npm · wraithgar · Dec 2, 2024 · Nov 27, 2024 · Nov 27, 2024 · Nov 27, 2024
@@ -83,6 +83,9 @@ See [`developers`](/using-npm/developers) for full details on what's
 included in the published package, as well as details on how the package is
 built.
 
+See [`package.json`](/configuring-npm/package-json) for more info on
+what can and can't be ignored.
+
 ### Configuration
 
 <!-- AUTOGENERATED CONFIG DESCRIPTIONS -->

@@ -324,6 +324,7 @@ Some files are always ignored by default:
   if you wish it to be published)
 * `pnpm-lock.yaml`
 * `yarn.lock`
+* `bun.lockb`
 
 Most of these ignored files can be included specifically if included in
 the `files` globs.  Exceptions to this are:
@@ -334,6 +335,7 @@ the `files` globs.  Exceptions to this are:
 * `package-lock.json`
 * `pnpm-lock.yaml`
 * `yarn.lock`
+* `bun.lockb`
 
 These can not be included.
 

@@ -112,8 +112,8 @@ as `.gitignore` files:
 * You can end patterns with a forward slash `/` to specify a directory.
 * You can negate a pattern by starting it with an exclamation point `!`.
 
-By default, the following paths and files are ignored, so there's no
-need to add them to `.npmignore` explicitly:
+By default, some paths and files are ignored, so there's no
+need to add them to `.npmignore` explicitly. Some examples are:
 
 * `.*.swp`
 * `._*`
@@ -148,6 +148,9 @@ property of `package.json`, which is an array of file or directory names
 that should be included in your package. Sometimes manually picking
 which items to allow is easier to manage than building a block list.
 
+See [`package.json`](/configuring-npm/package-json) for more info on
+what can and can't be ignored.
+
 #### Testing whether your `.npmignore` or `files` config works
 
 If you want to double check that your package will include only the files

@@ -52,7 +52,7 @@
     "json-stringify-safe": "^5.0.1",
     "nock": "^13.3.3",
     "npm-package-arg": "^12.0.0",
-    "pacote": "^20.0.0",
+    "pacote": "^21.0.0",
     "tap": "^16.3.8"
   }
 }
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/metavuln-calculator",
-  "version": "8.0.1",
+  "version": "9.0.0",
   "main": "lib/index.js",
   "files": [
     "bin/",
@@ -34,23 +34,23 @@
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^5.0.0",
-    "@npmcli/template-oss": "4.23.3",
+    "@npmcli/template-oss": "4.23.4",
     "require-inject": "^1.4.4",
     "tap": "^16.0.1"
   },
   "dependencies": {
     "cacache": "^19.0.0",
     "json-parse-even-better-errors": "^4.0.0",
-    "pacote": "^20.0.0",
+    "pacote": "^21.0.0",
     "proc-log": "^5.0.0",
     "semver": "^7.3.5"
   },
   "engines": {
-    "node": "^18.17.0 || >=20.5.0"
+    "node": "^20.17.0 || >=22.9.0"
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.23.3",
+    "version": "4.23.4",
     "publish": "true",
     "ciVersions": [
       "16.14.0",

@@ -7,6 +7,7 @@ const updateScripts = require('./update-scripts.js')
 const updateWorkspaces = require('./update-workspaces.js')
 const normalize = require('./normalize.js')
 const { read, parse } = require('./read-package.js')
+const { packageSort } = require('./sort.js')
 
 // a list of handy specialized helper functions that take
 // care of special cases that are handled by the npm cli
@@ -230,19 +231,23 @@ class PackageJson {
     return this
   }
 
-  async save () {
+  async save ({ sort } = {}) {
     if (!this.#canSave) {
       throw new Error('No package.json to save to')
     }
     const {
       [Symbol.for('indent')]: indent,
       [Symbol.for('newline')]: newline,
+      ...rest
     } = this.content
 
     const format = indent === undefined ? '  ' : indent
     const eol = newline === undefined ? '\n' : newline
+
+    const content = sort ? packageSort(rest) : rest
+
     const fileContent = `${
-      JSON.stringify(this.content, null, format)
+      JSON.stringify(content, null, format)
     }\n`
       .replace(/\n/g, eol)
 

@@ -0,0 +1,101 @@
+/**
+ * arbitrary sort order for package.json largely pulled from:
+ * https://github.com/keithamus/sort-package-json/blob/main/defaultRules.md
+ *
+ * cross checked with:
+ * https://github.com/npm/types/blob/main/types/index.d.ts#L104
+ * https://docs.npmjs.com/cli/configuring-npm/package-json
+ */
+function packageSort (json) {
+  const {
+    name,
+    version,
+    private: isPrivate,
+    description,
+    keywords,
+    homepage,
+    bugs,
+    repository,
+    funding,
+    license,
+    author,
+    maintainers,
+    contributors,
+    type,
+    imports,
+    exports,
+    main,
+    browser,
+    types,
+    bin,
+    man,
+    directories,
+    files,
+    workspaces,
+    scripts,
+    config,
+    dependencies,
+    devDependencies,
+    peerDependencies,
+    peerDependenciesMeta,
+    optionalDependencies,
+    bundledDependencies,
+    bundleDependencies,
+    engines,
+    os,
+    cpu,
+    publishConfig,
+    devEngines,
+    licenses,
+    overrides,
+    ...rest
+  } = json
+
+  return {
+    ...(typeof name !== 'undefined' ? { name } : {}),
+    ...(typeof version !== 'undefined' ? { version } : {}),
+    ...(typeof isPrivate !== 'undefined' ? { private: isPrivate } : {}),
+    ...(typeof description !== 'undefined' ? { description } : {}),
+    ...(typeof keywords !== 'undefined' ? { keywords } : {}),
+    ...(typeof homepage !== 'undefined' ? { homepage } : {}),
+    ...(typeof bugs !== 'undefined' ? { bugs } : {}),
+    ...(typeof repository !== 'undefined' ? { repository } : {}),
+    ...(typeof funding !== 'undefined' ? { funding } : {}),
+    ...(typeof license !== 'undefined' ? { license } : {}),
+    ...(typeof author !== 'undefined' ? { author } : {}),
+    ...(typeof maintainers !== 'undefined' ? { maintainers } : {}),
+    ...(typeof contributors !== 'undefined' ? { contributors } : {}),
+    ...(typeof type !== 'undefined' ? { type } : {}),
+    ...(typeof imports !== 'undefined' ? { imports } : {}),
+    ...(typeof exports !== 'undefined' ? { exports } : {}),
+    ...(typeof main !== 'undefined' ? { main } : {}),
+    ...(typeof browser !== 'undefined' ? { browser } : {}),
+    ...(typeof types !== 'undefined' ? { types } : {}),
+    ...(typeof bin !== 'undefined' ? { bin } : {}),
+    ...(typeof man !== 'undefined' ? { man } : {}),
+    ...(typeof directories !== 'undefined' ? { directories } : {}),
+    ...(typeof files !== 'undefined' ? { files } : {}),
+    ...(typeof workspaces !== 'undefined' ? { workspaces } : {}),
+    ...(typeof scripts !== 'undefined' ? { scripts } : {}),
+    ...(typeof config !== 'undefined' ? { config } : {}),
+    ...(typeof dependencies !== 'undefined' ? { dependencies } : {}),
+    ...(typeof devDependencies !== 'undefined' ? { devDependencies } : {}),
+    ...(typeof peerDependencies !== 'undefined' ? { peerDependencies } : {}),
+    ...(typeof peerDependenciesMeta !== 'undefined' ? { peerDependenciesMeta } : {}),
+    ...(typeof optionalDependencies !== 'undefined' ? { optionalDependencies } : {}),
+    ...(typeof bundledDependencies !== 'undefined' ? { bundledDependencies } : {}),
+    ...(typeof bundleDependencies !== 'undefined' ? { bundleDependencies } : {}),
+    ...(typeof engines !== 'undefined' ? { engines } : {}),
+    ...(typeof os !== 'undefined' ? { os } : {}),
+    ...(typeof cpu !== 'undefined' ? { cpu } : {}),
+    ...(typeof publishConfig !== 'undefined' ? { publishConfig } : {}),
+    ...(typeof devEngines !== 'undefined' ? { devEngines } : {}),
+    ...(typeof licenses !== 'undefined' ? { licenses } : {}),
+    ...(typeof overrides !== 'undefined' ? { overrides } : {}),
+    ...rest,
+  }
+}
+
+module.exports = {
+  packageSort,
+}
@@ -1,7 +1,17 @@
 {
   "name": "@npmcli/package-json",
-  "version": "6.0.1",
+  "version": "6.1.0",
   "description": "Programmatic API to update package.json",
+  "keywords": [
+    "npm",
+    "oss"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/npm/package-json.git"
+  },
+  "license": "ISC",
+  "author": "GitHub Inc.",
   "main": "lib/index.js",
   "files": [
     "bin/",
@@ -18,19 +28,6 @@
     "template-oss-apply": "template-oss-apply --force",
     "eslint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\""
   },
-  "keywords": [
-    "npm",
-    "oss"
-  ],
-  "author": "GitHub Inc.",
-  "license": "ISC",
-  "devDependencies": {
-    "@npmcli/eslint-config": "^5.0.0",
-    "@npmcli/template-oss": "4.23.3",
-    "read-package-json": "^7.0.0",
-    "read-package-json-fast": "^4.0.0",
-    "tap": "^16.0.1"
-  },
   "dependencies": {
     "@npmcli/git": "^6.0.0",
     "glob": "^10.2.2",
@@ -40,16 +37,19 @@
     "proc-log": "^5.0.0",
     "semver": "^7.5.3"
   },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/npm/package-json.git"
+  "devDependencies": {
+    "@npmcli/eslint-config": "^5.0.0",
+    "@npmcli/template-oss": "4.23.5",
+    "read-package-json": "^7.0.0",
+    "read-package-json-fast": "^4.0.0",
+    "tap": "^16.0.1"
   },
   "engines": {
     "node": "^18.17.0 || >=20.5.0"
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.23.3",
+    "version": "4.23.5",
     "publish": "true"
   },
   "tap": {

@@ -290,6 +290,7 @@ class PackWalker extends IgnoreWalker {
       '/package-lock.json',
       '/yarn.lock',
       '/pnpm-lock.yaml',
+      '/bun.lockb',
     ]
 
     // if we have a files array in our package, we need to pull rules from it

@@ -1,6 +1,6 @@
 {
   "name": "npm-packlist",
-  "version": "9.0.0",
+  "version": "10.0.0",
   "description": "Get a list of the files to add from a folder into an npm package",
   "directories": {
     "test": "test"
@@ -16,9 +16,9 @@
     "lib/"
   ],
   "devDependencies": {
-    "@npmcli/arborist": "^7.5.4",
-    "@npmcli/eslint-config": "^4.0.0",
-    "@npmcli/template-oss": "4.23.3",
+    "@npmcli/arborist": "^8.0.0",
+    "@npmcli/eslint-config": "^5.0.1",
+    "@npmcli/template-oss": "4.23.4",
     "mutate-fs": "^2.1.1",
     "tap": "^16.0.1"
   },
@@ -51,11 +51,11 @@
     ]
   },
   "engines": {
-    "node": "^18.17.0 || >=20.5.0"
+    "node": "^20.17.0 || >=22.9.0"
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.23.3",
+    "version": "4.23.4",
     "publish": true
   }
 }
@@ -1,6 +1,6 @@
 {
   "name": "pacote",
-  "version": "20.0.0",
+  "version": "21.0.0",
   "description": "JavaScript package downloader",
   "author": "GitHub Inc.",
   "bin": {
@@ -26,13 +26,14 @@
     ]
   },
   "devDependencies": {
-    "@npmcli/arborist": "^7.1.0",
+    "@npmcli/arborist": "^8.0.0",
     "@npmcli/eslint-config": "^5.0.0",
-    "@npmcli/template-oss": "4.23.3",
+    "@npmcli/template-oss": "4.23.4",
     "hosted-git-info": "^8.0.0",
     "mutate-fs": "^2.1.1",
     "nock": "^13.2.4",
     "npm-registry-mock": "^1.3.2",
+    "rimraf": "^6.0.1",
     "tap": "^16.0.1"
   },
   "files": [
@@ -54,7 +55,7 @@
     "fs-minipass": "^3.0.0",
     "minipass": "^7.0.2",
     "npm-package-arg": "^12.0.0",
-    "npm-packlist": "^9.0.0",
+    "npm-packlist": "^10.0.0",
     "npm-pick-manifest": "^10.0.0",
     "npm-registry-fetch": "^18.0.0",
     "proc-log": "^5.0.0",
@@ -64,15 +65,15 @@
     "tar": "^6.1.11"
   },
   "engines": {
-    "node": "^18.17.0 || >=20.5.0"
+    "node": "^20.17.0 || >=22.9.0"
   },
   "repository": {
     "type": "git",
     "url": "git+https://github.com/npm/pacote.git"
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.23.3",
+    "version": "4.23.4",
     "windowsCI": false,
     "publish": "true"
   }