← 返回
未分类 中文

Package Json Linter

Lint and validate package.json files for common mistakes, missing fields, security issues, and best practices. Use when asked to lint, validate, audit, or ch...
对 package.json 进行检查和验证,发现常见错误、缺失字段、安全问题及最佳实践。适用于检查、验证、审计或排查的场景。
charlie-morrison charlie-morrison 来源
未分类 clawhub v1.0.1 1 版本 100000 Key: 无需
★ 0
Stars
📥 389
下载
💾 1
安装
1
版本
#latest

概述

Package JSON Linter

Lint package.json files for missing fields, dependency issues, security risks, and best practices violations.

Commands

All commands use the bundled Python script at scripts/package_json_linter.py.

1. Lint a package.json file

python3 scripts/package_json_linter.py lint <file-or-directory> [--strict] [--format text|json|markdown]

Runs all lint rules against one or more package.json files. If given a directory, scans for package.json files recursively (excluding node_modules).

Flags:

  • --strict — exit code 1 on any warning (not just errors)
  • --format — output format: text (default), json, markdown

2. Audit for security issues

python3 scripts/package_json_linter.py security <file-or-directory> [--format text|json|markdown]

Checks for supply chain risks: postinstall/preinstall/install scripts, and scripts containing curl, wget, eval, or piping to shell.

3. Analyze scripts section

python3 scripts/package_json_linter.py scripts <file-or-directory> [--format text|json|markdown]

Analyzes the scripts section for missing common scripts (test, start, build), placeholder test scripts, dependency issues, and deprecated packages.

4. Validate required fields and structure

python3 scripts/package_json_linter.py validate <file-or-directory> [--strict] [--format text|json|markdown]

Validates required fields (name, version, description), semver format, npm naming rules, dependency issues, and best practice fields.

Lint Rules (22 rules)

Required Fields (5 rules)

RuleSeverityDescription
-----------------------------
missing-nameerrorNo name field
missing-versionerrorNo version field
invalid-nameerrorName doesn't match npm naming rules
invalid-versionerrorVersion not valid semver
missing-descriptionwarningNo description field

Dependencies (6 rules)

RuleSeverityDescription
-----------------------------
wildcard-dependencyerrorVersion is *, empty, or latest
git-dependencywarningPoints to git URL (fragile)
file-dependencywarningUses file: protocol
pinned-dependencyinfoAll deps pinned to exact versions
duplicate-dependencywarningSame package in deps and devDeps
deprecated-packagewarningKnown deprecated package (~20 tracked)

Security (4 rules)

RuleSeverityDescription
-----------------------------
postinstall-scriptwarningSupply chain risk
preinstall-scriptwarningSupply chain risk
install-scriptwarningSupply chain risk
suspicious-scriptwarningContains curl/wget/eval/pipe-to-shell

Best Practices (7 rules)

RuleSeverityDescription
-----------------------------
missing-licensewarningNo license field
missing-repositoryinfoNo repository field
missing-enginesinfoNo engines field
missing-keywordsinfoNo keywords field
missing-maininfoNo main or exports field
missing-scriptsinfoNo scripts section
non-https-urlwarningURLs not using HTTPS

Exit Codes

  • 0 — no errors found
  • 1 — errors found (or warnings in --strict mode)

Output Formats

  • text — human-readable, one issue per line (default)
  • json — structured JSON with summary counts
  • markdown — table format for reports and PRs

版本历史

共 1 个版本

  • v1.0.1 当前
    2026-05-07 05:53 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

dev-programming

CodeConductor.ai

larsonreever
AI驱动平台,提供快速全栈开发、智能体、工作流自动化及低代码AI集成的可扩展产品创建。
★ 79 📥 182,809
ai-agent

Slack Messaging

charlie-morrison
Slack 消息—通过 CLI 和 API 发送消息、管理频道、上传文件、添加反应并自动化团队通知。
★ 0 📥 546
dev-programming

Github

steipete
使用 `gh` CLI 与 GitHub 交互,通过 `gh issue`、`gh pr`、`gh run` 和 `gh api` 管理议题、PR、CI 运行及高级查询。
★ 683 📥 330,492