Package Health Score

65 / 100

security
No known security issues
popularity
Popular
maintenance
Inactive
community
Active

Explore Similar Packages

Security

No known security issues

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

Version				Vulnerabilities	License Risk
0.8.4	\|	04/2020		0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.7.0	\|	02/2016		0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.6.0	\|	07/2015		0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.5.0	\|	05/2015		0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.4.0	\|	08/2013	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

MIT

Security Policy

Yes

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Popular

Weekly Downloads (32,184)

GitHub Stars: 15.03K
Forks: 1.94K
Contributors: 210

Direct Usage Popularity

The npm package bower-json receives a total of 32,184 downloads a week. As such, we scored bower-json popularity level to be Popular.

Based on project statistics from the GitHub repository for the npm package bower-json, we found that it has been starred 15,028 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Active

Readme.md: Yes
Contributing.md: Yes
Code of Conduct: No
Contributors: 210
Funding: Yes

A good and healthy external contribution signal for bower-json project, which invites more than one hundred open source maintainers to collaborate on the repository.

We found a way for you to contribute to the project! Looks like bower-json is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Inactive

Commit Frequency

No Recent Commits

Open Issues: 6
Open PR: 3
Last Release: 3 years ago
Last Commit: 2 years ago

Further analysis of the maintenance status of bower-json based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Inactive.

An important project maintenance signal to consider for bower-json is that it hasn't seen any new versions released to npm in the past 12 months, and could be considered as a discontinued project, or that which receives low attention from its maintainers.

In the past month we didn't find any pull request activity or change in issues status has been detected for the GitHub repository.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: >=0.10.0

Age: 10 years
Dependencies: 6 Direct
Versions: 14
Install Size: 16.7 kB
Dist-tags: 1
# of Files: 9
Maintainers: 6
TS Typings: No

bower-json has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Not sure how to use bower-json?

To help you get started, we've collected the most common ways that bower-json is being used within popular public projects.

googlearchive / ci-runner / lib / testrunner.js View on Github

TestRunner.prototype._makeBowerSandbox = function _makeBowerSandbox(next) {
  if (this._cancelled) return next('cancelled');
  // check bower.json, component.json, and .bower.json
  BowerJson.find(this._root, function(error, file) {
    if (error) return next(['No bower json file found', error]);

    BowerJson.read(file, function(error, info) {
      if (error) return next(['Invalid bower.json', error]);
      if (!(typeof info.name === 'string')) return next('package name is required');

      // Make sure the name doesn't break out of our sandbox
      var packageRoot = path.resolve(this._sandbox, info.name);
      if (packageRoot.indexOf(this._sandbox) !== 0) {
        return next('Inavlid package name: ' + info.name);
      }

      shelljs.mv(this._root, packageRoot);
      this._root = packageRoot;
      next();
    }.bind(this));

View more ways to use bower-json

bower-json

Read bower.json files with semantics, normalisation, defaults and validation.

Install via npm: npm install --save bower-json

Usage

.read(file, options, callback)

.readSync(file, options)

Reads file and applies normalisation, defaults and validation according to the bower.json spec. If the passed file does not exist, the callback is called with error.code equal to ENOENT. If the passed file contents are not valid JSON, the callback is called with error.code equal to EMALFORMED. If the json does not comply with the bower.json spec, the callback is called with error.code equal to EINVALID.

If file is a directory, find() will be used to search for the json file. The options argument is optional and can be omitted. These options will be passed to parse method.

var bowerJson = require('bower-json');

// Can also be used by simply calling bowerJson()
bowerJson.read('/path/to/bower.json', function (err, json) {
    if (err) {
        console.error('There was an error reading the file');
        console.error(err.message);
        return;
    }

    console.log('JSON: ', json);
});

.parse(json, options)

Parses an object. Useful when you want to apply normalisation and validation directly to an object. If the json does not comply with the bower.json spec, an error is thrown with error.code equal to EINVALID.

The options arguments is optional and can be omitted. Available options:

validate: Apply validation, defaults to true
normalize: Apply normalisation, defaults to false
clone: clone, use and return the passed in json object instead of using it directly, defaults to false

var bowerJson = require('bower-json');

var json = {
    name: 'my-package',
    version: '0.0.1'
};

try {
    bowerJson.parse(json);
} catch (err) {
    console.error('There was an error parsing the object');
    console.error(err.message);
}

.getIssues(json) - DEPRECATED

Validates the passed json object.

Returns an object with errors and warnings of this bower.json contents.

var bowerJson = require('bower-json');

var json = {
    name: 'myPackage',
    version: '0.0.1',
    main: {}
};

var issues = bowerJson.getIssues(json);

expect(issues).toEqual({
  errors: ['The "main" field has to be either an Array or a String'],
  warnings: ['The "name" must be lowercase']
});

#### .validate(json)

Validates the passed `json` object.

Throws an error with `error.code` equal to `EINVALID` if it does not comply with the spec.

```js
var bowerJson = require('bower-json');

var json = {
    name: 'myPackage',
    version: '0.0.1'
};

try {
    bowerJson.validate(json);
} catch (err) {
    console.error('There was an error validating the object');
    console.error(err.message);
}

.normalize(json)

var bowerJson = require('bower-json');

var json = {
    name: 'my-package',
    version: '0.0.1',
    main: 'foo.js,bar.js'
};

bowerJson.normalize(json);
json.main // ['foo.js', 'bar.js']

.find(folder, callback)

.findSync(folder)

Finds the json filename inside a folder. Checks if a bower.json exists, falling back to component.json (deprecated) and .bower.json. If no file was found, the callback is called with a error.code of ENOENT.

var bowerJson = require('bower-json');

bowerJson.find('/path/to/folder', function (err, filename) {
    if (err) {
        console.error('There is no json file in the folder');
        return;
    }

    console.log('Filename: ', filename);

    // Now that we got the filename, we can read its contents
    bowerJson.read(filename, function (err, json) {
        if (err) {
            console.error('There was an error reading the file');
            console.error(err.message);
            return;
        }

        console.log('JSON: ', json);
    });
});

License

Released under the MIT License.

bower-json dependencies

deep-extend ends-with ext-list sort-keys-length graceful-fs intersect

bower-json development dependencies

expect.js mocha request underscore.string

FAQs

What is bower-json?

Read bower.json files with semantics, normalisation, defaults and validation. Visit Snyk Advisor to see a full health score report for bower-json, including popularity, security, maintenance & community analysis.

Is bower-json popular?

The npm package bower-json receives a total of 32,184 weekly downloads. As such, bower-json popularity was classified as a popular. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is bower-json well maintained?

We found indications that bower-json is an Inactive project. See the full package health analysis to learn more about the package maintenance status.

Is bower-json safe to use?

The npm package bower-json was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 23 September-2023, at 13:53 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP

Package Health Score

Explore Similar Packages

Security and license risk for significant versions

Is your project affected by vulnerabilities?

Weekly Downloads (32,184)

Direct Usage Popularity

Embed Package Health Score Badge

Commit Frequency

Keep your project healthy

Check your package.json

Snyk Vulnerability Scanner

Not sure how to use bower-json?

bower-json

Usage

.read(file, options, callback)

.readSync(file, options)

.parse(json, options)

.getIssues(json) - DEPRECATED

.normalize(json)

.find(folder, callback)

.findSync(folder)

License

bower-json dependencies

bower-json development dependencies

FAQs

What is bower-json?

Is bower-json popular?

Is bower-json well maintained?

Is bower-json safe to use?

Build a secure application checklist

Select a recommended open source package

Scan your app for vulnerabilities

Source Code

Open Source

Container

Config

Fix identified vulnerabilities

Monitor for new issues