted from read-package-json into a new module, now published as normalize-package-data. I updated my fork of read-package-json to use this new module. It now passes all tests (although README warning had to be adjusted slightly).

I don't think it's ready for pull yet, because I'm not fully convinced that functionality is totally equivalent (or better).

https://github.com/meryn/read-package-json

See https://npmjs.org/package/normalize-package-data .

What / Why

Try to run this package.json through read-package-json: https://github.com/browserify/resolve/blob/main/test/resolver/invalid_main/package.json

It crashes, with TypeError [ERR_INVALID_ARG_TYPE]: The "path" argument must be of type string. Received an instance of Array on the dirname call here.

To be clear, node crashes with the same error when trying to require this package fixture - but perhaps read-package-json should handle it a bit more gracefully?

In particular, it's not calling cb with an error - it's just throwing an uncaught error to the ether.

Hi there!

I thought I'd try my hand at doing some node stuff, and wanted to take a look at emitting a warn if the license parameter of the package.json is valid, as per the docs. I found an SPDX package already, so I'm now just working at it to see if I can get it to work.

Is this something that would be of interest? I realise modifying such a fundamental part of npm is maybe not the ideal thing for a beginner to do, but I figured it was quite small and self contained, so let me know.

Thanks, and thanks for the hard work on npm itself. It's very appreciated!

EDIT: I've heard on the nodeup podcast that SPDX validity checking happens elsewhere in npm 3, which I've not found, so I'll close this as handled elsewhere.

Using OSX. [email protected] [email protected]

$ npm t

> [email protected] test /Users/simen/Development/read-package-json
> standard && tap test/*.js

ok test/basic.js ...................................... 15/15
not ok test/bin.js ...................................... 2/7
    Command: "/Users/simen/.nvm/versions/node/v0.12.2/bin/node bin.js"
    TAP version 13
    not ok 1 should be equal
      ---
        file:   /Users/simen/Development/read-package-json/read-json.js
        line:   318
        column: 20
        stack:
          - |
            getCaller (/Users/simen/Development/read-package-json/node_modules/tap/lib/tap-assert.js:439:17)
          - |
            assert (/Users/simen/Development/read-package-json/node_modules/tap/lib/tap-assert.js:21:16)
          - |
            Function.equal (/Users/simen/Development/read-package-json/node_modules/tap/lib/tap-assert.js:163:10)
          - |
            Test._testAssert (/Users/simen/Development/read-package-json/node_modules/tap/lib/tap-test.js:87:16)
          - |
            /Users/simen/Development/read-package-json/test/bin.js:19:7
          - |
            /Users/simen/Development/read-package-json/read-json.js:345:5
          - |
            handleExists (/Users/simen/Development/read-package-json/read-json.js:318:20)
          - |
            FSReqWrap.cb [as oncomplete] (evalmachine.<anonymous>:226:19)
        found:  1
        wanted: 0
      ...
    ok 2 should be equivalent
    not ok 3 should be equal
      ---
        file:   /Users/simen/Development/read-package-json/read-json.js
        line:   318
        column: 20
        stack:
          - |
            getCaller (/Users/simen/Development/read-package-json/node_modules/tap/lib/tap-assert.js:439:17)
          - |
            assert (/Users/simen/Development/read-package-json/node_modules/tap/lib/tap-assert.js:21:16)
          - |
            Function.equal (/Users/simen/Development/read-package-json/node_modules/tap/lib/tap-assert.js:163:10)
          - |
            Test._testAssert (/Users/simen/Development/read-package-json/node_modules/tap/lib/tap-test.js:87:16)
          - |
            /Users/simen/Development/read-package-json/test/bin.js:29:7
          - |
            /Users/simen/Development/read-package-json/read-json.js:345:5
          - |
            handleExists (/Users/simen/Development/read-package-json/read-json.js:318:20)
          - |
            FSReqWrap.cb [as oncomplete] (evalmachine.<anonymous>:226:19)
        found:  2
        wanted: 1
      ...
    not ok 4 should be equal
      ---
        file:   /Users/simen/Development/read-package-json/read-json.js
        line:   318
        column: 20
        stack:
          - |
            getCaller (/Users/simen/Development/read-package-json/node_modules/tap/lib/tap-assert.js:439:17)
          - |
            assert (/Users/simen/Development/read-package-json/node_modules/tap/lib/tap-assert.js:21:16)
          - |
            Function.equal (/Users/simen/Development/read-package-json/node_modules/tap/lib/tap-assert.js:163:10)
          - |
            Test._testAssert (/Users/simen/Development/read-package-json/node_modules/tap/lib/tap-test.js:87:16)
          - |
            /Users/simen/Development/read-package-json/test/bin.js:30:7
          - |
            /Users/simen/Development/read-package-json/read-json.js:345:5
          - |
            handleExists (/Users/simen/Development/read-package-json/read-json.js:318:20)
          - |
            FSReqWrap.cb [as oncomplete] (evalmachine.<anonymous>:226:19)
        found:  No license field.
        wanted: No bin file found at ./bin/typo
        diff:   |
          FOUND:  No license field.
          WANTED: No bin file found at ./bin/typo
                     ^ (at position = 3)
      ...
    not ok 5 should be equal
      ---
        file:   /Users/simen/Development/read-package-json/read-json.js
        line:   313
        column: 25
        stack:
          - |
            getCaller (/Users/simen/Development/read-package-json/node_modules/tap/lib/tap-assert.js:439:17)
          - |
            assert (/Users/simen/Development/read-package-json/node_modules/tap/lib/tap-assert.js:21:16)
          - |
            Function.equal (/Users/simen/Development/read-package-json/node_modules/tap/lib/tap-assert.js:163:10)
          - |
            Test._testAssert (/Users/simen/Development/read-package-json/node_modules/tap/lib/tap-test.js:87:16)
          - |
            /Users/simen/Development/read-package-json/test/bin.js:39:7
          - |
            /Users/simen/Development/read-package-json/read-json.js:345:5
          - |
            checkBinReferences_ (/Users/simen/Development/read-package-json/read-json.js:313:25)
          - |
            final (/Users/simen/Development/read-package-json/read-json.js:343:3)
          - |
            then (/Users/simen/Development/read-package-json/read-json.js:113:5)
          - |
            /Users/simen/Development/read-package-json/read-json.js:284:20
        found:  1
        wanted: 0
      ...
    ok 6 no mapping to bin because object was empty
    not ok 7 test/bin.js
      ---
        exit:    1
        command: "/Users/simen/.nvm/versions/node/v0.12.2/bin/node bin.js"
      ...

    1..7
    # tests 7
    # pass  2
    # fail  5

ok test/bom.js .......................................... 2/2
ok test/helpful.js ...................................... 3/3
ok test/non-json.js ..................................... 3/3
ok test/readmes.js ...................................... 3/3
total ................................................. 28/33

not ok
npm ERR! Test failed.  See above for more details.

I tried to do npm test in one of my packages and got

TypeError: Cannot call method 'replace' of undefined
npm ERR!     at /usr/local/lib/node_modules/npm/node_modules/read-package-json/read-json.js:333:45

npm-debug.log:

0 info it worked if it ends with ok
1 verbose cli [ 'node', '/usr/bin/npm', 'test' ]
2 info using [email protected]
3 info using [email protected]
4 verbose node symlink /usr/bin/node
5 verbose read json /Users/medikoo/Projects/_packages/signaldb/package.json
6 error TypeError: Cannot call method 'replace' of undefined
6 error     at /usr/local/lib/node_modules/npm/node_modules/read-package-json/read-json.js:333:45
6 error     at fs.js:117:20
6 error     at /usr/local/lib/node_modules/npm/node_modules/graceful-fs/graceful-fs.js:53:5
6 error     at /usr/local/lib/node_modules/npm/node_modules/graceful-fs/graceful-fs.js:62:5
6 error     at Object.oncomplete (fs.js:297:15)
7 error If you need help, you may report this log at:
7 error     <http://github.com/isaacs/npm/issues>
7 error or email it to:
7 error     <[email protected]>
8 error System Darwin 12.2.0
9 error command "node" "/usr/bin/npm" "test"
10 error cwd /Users/medikoo/Projects/_packages/signaldb
11 error node -v v0.8.16
12 error npm -v 1.1.69
13 error type non_object_property_call
14 verbose exit [ 1, true ]

After digging a bit I found that it blindly assumes that file .git/refs/heads/master exists in .git folder, while in this case it isn't.

I'm not sure about reasoning of reading git configuration so I decided not to try to fix it myself :)

I get an error when I run npm install over a repository that has uncommited git changes.

Error is as follows -

TypeError: Cannot call method 'replace' of undefined
at C:\Program Files\nodejs\node_modules\npm\node_modules\read-package-json\read-json.js:333:45
at fs.js:117:20
at C:\Program Files\nodejs\node_modules\npm\node_modules\graceful-fs\graceful-fs.js:53:5
at C:\Program Files\nodejs\node_modules\npm\node_modules\graceful-fs\graceful-fs.js:62:5
at Object.oncomplete (fs.js:297:15)
If you need help, you may report this log at:
http://github.com/isaacs/npm/issues
or email it to:
[email protected]
System Windows_NT 6.1.7601
command "C:\Program Files\nodejs\node.exe" "C:\Program Files\nodejs\node_modules\npm\bin\npm-cli.js"
"
cwd C:\nodeexpressapp\quo
node -v v0.8.16
npm -v 1.1.69
type non_object_property_call
Additional logging details can be found in:
C:\nodeexpressapp\quo\npm-debug.log
not ok code 0

If I run npm install after git commit it works just fine.

When trying to determine what's broken from one npm version to another, or from an npm version to a projects repo, "good actors" generally tag their repos with $npm_publish_version. Not everyone does though, and so determining what's different is time consuming, at best. It seems like a nice feature to be able to (when possible, obviously it's not always possible), to grab the latest git commit line from where npm publish is run from, and put that into the uploaded bundle.

Commit 839b56e uses an arrow function, which breaks on Node 0.10 and 0.12. That means it should've been semver-major, but wasn't.

I would suggest reverting this commit, publishing a patch release, unreverting, then publishing 3.0.0.

Shouldn't the line #138 if (s.match(spre)) better check the type of the value of the key if (s.match && s.match(spre))? Tnx!

Change test/bom.js for test:

{
    "name": "this",
    "description": "file",
    "author": "has <filename>",
    "version" : "0.0.1",
    "scripts": {
        "blanket": {
            "pattern": "."
        }
    }
}

Issue: npm/npm#4468 (comment)