1package npmpackage
2
3import (
4 "strings"
5 "net"
6 "list"
7 "cue.dev/x/npmjs/eslint"
8 "cue.dev/x/npmjs/prettier"
9 "cue.dev/x/npmjs/stylelint"
10 "cue.dev/x/npmjs/ava"
11 "cue.dev/x/semanticrelease"
12 "cue.dev/x/npmjs/jscpd"
13)
14
15// JSON schema for NPM package.json files
16#Schema: {
17 @jsonschema(schema="http://json-schema.org/draft-07/schema#")
18 _schema
19 _schema: {
20 @jsonschema(id="https://json.schemastore.org/package.json")
21 matchN(>=1, [matchN(0, [null | bool | number | string | [...] | {
22 "bundledDependencies"!: _
23 "bundleDependencies"!: _
24 ...
25 }]) & {
26 ...
27 }, matchN(0, [null | bool | number | string | [...] | {
28 "bundleDependencies"!: _
29 ...
30 }]) & {
31 "bundledDependencies"!: _
32 ...
33 }, matchN(0, [null | bool | number | string | [...] | {
34 "bundledDependencies"!: _
35 ...
36 }]) & {
37 "bundleDependencies"!: _
38 ...
39 }]) & {
40 // The name of the package.
41 "name"?: strings.MaxRunes(214) & strings.MinRunes(1) & =~"^(?:(?:@(?:[a-z0-9-*~][a-z0-9-*._~]*)?/[a-z0-9-._~])|[a-z0-9-~])[a-z0-9-._~]*$"
42
43 // Version must be parsable by node-semver, which is bundled with
44 // npm as a dependency.
45 "version"?: string
46
47 // This helps people discover your package, as it's listed in 'npm
48 // search'.
49 "description"?: string
50
51 // This helps people discover your package as it's listed in 'npm
52 // search'.
53 "keywords"?: [...string]
54
55 // The url to the project homepage.
56 "homepage"?: string
57
58 // The url to your project's issue tracker and / or the email
59 // address to which issues should be reported. These are helpful
60 // for people who encounter issues with your package.
61 "bugs"?: string | {
62 // The url to your project's issue tracker.
63 "url"?: net.AbsURL
64
65 // The email address to which issues should be reported.
66 "email"?: string
67 ...
68 }
69 "license"?: #license
70
71 // DEPRECATED: Instead, use SPDX expressions, like this: {
72 // "license": "ISC" } or { "license": "(MIT OR Apache-2.0)" }
73 // see: 'https://docs.npmjs.com/files/package.json#license'.
74 "licenses"?: [...{
75 "type"?: #license
76 "url"?: net.AbsURL
77 ...
78 }]
79 "author"?: #person
80
81 // A list of people who contributed to this package.
82 "contributors"?: [...#person]
83
84 // A list of people who maintains this package.
85 "maintainers"?: [...#person]
86
87 // The 'files' field is an array of files to include in your
88 // project. If you name a folder in the array, then it will also
89 // include the files inside that folder.
90 "files"?: [...string]
91
92 // The main field is a module ID that is the primary entry point
93 // to your program.
94 "main"?: string
95
96 // The "exports" field is used to restrict external access to
97 // non-exported module files, also enables a module to import
98 // itself using "name".
99 "exports"?: matchN(1, [#packageExportsEntryPath, close({
100 "."?: #packageExportsEntryOrFallback
101
102 {[=~"^\\./.+" & !~"^(\\.)$"]: #packageExportsEntryOrFallback}
103 }), #packageExportsEntryObject, #packageExportsFallback])
104
105 // The "imports" field is used to create private mappings that
106 // only apply to import specifiers from within the package
107 // itself.
108 "imports"?: close({
109 {[=~"^#.+$"]: #packageImportsEntryOrFallback}
110 })
111 "bin"?: string | {
112 [string]: string
113 }
114
115 // When set to "module", the type field allows a package to
116 // specify all .js files within are ES modules. If the "type"
117 // field is omitted or set to "commonjs", all .js files are
118 // treated as CommonJS.
119 "type"?: "commonjs" | "module"
120
121 // Set the types property to point to your bundled declaration
122 // file.
123 "types"?: string
124
125 // Note that the "typings" field is synonymous with "types", and
126 // could be used as well.
127 "typings"?: string
128
129 // The "typesVersions" field is used since TypeScript 3.1 to
130 // support features that were only made available in newer
131 // TypeScript versions.
132 "typesVersions"?: {
133 [string]: close({
134 // Maps all file paths to the file paths specified in the array.
135 "*"?: [...=~"^[^*]*(?:\\*[^*]*)?$"]
136
137 {[=~"^[^*]+$" & !~"^(\\*)$"]: [...string]}
138
139 {[=~"^[^*]*\\*[^*]*$" & !~"^(\\*)$"]: [...=~"^[^*]*(?:\\*[^*]*)?$"]}
140 })
141 }
142
143 // Specify either a single file or an array of filenames to put in
144 // place for the man program to find.
145 "man"?: string | [...string]
146 "directories"?: {
147 // If you specify a 'bin' directory, then all the files in that
148 // folder will be used as the 'bin' hash.
149 "bin"?: string
150
151 // Put markdown files in here. Eventually, these will be displayed
152 // nicely, maybe, someday.
153 "doc"?: string
154
155 // Put example scripts in here. Someday, it might be exposed in
156 // some clever way.
157 "example"?: string
158
159 // Tell people where the bulk of your library is. Nothing special
160 // is done with the lib folder in any way, but it's useful meta
161 // info.
162 "lib"?: string
163
164 // A folder that is full of man pages. Sugar to generate a 'man'
165 // array by walking the folder.
166 "man"?: string
167 "test"?: string
168 ...
169 }
170
171 // Specify the place where your code lives. This is helpful for
172 // people who want to contribute.
173 "repository"?: string | {
174 "type"?: string
175 "url"?: string
176 "directory"?: string
177 ...
178 }
179 "funding"?: matchN(1, [#fundingUrl, #fundingWay, list.UniqueItems() & [...matchN(1, [#fundingUrl, #fundingWay])] & [_, ...]])
180
181 // The 'scripts' member is an object hash of script commands that
182 // are run at various times in the lifecycle of your package. The
183 // key is the lifecycle event, and the value is the command to
184 // run at that point.
185 "scripts"?: {
186 // Run code quality tools, e.g. ESLint, TSLint, etc.
187 "lint"?: string
188
189 // Run BEFORE the package is published (Also run on local npm
190 // install without any arguments).
191 "prepublish"?: string
192
193 // Runs BEFORE the package is packed, i.e. during "npm publish"
194 // and "npm pack", and on local "npm install" without any
195 // arguments. This is run AFTER "prepublish", but BEFORE
196 // "prepublishOnly".
197 "prepare"?: string
198
199 // Run BEFORE the package is prepared and packed, ONLY on npm
200 // publish.
201 "prepublishOnly"?: string
202
203 // run BEFORE a tarball is packed (on npm pack, npm publish, and
204 // when installing git dependencies).
205 "prepack"?: string
206
207 // Run AFTER the tarball has been generated and moved to its final
208 // destination.
209 "postpack"?: string
210
211 // Publishes a package to the registry so that it can be installed
212 // by name. See
213 // https://docs.npmjs.com/cli/v8/commands/npm-publish
214 "publish"?: string
215 "postpublish"?: #scriptsPublishAfter
216
217 // Run BEFORE the package is installed.
218 "preinstall"?: string
219 "install"?: #scriptsInstallAfter
220 "postinstall"?: #scriptsInstallAfter
221 "preuninstall"?: #scriptsUninstallBefore
222 "uninstall"?: #scriptsUninstallBefore
223
224 // Run AFTER the package is uninstalled.
225 "postuninstall"?: string
226 "preversion"?: #scriptsVersionBefore
227 "version"?: #scriptsVersionBefore
228
229 // Run AFTER bump the package version.
230 "postversion"?: string
231 "pretest"?: #scriptsTest
232 "test"?: #scriptsTest
233 "posttest"?: #scriptsTest
234 "prestop"?: #scriptsStop
235 "stop"?: #scriptsStop
236 "poststop"?: #scriptsStop
237 "prestart"?: #scriptsStart
238 "start"?: #scriptsStart
239 "poststart"?: #scriptsStart
240 "prerestart"?: #scriptsRestart
241 "restart"?: #scriptsRestart
242 "postrestart"?: #scriptsRestart
243
244 // Start dev server to serve application files
245 "serve"?: string
246 {[!~"^(lint|prepublish|prepare|prepublishOnly|prepack|postpack|publish|postpublish|preinstall|install|postinstall|preuninstall|uninstall|postuninstall|preversion|version|postversion|pretest|test|posttest|prestop|stop|poststop|prestart|start|poststart|prerestart|restart|postrestart|serve)$"]: string}
247 }
248
249 // A 'config' hash can be used to set configuration parameters
250 // used in package scripts that persist across upgrades.
251 "config"?: {
252 ...
253 }
254 "dependencies"?: #dependency
255 "devDependencies"?: #devDependency
256 "optionalDependencies"?: #optionalDependency
257 "peerDependencies"?: #peerDependency
258 "peerDependenciesMeta"?: #peerDependencyMeta
259
260 // Array of package names that will be bundled when publishing the
261 // package.
262 "bundleDependencies"?: matchN(1, [[...string], bool])
263
264 // DEPRECATED: This field is honored, but "bundleDependencies" is
265 // the correct field name.
266 "bundledDependencies"?: matchN(1, [[...string], bool])
267
268 // Resolutions is used to support selective version resolutions
269 // using yarn, which lets you define custom package versions or
270 // ranges inside your dependencies. For npm, use overrides
271 // instead. See:
272 // https://yarnpkg.com/configuration/manifest#resolutions
273 "resolutions"?: {
274 ...
275 }
276
277 // Overrides is used to support selective version overrides using
278 // npm, which lets you define custom package versions or ranges
279 // inside your dependencies. For yarn, use resolutions instead.
280 // See:
281 // https://docs.npmjs.com/cli/v9/configuring-npm/package-json#overrides
282 "overrides"?: {
283 ...
284 }
285
286 // Defines which package manager is expected to be used when
287 // working on the current project. This field is currently
288 // experimental and needs to be opted-in; see
289 // https://nodejs.org/api/corepack.html
290 "packageManager"?: =~"(npm|pnpm|yarn|bun)@\\d+\\.\\d+\\.\\d+(-.+)?"
291 "engines"?: {
292 "node"?: string
293 {[!~"^(node)$"]: string}
294 }
295
296 // Defines which tools and versions are expected to be used when
297 // Volta is installed.
298 "volta"?: {
299 // The value of that entry should be a path to another JSON file
300 // which also has a "volta" section
301 "extends"?: string
302
303 {[=~"(node|npm|pnpm|yarn)" & !~"^(extends)$"]: string}
304 ...
305 }
306 "engineStrict"?: bool
307
308 // Specify which operating systems your module will run on.
309 "os"?: [...string]
310
311 // Specify that your code only runs on certain cpu architectures.
312 "cpu"?: [...string]
313
314 // Define the runtime and package manager for developing the
315 // current project.
316 "devEngines"?: {
317 // Specifies which operating systems are supported for development
318 "os"?: matchN(1, [#devEngineDependency, [...#devEngineDependency]])
319
320 // Specifies which CPU architectures are supported for development
321 "cpu"?: matchN(1, [#devEngineDependency, [...#devEngineDependency]])
322
323 // Specifies which C standard libraries are supported for
324 // development
325 "libc"?: matchN(1, [#devEngineDependency, [...#devEngineDependency]])
326
327 // Specifies which JavaScript runtimes (like Node.js, Deno, Bun)
328 // are supported for development. Values should use WinterCG
329 // Runtime Keys (see https://runtime-keys.proposal.wintercg.org/)
330 "runtime"?: matchN(1, [#devEngineDependency, [...#devEngineDependency]])
331
332 // Specifies which package managers are supported for development
333 "packageManager"?: matchN(1, [#devEngineDependency, [...#devEngineDependency]])
334 ...
335 }
336
337 // DEPRECATED: This option used to trigger an npm warning, but it
338 // will no longer warn. It is purely there for informational
339 // purposes. It is now recommended that you install any binaries
340 // as local devDependencies wherever possible.
341 "preferGlobal"?: bool
342
343 // If set to true, then npm will refuse to publish it.
344 "private"?: matchN(1, [bool, "false" | "true"])
345 "publishConfig"?: {
346 "access"?: "public" | "restricted"
347 "tag"?: string
348 "registry"?: net.AbsURL
349 "provenance"?: bool
350 ...
351 }
352 "dist"?: {
353 "shasum"?: string
354 "tarball"?: string
355 ...
356 }
357 "readme"?: string
358
359 // An ECMAScript module ID that is the primary entry point to your
360 // program.
361 "module"?: string
362
363 // A module ID with untranspiled code that is the primary entry
364 // point to your program.
365 "esnext"?: string | {
366 "main"?: string
367 "browser"?: string
368 {[!~"^(main|browser)$"]: string}
369 }
370
371 // Allows packages within a directory to depend on one another
372 // using direct linking of local files. Additionally,
373 // dependencies within a workspace are hoisted to the workspace
374 // root when possible to reduce duplication. Note: It's also a
375 // good idea to set "private" to true when using this feature.
376 "workspaces"?: matchN(>=1, [[...string], {
377 // Workspace package paths. Glob patterns are supported.
378 "packages"?: [...string]
379
380 // Packages to block from hoisting to the workspace root.
381 // Currently only supported in Yarn only.
382 "nohoist"?: [...string]
383 ...
384 }])
385 "jspm"?: _schema
386 "eslintConfig"?: eslint.#Schema
387 "prettier"?: prettier.#Schema
388 "stylelint"?: stylelint.#Schema
389 "ava"?: ava.#Schema
390 "release"?: semanticrelease.#Schema
391 "jscpd"?: jscpd.#Schema
392
393 // Defines pnpm specific configuration.
394 "pnpm"?: close({
395 // Used to override any dependency in the dependency graph.
396 "overrides"?: {
397 ...
398 }
399
400 // Used to extend the existing package definitions with additional
401 // information.
402 "packageExtensions"?: close({
403 {[=~"^.+$"]: close({
404 "dependencies"?: #dependency, "optionalDependencies"?: #optionalDependency, "peerDependencies"?: #peerDependency, "peerDependenciesMeta"?: #peerDependencyMeta
405 })
406 }
407 })
408 "peerDependencyRules"?: close({
409 // pnpm will not print warnings about missing peer dependencies
410 // from this list.
411 "ignoreMissing"?: [...string]
412
413 // Unmet peer dependency warnings will not be printed for peer
414 // dependencies of the specified range.
415 "allowedVersions"?: {
416 ...
417 }
418
419 // Any peer dependency matching the pattern will be resolved from
420 // any version, regardless of the range specified in
421 // "peerDependencies".
422 "allowAny"?: [...string]
423 })
424
425 // A list of dependencies to run builds for.
426 "neverBuiltDependencies"?: [...string]
427
428 // A list of package names that are allowed to be executed during
429 // installation.
430 "onlyBuiltDependencies"?: [...string]
431
432 // Specifies a JSON file that lists the only packages permitted to
433 // run installation scripts during the pnpm install process.
434 "onlyBuiltDependenciesFile"?: string
435
436 // A list of package names that should not be built during
437 // installation.
438 "ignoredBuiltDependencies"?: [...string]
439
440 // A list of deprecated versions that the warnings are suppressed.
441 "allowedDeprecatedVersions"?: {
442 ...
443 }
444
445 // A list of dependencies that are patched.
446 "patchedDependencies"?: {
447 ...
448 }
449
450 // When true, installation won't fail if some of the patches from
451 // the "patchedDependencies" field were not applied.
452 "allowNonAppliedPatches"?: bool
453
454 // When true, installation won't fail if some of the patches from
455 // the "patchedDependencies" field were not applied.
456 "allowUnusedPatches"?: bool
457 "updateConfig"?: close({
458 // A list of packages that should be ignored when running "pnpm
459 // outdated" or "pnpm update --latest".
460 "ignoreDependencies"?: [...string]
461 })
462
463 // Configurational dependencies are installed before all the other
464 // types of dependencies (before 'dependencies',
465 // 'devDependencies', 'optionalDependencies').
466 "configDependencies"?: {
467 ...
468 }
469 "auditConfig"?: close({
470 // A list of CVE IDs that will be ignored by "pnpm audit".
471 "ignoreCves"?: [...=~"^CVE-\\d{4}-\\d{4,7}$"]
472
473 // A list of GHSA Codes that will be ignored by "pnpm audit".
474 "ignoreGhsas"?: [...=~"^GHSA(-[23456789cfghjmpqrvwx]{4}){3}$"]
475 })
476
477 // A list of scripts that must exist in each project.
478 "requiredScripts"?: [...string]
479
480 // Specifies architectures for which you'd like to install
481 // optional dependencies, even if they don't match the
482 // architecture of the system running the install.
483 "supportedArchitectures"?: close({
484 "os"?: [...string]
485 "cpu"?: [...string]
486 "libc"?: [...string]
487 })
488
489 // A list of optional dependencies that the install should be
490 // skipped.
491 "ignoredOptionalDependencies"?: [...string]
492 "executionEnv"?: close({
493 // Specifies which exact Node.js version should be used for the
494 // project's runtime.
495 "nodeVersion"?: string
496 })
497 })
498
499 // Defines the StackBlitz configuration for the project.
500 "stackblitz"?: close({
501 // StackBlitz automatically installs npm dependencies when opening
502 // a project.
503 "installDependencies"?: bool
504
505 // A terminal command to be executed when opening the project,
506 // after installing npm dependencies.
507 "startCommand"?: bool | string
508
509 // The compileTrigger option controls how file changes in the
510 // editor are written to the WebContainers in-memory filesystem.
511 "compileTrigger"?: "auto" | "keystroke" | "save"
512
513 // A map of default environment variables that will be set in each
514 // top-level shell process.
515 "env"?: {
516 ...
517 }
518 })
519
520 {[=~"^_" & !~"^(name|version|description|keywords|homepage|bugs|license|licenses|author|contributors|maintainers|files|main|exports|imports|bin|type|types|typings|typesVersions|man|directories|repository|funding|scripts|config|dependencies|devDependencies|optionalDependencies|peerDependencies|peerDependenciesMeta|bundleDependencies|bundledDependencies|resolutions|overrides|packageManager|engines|volta|engineStrict|os|cpu|devEngines|preferGlobal|private|publishConfig|dist|readme|module|esnext|workspaces|jspm|eslintConfig|prettier|stylelint|ava|release|jscpd|pnpm|stackblitz)$"]: _}
521 ...
522 }
523
524 // Dependencies are specified with a simple hash of package name
525 // to version range. The version range is a string which has one
526 // or more space-separated descriptors. Dependencies can also be
527 // identified with a tarball or git URL.
528 #dependency: [string]: string
529
530 // Specifies dependencies that are required for the development
531 // and testing of the project. These dependencies are not needed
532 // in the production environment.
533 #devDependency: [string]: string
534
535 // Specifies requirements for development environment components
536 // such as operating systems, runtimes, or package managers. Used
537 // to ensure consistent development environments across the team.
538 #devEngineDependency: {
539 // The name of the dependency, with allowed values depending on
540 // the parent field
541 "name"!: string
542
543 // The version range for the dependency
544 "version"?: string
545
546 // What action to take if validation fails
547 "onFail"?: "ignore" | "warn" | "error" | "download"
548 ...
549 }
550
551 // URL to a website with details about how to fund the package.
552 #fundingUrl: net.AbsURL
553
554 // Used to inform about ways to help fund development of the
555 // package.
556 #fundingWay: close({
557 "url"!: #fundingUrl
558
559 // The type of funding or the platform through which funding can
560 // be provided, e.g. patreon, opencollective, tidelift or github.
561 "type"?: string
562 })
563
564 #license: matchN(>=1, [string, "AGPL-3.0-only" | "Apache-2.0" | "BSD-2-Clause" | "BSD-3-Clause" | "BSL-1.0" | "CC0-1.0" | "CDDL-1.0" | "CDDL-1.1" | "EPL-1.0" | "EPL-2.0" | "GPL-2.0-only" | "GPL-3.0-only" | "ISC" | "LGPL-2.0-only" | "LGPL-2.1-only" | "LGPL-2.1-or-later" | "LGPL-3.0-only" | "LGPL-3.0-or-later" | "MIT" | "MPL-2.0" | "MS-PL" | "UNLICENSED"])
565
566 // Specifies dependencies that are optional for your project.
567 // These dependencies are attempted to be installed during the
568 // npm install process, but if they fail to install, the
569 // installation process will not fail.
570 #optionalDependency: [string]: string
571
572 #packageExportsEntry: matchN(1, [#packageExportsEntryPath, #packageExportsEntryObject])
573
574 // Used to specify conditional exports, note that Conditional
575 // exports are unsupported in older environments, so it's
576 // recommended to use the fallback array option if support for
577 // those environments is a concern.
578 #packageExportsEntryObject: close({
579 "require"?: #packageExportsEntryOrFallback
580 "import"?: #packageExportsEntryOrFallback
581 "module-sync"?: #packageExportsEntryOrFallback
582 "node"?: #packageExportsEntryOrFallback
583 "default"?: #packageExportsEntryOrFallback
584 "types"?: #packageExportsEntryOrFallback
585
586 {[=~"^[^.0-9]+$" & !~"^(require|import|module-sync|node|default|types)$"]: #packageExportsEntryOrFallback}
587
588 {[=~"^types@.+$" & !~"^(require|import|module-sync|node|default|types)$"]: #packageExportsEntryOrFallback}
589 })
590
591 #packageExportsEntryOrFallback: matchN(1, [#packageExportsEntry, #packageExportsFallback])
592
593 // The module path that is resolved when this specifier is
594 // imported. Set to `null` to disallow importing this module.
595 #packageExportsEntryPath: null | =~"^\\./"
596
597 // Used to allow fallbacks in case this environment doesn't
598 // support the preceding entries.
599 #packageExportsFallback: [...#packageExportsEntry]
600
601 #packageImportsEntry: matchN(1, [#packageImportsEntryPath, #packageImportsEntryObject])
602
603 // Used to specify conditional exports, note that Conditional
604 // exports are unsupported in older environments, so it's
605 // recommended to use the fallback array option if support for
606 // those environments is a concern.
607 #packageImportsEntryObject: close({
608 "require"?: #packageImportsEntryOrFallback
609 "import"?: #packageImportsEntryOrFallback
610 "node"?: #packageImportsEntryOrFallback
611 "default"?: #packageImportsEntryOrFallback
612 "types"?: #packageImportsEntryOrFallback
613
614 {[=~"^[^.0-9]+$" & !~"^(require|import|node|default|types)$"]: #packageImportsEntryOrFallback}
615
616 {[=~"^types@.+$" & !~"^(require|import|node|default|types)$"]: #packageImportsEntryOrFallback}
617 })
618
619 #packageImportsEntryOrFallback: matchN(1, [#packageImportsEntry, #packageImportsFallback])
620
621 // The module path that is resolved when this specifier is
622 // imported. Set to `null` to disallow importing this module.
623 #packageImportsEntryPath: null | string
624
625 // Used to allow fallbacks in case this environment doesn't
626 // support the preceding entries.
627 #packageImportsFallback: [...#packageImportsEntry]
628
629 // Specifies dependencies that are required by the package but are
630 // expected to be provided by the consumer of the package.
631 #peerDependency: [string]: string
632
633 // When a user installs your package, warnings are emitted if
634 // packages specified in "peerDependencies" are not already
635 // installed. The "peerDependenciesMeta" field serves to provide
636 // more information on how your peer dependencies are utilized.
637 // Most commonly, it allows peer dependencies to be marked as
638 // optional. Metadata for this field is specified with a simple
639 // hash of the package name to a metadata object.
640 #peerDependencyMeta: [string]: {
641 // Specifies that this peer dependency is optional and should not
642 // be installed automatically.
643 "optional"?: bool
644 ...
645 }
646
647 // A person who has been involved in creating or maintaining this
648 // package.
649 #person: string | {
650 "name"!: string
651 "url"?: net.AbsURL
652 "email"?: string
653 ...
654 }
655
656 // Run AFTER the package is installed.
657 #scriptsInstallAfter: string
658
659 // Run AFTER the package is published.
660 #scriptsPublishAfter: string
661
662 // Run by the 'npm restart' command. Note: 'npm restart' will run
663 // the stop and start scripts if no restart script is provided.
664 #scriptsRestart: string
665
666 // Run by the 'npm start' command.
667 #scriptsStart: string
668
669 // Run by the 'npm stop' command.
670 #scriptsStop: string
671
672 // Run by the 'npm test' command.
673 #scriptsTest: string
674
675 // Run BEFORE the package is uninstalled.
676 #scriptsUninstallBefore: string
677
678 // Run BEFORE bump the package version.
679 #scriptsVersionBefore: string
680 }
681}