package npmpackage import ( "strings" "net" "list" "cue.dev/x/npmjs/eslint" "cue.dev/x/npmjs/prettier" "cue.dev/x/npmjs/stylelint" "cue.dev/x/npmjs/ava" "cue.dev/x/semanticrelease" "cue.dev/x/npmjs/jscpd" ) // JSON schema for NPM package.json files #Schema: { @jsonschema(schema="http://json-schema.org/draft-07/schema#") _schema _schema: { @jsonschema(id="https://json.schemastore.org/package.json") matchN(>=1, [matchN(0, [null | bool | number | string | [...] | { "bundledDependencies"!: _ "bundleDependencies"!: _ ... }]) & { ... }, matchN(0, [null | bool | number | string | [...] | { "bundleDependencies"!: _ ... }]) & { "bundledDependencies"!: _ ... }, matchN(0, [null | bool | number | string | [...] | { "bundledDependencies"!: _ ... }]) & { "bundleDependencies"!: _ ... }]) & { // The name of the package. "name"?: strings.MaxRunes(214) & strings.MinRunes(1) & =~"^(?:(?:@(?:[a-z0-9-*~][a-z0-9-*._~]*)?/[a-z0-9-._~])|[a-z0-9-~])[a-z0-9-._~]*$" // Version must be parsable by node-semver, which is bundled with // npm as a dependency. "version"?: string // This helps people discover your package, as it's listed in 'npm // search'. "description"?: string // This helps people discover your package as it's listed in 'npm // search'. "keywords"?: [...string] // The url to the project homepage. "homepage"?: string // The url to your project's issue tracker and / or the email // address to which issues should be reported. These are helpful // for people who encounter issues with your package. "bugs"?: string | { // The url to your project's issue tracker. "url"?: net.AbsURL // The email address to which issues should be reported. "email"?: string ... } "license"?: #license // DEPRECATED: Instead, use SPDX expressions, like this: { // "license": "ISC" } or { "license": "(MIT OR Apache-2.0)" } // see: 'https://docs.npmjs.com/files/package.json#license'. "licenses"?: [...{ "type"?: #license "url"?: net.AbsURL ... }] "author"?: #person // A list of people who contributed to this package. "contributors"?: [...#person] // A list of people who maintains this package. "maintainers"?: [...#person] // The 'files' field is an array of files to include in your // project. If you name a folder in the array, then it will also // include the files inside that folder. "files"?: [...string] // The main field is a module ID that is the primary entry point // to your program. "main"?: string // The "exports" field is used to restrict external access to // non-exported module files, also enables a module to import // itself using "name". "exports"?: matchN(1, [#packageExportsEntryPath, close({ "."?: #packageExportsEntryOrFallback {[=~"^\\./.+" & !~"^(\\.)$"]: #packageExportsEntryOrFallback} }), #packageExportsEntryObject, #packageExportsFallback]) // The "imports" field is used to create private mappings that // only apply to import specifiers from within the package // itself. "imports"?: close({ {[=~"^#.+$"]: #packageImportsEntryOrFallback} }) "bin"?: string | { [string]: string } // When set to "module", the type field allows a package to // specify all .js files within are ES modules. If the "type" // field is omitted or set to "commonjs", all .js files are // treated as CommonJS. "type"?: "commonjs" | "module" // Set the types property to point to your bundled declaration // file. "types"?: string // Note that the "typings" field is synonymous with "types", and // could be used as well. "typings"?: string // The "typesVersions" field is used since TypeScript 3.1 to // support features that were only made available in newer // TypeScript versions. "typesVersions"?: { [string]: close({ // Maps all file paths to the file paths specified in the array. "*"?: [...=~"^[^*]*(?:\\*[^*]*)?$"] {[=~"^[^*]+$" & !~"^(\\*)$"]: [...string]} {[=~"^[^*]*\\*[^*]*$" & !~"^(\\*)$"]: [...=~"^[^*]*(?:\\*[^*]*)?$"]} }) } // Specify either a single file or an array of filenames to put in // place for the man program to find. "man"?: string | [...string] "directories"?: { // If you specify a 'bin' directory, then all the files in that // folder will be used as the 'bin' hash. "bin"?: string // Put markdown files in here. Eventually, these will be displayed // nicely, maybe, someday. "doc"?: string // Put example scripts in here. Someday, it might be exposed in // some clever way. "example"?: string // Tell people where the bulk of your library is. Nothing special // is done with the lib folder in any way, but it's useful meta // info. "lib"?: string // A folder that is full of man pages. Sugar to generate a 'man' // array by walking the folder. "man"?: string "test"?: string ... } // Specify the place where your code lives. This is helpful for // people who want to contribute. "repository"?: string | { "type"?: string "url"?: string "directory"?: string ... } "funding"?: matchN(1, [#fundingUrl, #fundingWay, list.UniqueItems() & [...matchN(1, [#fundingUrl, #fundingWay])] & [_, ...]]) // The 'scripts' member is an object hash of script commands that // are run at various times in the lifecycle of your package. The // key is the lifecycle event, and the value is the command to // run at that point. "scripts"?: { // Run code quality tools, e.g. ESLint, TSLint, etc. "lint"?: string // Run BEFORE the package is published (Also run on local npm // install without any arguments). "prepublish"?: string // Runs BEFORE the package is packed, i.e. during "npm publish" // and "npm pack", and on local "npm install" without any // arguments. This is run AFTER "prepublish", but BEFORE // "prepublishOnly". "prepare"?: string // Run BEFORE the package is prepared and packed, ONLY on npm // publish. "prepublishOnly"?: string // run BEFORE a tarball is packed (on npm pack, npm publish, and // when installing git dependencies). "prepack"?: string // Run AFTER the tarball has been generated and moved to its final // destination. "postpack"?: string // Publishes a package to the registry so that it can be installed // by name. See // https://docs.npmjs.com/cli/v8/commands/npm-publish "publish"?: string "postpublish"?: #scriptsPublishAfter // Run BEFORE the package is installed. "preinstall"?: string "install"?: #scriptsInstallAfter "postinstall"?: #scriptsInstallAfter "preuninstall"?: #scriptsUninstallBefore "uninstall"?: #scriptsUninstallBefore // Run AFTER the package is uninstalled. "postuninstall"?: string "preversion"?: #scriptsVersionBefore "version"?: #scriptsVersionBefore // Run AFTER bump the package version. "postversion"?: string "pretest"?: #scriptsTest "test"?: #scriptsTest "posttest"?: #scriptsTest "prestop"?: #scriptsStop "stop"?: #scriptsStop "poststop"?: #scriptsStop "prestart"?: #scriptsStart "start"?: #scriptsStart "poststart"?: #scriptsStart "prerestart"?: #scriptsRestart "restart"?: #scriptsRestart "postrestart"?: #scriptsRestart // Start dev server to serve application files "serve"?: string {[!~"^(lint|prepublish|prepare|prepublishOnly|prepack|postpack|publish|postpublish|preinstall|install|postinstall|preuninstall|uninstall|postuninstall|preversion|version|postversion|pretest|test|posttest|prestop|stop|poststop|prestart|start|poststart|prerestart|restart|postrestart|serve)$"]: string} } // A 'config' hash can be used to set configuration parameters // used in package scripts that persist across upgrades. "config"?: { ... } "dependencies"?: #dependency "devDependencies"?: #devDependency "optionalDependencies"?: #optionalDependency "peerDependencies"?: #peerDependency "peerDependenciesMeta"?: #peerDependencyMeta // Array of package names that will be bundled when publishing the // package. "bundleDependencies"?: matchN(1, [[...string], bool]) // DEPRECATED: This field is honored, but "bundleDependencies" is // the correct field name. "bundledDependencies"?: matchN(1, [[...string], bool]) // Resolutions is used to support selective version resolutions // using yarn, which lets you define custom package versions or // ranges inside your dependencies. For npm, use overrides // instead. See: // https://yarnpkg.com/configuration/manifest#resolutions "resolutions"?: { ... } // Overrides is used to support selective version overrides using // npm, which lets you define custom package versions or ranges // inside your dependencies. For yarn, use resolutions instead. // See: // https://docs.npmjs.com/cli/v9/configuring-npm/package-json#overrides "overrides"?: { ... } // Defines which package manager is expected to be used when // working on the current project. This field is currently // experimental and needs to be opted-in; see // https://nodejs.org/api/corepack.html "packageManager"?: =~"(npm|pnpm|yarn|bun)@\\d+\\.\\d+\\.\\d+(-.+)?" "engines"?: { "node"?: string {[!~"^(node)$"]: string} } // Defines which tools and versions are expected to be used when // Volta is installed. "volta"?: { // The value of that entry should be a path to another JSON file // which also has a "volta" section "extends"?: string {[=~"(node|npm|pnpm|yarn)" & !~"^(extends)$"]: string} ... } "engineStrict"?: bool // Specify which operating systems your module will run on. "os"?: [...string] // Specify that your code only runs on certain cpu architectures. "cpu"?: [...string] // Define the runtime and package manager for developing the // current project. "devEngines"?: { // Specifies which operating systems are supported for development "os"?: matchN(1, [#devEngineDependency, [...#devEngineDependency]]) // Specifies which CPU architectures are supported for development "cpu"?: matchN(1, [#devEngineDependency, [...#devEngineDependency]]) // Specifies which C standard libraries are supported for // development "libc"?: matchN(1, [#devEngineDependency, [...#devEngineDependency]]) // Specifies which JavaScript runtimes (like Node.js, Deno, Bun) // are supported for development. Values should use WinterCG // Runtime Keys (see https://runtime-keys.proposal.wintercg.org/) "runtime"?: matchN(1, [#devEngineDependency, [...#devEngineDependency]]) // Specifies which package managers are supported for development "packageManager"?: matchN(1, [#devEngineDependency, [...#devEngineDependency]]) ... } // DEPRECATED: This option used to trigger an npm warning, but it // will no longer warn. It is purely there for informational // purposes. It is now recommended that you install any binaries // as local devDependencies wherever possible. "preferGlobal"?: bool // If set to true, then npm will refuse to publish it. "private"?: matchN(1, [bool, "false" | "true"]) "publishConfig"?: { "access"?: "public" | "restricted" "tag"?: string "registry"?: net.AbsURL "provenance"?: bool ... } "dist"?: { "shasum"?: string "tarball"?: string ... } "readme"?: string // An ECMAScript module ID that is the primary entry point to your // program. "module"?: string // A module ID with untranspiled code that is the primary entry // point to your program. "esnext"?: string | { "main"?: string "browser"?: string {[!~"^(main|browser)$"]: string} } // Allows packages within a directory to depend on one another // using direct linking of local files. Additionally, // dependencies within a workspace are hoisted to the workspace // root when possible to reduce duplication. Note: It's also a // good idea to set "private" to true when using this feature. "workspaces"?: matchN(>=1, [[...string], { // Workspace package paths. Glob patterns are supported. "packages"?: [...string] // Packages to block from hoisting to the workspace root. // Currently only supported in Yarn only. "nohoist"?: [...string] ... }]) "jspm"?: _schema "eslintConfig"?: eslint.#Schema "prettier"?: prettier.#Schema "stylelint"?: stylelint.#Schema "ava"?: ava.#Schema "release"?: semanticrelease.#Schema "jscpd"?: jscpd.#Schema // Defines pnpm specific configuration. "pnpm"?: close({ // Used to override any dependency in the dependency graph. "overrides"?: { ... } // Used to extend the existing package definitions with additional // information. "packageExtensions"?: close({ {[=~"^.+$"]: close({ "dependencies"?: #dependency, "optionalDependencies"?: #optionalDependency, "peerDependencies"?: #peerDependency, "peerDependenciesMeta"?: #peerDependencyMeta }) } }) "peerDependencyRules"?: close({ // pnpm will not print warnings about missing peer dependencies // from this list. "ignoreMissing"?: [...string] // Unmet peer dependency warnings will not be printed for peer // dependencies of the specified range. "allowedVersions"?: { ... } // Any peer dependency matching the pattern will be resolved from // any version, regardless of the range specified in // "peerDependencies". "allowAny"?: [...string] }) // A list of dependencies to run builds for. "neverBuiltDependencies"?: [...string] // A list of package names that are allowed to be executed during // installation. "onlyBuiltDependencies"?: [...string] // Specifies a JSON file that lists the only packages permitted to // run installation scripts during the pnpm install process. "onlyBuiltDependenciesFile"?: string // A list of package names that should not be built during // installation. "ignoredBuiltDependencies"?: [...string] // A list of deprecated versions that the warnings are suppressed. "allowedDeprecatedVersions"?: { ... } // A list of dependencies that are patched. "patchedDependencies"?: { ... } // When true, installation won't fail if some of the patches from // the "patchedDependencies" field were not applied. "allowNonAppliedPatches"?: bool // When true, installation won't fail if some of the patches from // the "patchedDependencies" field were not applied. "allowUnusedPatches"?: bool "updateConfig"?: close({ // A list of packages that should be ignored when running "pnpm // outdated" or "pnpm update --latest". "ignoreDependencies"?: [...string] }) // Configurational dependencies are installed before all the other // types of dependencies (before 'dependencies', // 'devDependencies', 'optionalDependencies'). "configDependencies"?: { ... } "auditConfig"?: close({ // A list of CVE IDs that will be ignored by "pnpm audit". "ignoreCves"?: [...=~"^CVE-\\d{4}-\\d{4,7}$"] // A list of GHSA Codes that will be ignored by "pnpm audit". "ignoreGhsas"?: [...=~"^GHSA(-[23456789cfghjmpqrvwx]{4}){3}$"] }) // A list of scripts that must exist in each project. "requiredScripts"?: [...string] // Specifies architectures for which you'd like to install // optional dependencies, even if they don't match the // architecture of the system running the install. "supportedArchitectures"?: close({ "os"?: [...string] "cpu"?: [...string] "libc"?: [...string] }) // A list of optional dependencies that the install should be // skipped. "ignoredOptionalDependencies"?: [...string] "executionEnv"?: close({ // Specifies which exact Node.js version should be used for the // project's runtime. "nodeVersion"?: string }) }) // Defines the StackBlitz configuration for the project. "stackblitz"?: close({ // StackBlitz automatically installs npm dependencies when opening // a project. "installDependencies"?: bool // A terminal command to be executed when opening the project, // after installing npm dependencies. "startCommand"?: bool | string // The compileTrigger option controls how file changes in the // editor are written to the WebContainers in-memory filesystem. "compileTrigger"?: "auto" | "keystroke" | "save" // A map of default environment variables that will be set in each // top-level shell process. "env"?: { ... } }) {[=~"^_" & !~"^(name|version|description|keywords|homepage|bugs|license|licenses|author|contributors|maintainers|files|main|exports|imports|bin|type|types|typings|typesVersions|man|directories|repository|funding|scripts|config|dependencies|devDependencies|optionalDependencies|peerDependencies|peerDependenciesMeta|bundleDependencies|bundledDependencies|resolutions|overrides|packageManager|engines|volta|engineStrict|os|cpu|devEngines|preferGlobal|private|publishConfig|dist|readme|module|esnext|workspaces|jspm|eslintConfig|prettier|stylelint|ava|release|jscpd|pnpm|stackblitz)$"]: _} ... } // Dependencies are specified with a simple hash of package name // to version range. The version range is a string which has one // or more space-separated descriptors. Dependencies can also be // identified with a tarball or git URL. #dependency: [string]: string // Specifies dependencies that are required for the development // and testing of the project. These dependencies are not needed // in the production environment. #devDependency: [string]: string // Specifies requirements for development environment components // such as operating systems, runtimes, or package managers. Used // to ensure consistent development environments across the team. #devEngineDependency: { // The name of the dependency, with allowed values depending on // the parent field "name"!: string // The version range for the dependency "version"?: string // What action to take if validation fails "onFail"?: "ignore" | "warn" | "error" | "download" ... } // URL to a website with details about how to fund the package. #fundingUrl: net.AbsURL // Used to inform about ways to help fund development of the // package. #fundingWay: close({ "url"!: #fundingUrl // The type of funding or the platform through which funding can // be provided, e.g. patreon, opencollective, tidelift or github. "type"?: string }) #license: matchN(>=1, [string, "AGPL-3.0-only" | "Apache-2.0" | "BSD-2-Clause" | "BSD-3-Clause" | "BSL-1.0" | "CC0-1.0" | "CDDL-1.0" | "CDDL-1.1" | "EPL-1.0" | "EPL-2.0" | "GPL-2.0-only" | "GPL-3.0-only" | "ISC" | "LGPL-2.0-only" | "LGPL-2.1-only" | "LGPL-2.1-or-later" | "LGPL-3.0-only" | "LGPL-3.0-or-later" | "MIT" | "MPL-2.0" | "MS-PL" | "UNLICENSED"]) // Specifies dependencies that are optional for your project. // These dependencies are attempted to be installed during the // npm install process, but if they fail to install, the // installation process will not fail. #optionalDependency: [string]: string #packageExportsEntry: matchN(1, [#packageExportsEntryPath, #packageExportsEntryObject]) // Used to specify conditional exports, note that Conditional // exports are unsupported in older environments, so it's // recommended to use the fallback array option if support for // those environments is a concern. #packageExportsEntryObject: close({ "require"?: #packageExportsEntryOrFallback "import"?: #packageExportsEntryOrFallback "module-sync"?: #packageExportsEntryOrFallback "node"?: #packageExportsEntryOrFallback "default"?: #packageExportsEntryOrFallback "types"?: #packageExportsEntryOrFallback {[=~"^[^.0-9]+$" & !~"^(require|import|module-sync|node|default|types)$"]: #packageExportsEntryOrFallback} {[=~"^types@.+$" & !~"^(require|import|module-sync|node|default|types)$"]: #packageExportsEntryOrFallback} }) #packageExportsEntryOrFallback: matchN(1, [#packageExportsEntry, #packageExportsFallback]) // The module path that is resolved when this specifier is // imported. Set to `null` to disallow importing this module. #packageExportsEntryPath: null | =~"^\\./" // Used to allow fallbacks in case this environment doesn't // support the preceding entries. #packageExportsFallback: [...#packageExportsEntry] #packageImportsEntry: matchN(1, [#packageImportsEntryPath, #packageImportsEntryObject]) // Used to specify conditional exports, note that Conditional // exports are unsupported in older environments, so it's // recommended to use the fallback array option if support for // those environments is a concern. #packageImportsEntryObject: close({ "require"?: #packageImportsEntryOrFallback "import"?: #packageImportsEntryOrFallback "node"?: #packageImportsEntryOrFallback "default"?: #packageImportsEntryOrFallback "types"?: #packageImportsEntryOrFallback {[=~"^[^.0-9]+$" & !~"^(require|import|node|default|types)$"]: #packageImportsEntryOrFallback} {[=~"^types@.+$" & !~"^(require|import|node|default|types)$"]: #packageImportsEntryOrFallback} }) #packageImportsEntryOrFallback: matchN(1, [#packageImportsEntry, #packageImportsFallback]) // The module path that is resolved when this specifier is // imported. Set to `null` to disallow importing this module. #packageImportsEntryPath: null | string // Used to allow fallbacks in case this environment doesn't // support the preceding entries. #packageImportsFallback: [...#packageImportsEntry] // Specifies dependencies that are required by the package but are // expected to be provided by the consumer of the package. #peerDependency: [string]: string // When a user installs your package, warnings are emitted if // packages specified in "peerDependencies" are not already // installed. The "peerDependenciesMeta" field serves to provide // more information on how your peer dependencies are utilized. // Most commonly, it allows peer dependencies to be marked as // optional. Metadata for this field is specified with a simple // hash of the package name to a metadata object. #peerDependencyMeta: [string]: { // Specifies that this peer dependency is optional and should not // be installed automatically. "optional"?: bool ... } // A person who has been involved in creating or maintaining this // package. #person: string | { "name"!: string "url"?: net.AbsURL "email"?: string ... } // Run AFTER the package is installed. #scriptsInstallAfter: string // Run AFTER the package is published. #scriptsPublishAfter: string // Run by the 'npm restart' command. Note: 'npm restart' will run // the stop and start scripts if no restart script is provided. #scriptsRestart: string // Run by the 'npm start' command. #scriptsStart: string // Run by the 'npm stop' command. #scriptsStop: string // Run by the 'npm test' command. #scriptsTest: string // Run BEFORE the package is uninstalled. #scriptsUninstallBefore: string // Run BEFORE bump the package version. #scriptsVersionBefore: string } }