package.json
- Description
- name
- version
- description
- keywords
- homepage
- bugs
- license
- people fields: author, contributors
- funding
- files
- main
- browser
- bin
- man
- directories
- repository
- scripts
- config
- dependencies
- devDependencies
- peerDependencies
- peerDependenciesMeta
- bundleDependencies
- optionalDependencies
- overrides
- engines
- os
- cpu
- private
- publishConfig
- workspaces
- DEFAULT VALUES
- SEE ALSO
Description描述
This document is all you need to know about what's required in your package.json file. 本文档是您需要了解的关于package.json文件中所需内容的全部内容。It must be actual JSON, not just a JavaScript object literal.它必须是实际的JSON,而不仅仅是一个JavaScript对象文字。
A lot of the behavior described in this document is affected by the config settings described in config.本文档中描述的许多行为都受到配置中描述的配置设置的影响。
name
If you plan to publish your package, the most important things in your package.json are the name and version fields as they will be required. 如果您计划发布包,那么package.json中最重要的是名称和版本字段,因为它们是必需的。The name and version together form an identifier that is assumed to be completely unique. 名称和版本一起形成一个标识符,该标识符被认为是完全唯一的。Changes to the package should come along with changes to the version. 对包的更改应该与对版本的更改一起进行。If you don't plan to publish your package, the name and version fields are optional.如果您不打算发布包,则名称和版本字段是可选的。
The name is what your thing is called.这个名字就是你的东西的名字。
Some rules:一些规则:
The name must be less than or equal to 214 characters.名称必须少于或等于214个字符。This includes the scope for scoped packages.这包括作用域包的作用域。The names of scoped packages can begin with a dot or an underscore.作用域包的名称可以以句点或下划线开头。This is not permitted without a scope.在没有范围的情况下,这是不允许的。New packages must not have uppercase letters in the name.新程序包的名称中不得包含大写字母。The name ends up being part of a URL, an argument on the command line, and a folder name.该名称最终成为URL、命令行上的参数和文件夹名称的一部分。Therefore, the name can't contain any non-URL-safe characters.因此,名称不能包含任何非URL安全字符。
Some tips:一些提示:
Don't use the same name as a core Node module.不要使用与核心节点模块相同的名称。Don't put "js" or "node" in the name.不要在名称中加“js”或“node”。It's assumed that it's js, since you're writing a package.json file, and you can specify the engine using the "engines" field. (See below.)假设它是js,因为您正在编写一个package.json文件,并且您可以使用“engines”字段指定引擎。(见下文。)The name will probably be passed as an argument to require(), so it should be something short, but also reasonably descriptive.该名称可能会作为参数传递给require(),因此它应该是简短的,但也具有合理的描述性。You may want to check the npm registry to see if there's something by that name already, before you get too attached to it.你可能想检查npm注册表,看看是否已经有了这个名字的东西,然后再加入它。https://www.npmjs.com/
A name can be optionally prefixed by a scope, e.g. 名称可以有选择地以作用域作为前缀,例如@myorg/mypackage. @myorg/mypackage。See scope for more detail.有关更多详细信息,请参阅作用域。
version
If you plan to publish your package, the most important things in your package.json are the name and version fields as they will be required. 如果您计划发布包,那么package.json中最重要的是名称和版本字段,因为它们是必需的。The name and version together form an identifier that is assumed to be completely unique. 名称和版本一起形成一个标识符,该标识符被认为是完全唯一的。Changes to the package should come along with changes to the version. If you don't plan to publish your package, the name and version fields are optional.对包的更改应该与对版本的更改一起进行。如果您不打算发布包,则名称和版本字段是可选的。
Version must be parseable by node-semver, which is bundled with npm as a dependency. 版本必须可由node-semver解析,它作为依赖项与npm绑定在一起。((npm install semver to use it yourself.)npm install semver以便自己使用。)
description
Put a description in it. It's a string. 在里面写一个描述。这是一个字符串。This helps people discover your package, as it's listed in 这有助于人们发现你的包裹,因为它在npm search.npm search中列出了。
keywords
Put keywords in it. 把关键词放进去。It's an array of strings. 这是一个字符串数组。This helps people discover your package as it's listed in 这有助于人们在npm search.npm search中发现您的包。
homepage
The url to the project homepage.项目主页的url。
Example:例子:
"homepage": "https://github.com/owner/project#readme"
bugs
The url to your project's issue tracker and / or the email address to which issues should be reported. 项目问题跟踪器的url和/或应向其报告问题的电子邮件地址。These are helpful for people who encounter issues with your package.这些对遇到您的程序包问题的人很有帮助。
It should look like this:它应该是这样的:
{"url" : "https://github.com/owner/project/issues","email" : "project@hostname.com"}
You can specify either one or both values. 可以指定一个值,也可以同时指定两个值。If you want to provide only a url, you can specify the value for "bugs" as a simple string instead of an object.如果您只想提供一个url,您可以将“bugs”的值指定为一个简单的字符串,而不是一个对象。
If a url is provided, it will be used by the 如果提供了一个url,它将被npm bugs command.npm bugs命令使用。
license
You should specify a license for your package so that people know how they are permitted to use it, and any restrictions you're placing on it.你应该为你的软件包指定一个许可证,让人们知道他们是如何被允许使用它的,以及你对它的任何限制。
If you're using a common license such as BSD-2-Clause or MIT, add a current SPDX license identifier for the license you're using, like this:如果您正在使用BSD-2-Clause或MIT等通用许可证,请为您正在使用的许可证添加当前SPDX许可证标识符,如下所示:
{"license" : "BSD-3-Clause"}
You can check the full list of SPDX license IDs. 您可以查看SPDX许可证ID的完整列表。Ideally you should pick one that is OSI approved.理想情况下,您应该选择一个OSI批准的。
If your package is licensed under multiple common licenses, use an SPDX license expression syntax version 2.0 string, like this:如果您的软件包是根据多个通用许可证授权的,请使用SPDX许可证表达式语法2.0版本字符串,如下所示:
{"license" : "(ISC OR GPL-3.0)"}
If you are using a license that hasn't been assigned an SPDX identifier, or if you are using a custom license, use a string value like this one:如果您使用的许可证尚未分配SPDX标识符,或者您使用的是自定义许可证,请使用如下字符串值:
{"license" : "SEE LICENSE IN <filename>"}
Then include a file named 然后在包的顶层包含一个名为<filename> at the top level of the package.<filename>的文件。
Some old packages used license objects or a "licenses" property containing an array of license objects:一些旧软件包使用许可证对象或包含许可证对象数组的“licenses”属性:
// Not valid metadata{"license" : {"type" : "ISC","url" : "https://opensource.org/licenses/ISC"}}// Not valid metadata{"licenses" : [{"type": "MIT","url": "https://www.opensource.org/licenses/mit-license.php"},{"type": "Apache-2.0","url": "https://opensource.org/licenses/apache2.0.php"}]}
Those styles are now deprecated. Instead, use SPDX expressions, like this:这些样式现在已被弃用。相反,使用SPDX表达式,如下所示:
{"license": "ISC"}
{"license": "(MIT OR Apache-2.0)"}
Finally, if you do not wish to grant others the right to use a private or unpublished package under any terms:最后,如果您不希望根据任何条款授予他人使用私人或未发布包的权利:
{"license": "UNLICENSED"}
Consider also setting 还可以考虑设置"private": true to prevent accidental publication."private": true以防止意外发布。
people fields: 人员字段:author, contributors
The "author" is one person. “author”是一个人。"contributors" is an array of people. “contributors”是一系列的人。A "person" is an object with a "name" field and optionally "url" and "email", like this:“person”是一个带有“name”字段以及可选的“url”和“email”的对象,如下所示:
{"name" : "Barney Rubble","email" : "b@rubble.com","url" : "http://barnyrubble.tumblr.com/"}
Or you can shorten that all into a single string, and npm will parse it for you:或者,您可以将所有这些缩短为一个字符串,npm将为您解析:
{"author": "Barney Rubble <b@rubble.com> (http://barnyrubble.tumblr.com/)"}
Both email and url are optional either way.电子邮件和网址都是可选的。
npm also sets a top-level "maintainers" field with your npm user info.npm还为您的npm用户信息设置了一个顶级的“维护者”字段。
funding
You can specify an object containing a URL that provides up-to-date information about ways to help fund development of your package, or a string URL, or an array of these:您可以指定一个对象,该对象包含一个URL,该URL提供有关帮助资助软件包开发的方法的最新信息,或字符串URL,或以下数组:
{"funding": {"type" : "individual","url" : "http://example.com/donate"},"funding": {"type" : "patreon","url" : "https://www.patreon.com/my-account"},"funding": "http://example.com/donate","funding": [{"type" : "individual","url" : "http://example.com/donate"},"http://example.com/donateAlso",{"type" : "patreon","url" : "https://www.patreon.com/my-account"}]}
Users can use the 用户可以使用npm fund subcommand to list the funding URLs of all dependencies of their project, direct and indirect. npm fund子命令列出其项目的所有直接和间接依赖项的fundingURL。A shortcut to visit each funding url is also available when providing the project name such as: 当提供项目名称时,也可以使用访问每个资助url的快捷方式,例如:npm fund <projectname> (when there are multiple URLs, the first one will be visited)npm fund <projectname>(当有多个url时,将访问第一个url)
files
The optional 可选files field is an array of file patterns that describes the entries to be included when your package is installed as a dependency. files字段是一组文件模式,用于描述将包作为依赖项安装时要包含的条目。File patterns follow a similar syntax to 文件模式遵循与.gitignore, but reversed: including a file, directory, or glob pattern (*, **/*, and such) will make it so that file is included in the tarball when it's packed. .gitignore类似的语法,但相对的:包括文件、目录或glob模式(*、**/*等)将使其在打包时包含在tarball中。Omitting the field will make it default to 省略该字段将使其默认为["*"], which means it will include all files.["*"],这意味着它将包括所有文件。
Some special files and directories are also included or excluded regardless of whether they exist in the 一些特殊的文件和目录也会被包括或排除,无论它们是否存在于files array (see below).files数组中(请参见下文)。
You can also provide a 您还可以在包的根目录或子目录中提供一个.npmignore file in the root of your package or in subdirectories, which will keep files from being included. .npmignore文件,这将阻止文件被包括在内。At the root of your package it will not override the "files" field, but in subdirectories it will. 在包的根目录中,它不会覆盖“files”字段,但在子目录中会覆盖。The .npmignore file works just like a .gitignore. .npmignore文件的工作原理就像.gitignore一样。If there is a 如果有一个.gitignore file, and .npmignore is missing, .gitignore's contents will be used instead..gitignore文件,并且.npmignore丢失,那么将使用.gitignore的内容。
Files included with the "package.json#files" field cannot be excluded through “package.json#Files”字段中包含的文件不能通过.npmignore or .gitignore..npmignore或.gitignore排除。
Certain files are always included, regardless of settings:无论设置如何,都会始终包含某些文件:
package.jsonREADMELICENSE/LICENCEThe file in the "main" field"main"字段中的文件
README & LICENSE can have any case and extension.可以有任何案例和扩展。
Conversely, some files are always ignored:相反,某些文件总是被忽略:
.gitCVS.svn.hg.lock-wscript.wafpickle-N.*.swp.DS_Store._*npm-debug.log.npmrcnode_modulesconfig.gypi*.origpackage-lock.json(use npm-shrinkwrap.json if you wish it to be published)(如果希望发布,请使用npm-shrinkwrap.json)
main
The main field is a module ID that is the primary entry point to your program. 主字段是一个模块ID,它是程序的主要入口点。That is, if your package is named 也就是说,如果您的包名为foo, and a user installs it, and then does require("foo"), then your main module's exports object will be returned.foo,并且用户安装了它,然后执行require("foo"),那么将返回主模块的导出对象。
This should be a module relative to the root of your package folder.这应该是一个相对于包文件夹根目录的模块。
For most modules, it makes the most sense to have a main script and often not much else.对于大多数模块来说,有一个主脚本是最有意义的,而通常没有太多其他内容。
If 如果未设置main is not set it defaults to index.js in the package's root folder.main,则默认为包根文件夹中的index.js。
browser
If your module is meant to be used client-side the browser field should be used instead of the main field. 如果您的模块要在客户端使用,则应使用浏览器字段而不是主字段。This is helpful to hint users that it might rely on primitives that aren't available in Node.js modules. 这有助于提示用户它可能依赖于Node.js模块中不可用的原语。(e.g. (例如window)window)
bin
A lot of packages have one or more executable files that they'd like to install into the PATH. 许多软件包都有一个或多个可执行文件,它们希望将这些文件安装到PATH中。npm makes this pretty easy (in fact, it uses this feature to install the "npm" executable.)npm使这变得非常容易(事实上,它使用此功能来安装“npm”可执行文件。)
To use this, supply a 要使用它,请在您的package.json中提供一个bin field in your package.json which is a map of command name to local file name. bin字段,它是命令名到本地文件名的映射。When this package is installed globally, that file will be either linked inside the global bins directory or a cmd (Windows Command File) will be created which executes the specified file in the 当全局安装此程序包时,该文件将链接到全局bins目录中,或者将创建一个cmd(Windows命令文件)来执行bin field, so it is available to run by name or name.cmd (on Windows PowerShell). bin字段中的指定文件,因此它可以按name或name.cmd(在Windows PowerShell上)运行。When this package is installed as a dependency in another package, the file will be linked where it will be available to that package either directly by 当此程序包作为依赖项安装在另一个程序包中时,该文件将被链接到该程序包可用的位置,无论是通过npm exec or by name in other scripts when invoking them via npm run-scriptnpm exec直接链接,还是通过npm run-script调用其他脚本时通过其他脚本中的名称链接.
For example, myapp could have this:例如,myapp可能具有以下特性:
{"bin": {"myapp": "./cli.js"}}
So, when you install myapp, in case of unix-like OS it'll create a symlink from the 因此,当你安装myapp时,在类似unix的操作系统中,它会创建一个从cli.js script to /usr/local/bin/myapp and in case of windows it will create a cmd file usually at C:\Users\{Username}\AppData\Roaming\npm\myapp.cmd which runs the cli.js script.cli.js脚本到/usr/local/bin/myapp的符号链接,在windows的情况下,它会在C:\Users\{Username}\AppData\Roaming\npm\myapp.cmd中创建一个cmd文件,它运行cli.js剧本。
If you have a single executable, and its name should be the name of the package, then you can just supply it as a string. For example:如果您有一个可执行文件,并且它的名称应该是包的名称,那么您可以将其作为字符串提供。例如:
{"name": "my-program","version": "1.2.5","bin": "./path/to/program"}
would be the same as this:将与此相同:
{"name": "my-program","version": "1.2.5","bin": {"my-program": "./path/to/program"}}
Please make sure that your file(s) referenced in 请确保bin starts with #!/usr/bin/env node, otherwise the scripts are started without the node executable!bin中引用的文件以#!/usr/bin/env node开头,否则脚本将在没有节点可执行文件的情况下启动!
Note that you can also set the executable files using directories.bin.请注意,您也可以使用directories.bin设置可执行文件。
See folders for more info on executables.有关可执行文件的详细信息,请参阅文件夹。
man
Specify either a single file or an array of filenames to put in place for the 指定要放置的单个文件或文件名数组,以便man program to find.man程序查找。
If only a single file is provided, then it's installed such that it is the result from 如果只提供了一个文件,那么无论其实际文件名如何,都会将其安装为man <pkgname>, regardless of its actual filename. man <pkgname>的结果。For example:例如:
{"name": "foo","version": "1.2.3","description": "A packaged foo fooer for fooing foos","main": "foo.js","man": "./man/doc.1"}
would link the 将链接./man/doc.1 file in such that it is the target for man foo./man/doc.1文件,使其成为man foo的目标
If the filename doesn't start with the package name, then it's prefixed. So, this:如果文件名不是以包名开头的,则会以它为前缀。所以,这个:
{"name": "foo","version": "1.2.3","description": "A packaged foo fooer for fooing foos","main": "foo.js","man": ["./man/foo.1","./man/bar.1"]}
will create files to do 将创建文件来执行man foo and man foo-bar.man foo和man foo-bar。
Man files must end with a number, and optionally a Man文件必须以数字结尾,如果是压缩的,还可以选择以.gz suffix if they are compressed. .gz后缀结尾。The number dictates which man section the file is installed into.数字指示文件安装到哪个man部分。
{"name": "foo","version": "1.2.3","description": "A packaged foo fooer for fooing foos","main": "foo.js","man": ["./man/foo.1","./man/foo.2"]}
will create entries for 将为man foo and man 2 fooman foo和man 2 foo创建条目
directories目录
The CommonJS Packages spec details a few ways that you can indicate the structure of your package using a CommonJS Packages规范详细介绍了使用目录对象指示包结构的几种方法。directories object. If you look at npm's package.json, you'll see that it has directories for doc, lib, and man.如果您查看npm的package.json,您会发现它有doc、lib和man的目录。
In the future, this information may be used in other creative ways.在未来,这些信息可能会被用于其他创造性的方式。
directories.bin
If you specify a 如果在bin directory in directories.bin, all the files in that folder will be added.directories.bin中指定一个bin目录,则会添加该文件夹中的所有文件。
Because of the way the 由于bin directive works, specifying both a bin path and setting directories.bin is an error. bin指令的工作方式,指定bin路径和设置directories.bin都是错误的。If you want to specify individual files, use 如果要指定单独的文件,请使用bin, and for all the files in an existing bin directory, use directories.bin.bin,对于现有bin目录中的所有文件,则使用directories.bin。
directories.man
A folder that is full of man pages. 一个装满手册页的文件夹。Sugar to generate a "man" array by walking the folder.Sugar通过遍历文件夹生成一个“man”数组。
repository
Specify the place where your code lives. This is helpful for people who want to contribute. 指定代码所在的位置。这对想要做出贡献的人很有帮助。If the git repo is on GitHub, then the 如果git repo在GitHub上,那么npm docs command will be able to find you.npm docs命令将能够找到你。
Do it like this:这样做:
{"repository": {"type": "git","url": "https://github.com/npm/cli.git"}}
The URL should be a publicly available (perhaps read-only) url that can be handed directly to a VCS program without any modification. URL应该是一个公开可用的(也许是只读的)URL,可以直接交给VCS程序,而无需任何修改。It should not be a url to an html project page that you put in your browser. 它不应该是你放在浏览器中的html项目页面的url。It's for computers.这是给电脑的。
For GitHub, GitHub gist, Bitbucket, or GitLab repositories you can use the same shortcut syntax you use for 对于GitHub、GitHub gist、Bitbucket或GitLab存储库,您可以使用与npm install:npm install相同的快捷方式语法:
{"repository": "npm/npm","repository": "github:user/repo","repository": "gist:11081aaa281","repository": "bitbucket:user/repo","repository": "gitlab:user/repo"}
If the 如果包的package.json for your package is not in the root directory (for example if it is part of a monorepo), you can specify the directory in which it lives:package.json不在根目录中(例如,如果它是monoreo的一部分),则可以指定它所在的目录:
{"repository": {"type": "git","url": "https://github.com/facebook/react.git","directory": "packages/react-dom"}}
scripts
The "scripts" property is a dictionary containing script commands that are run at various times in the lifecycle of your package. “scripts”属性是一个字典,其中包含在包生命周期中的不同时间运行的脚本命令。The key is the lifecycle event, and the value is the command to run at that point.关键是生命周期事件,而值是要在该点上运行的命令。
See scripts to find out more about writing package scripts.请参阅scripts以了解有关编写包脚本的更多信息。
config
A "config" object can be used to set configuration parameters used in package scripts that persist across upgrades. “config”对象可用于设置包脚本中使用的配置参数,这些参数在升级过程中保持不变。 For instance, if a package had the following:例如,如果一个包具有以下内容:
{"name": "foo","config": {"port": "8080"}}
It could also have a "start" command that referenced the 它还可以有一个引用npm_package_config_port environment variable.npm_package_config_port环境变量的“start”命令。
dependencies
Dependencies are specified in a simple object that maps a package name to a version range. 依赖项是在一个简单对象中指定的,该对象将包名称映射到版本范围。The version range is a string which has one or more space-separated descriptors. 版本范围是一个字符串,该字符串具有一个或多个以空格分隔的描述符。Dependencies can also be identified with a tarball or git URL.依赖项也可以用tarball或git URL来标识。
Please do not put test harnesses or transpilers or other "development" time tools in your 请不要在dependencies object.dependencies对象中放置测试工具、transfiler或其他“开发”时间工具。 See 请参阅下面的devDependencies, below.devDependencies。
See semver for more details about specifying version ranges.有关指定版本范围的更多详细信息,请参阅semver。
versionMust match必须与versionexactlyversion完全匹配>versionMust be greater than必须大于versionversion>=versionetc<version<=version~version"Approximately equivalent to version" See semver“大致相当于版本”参见semver。^version"Compatible with version" See semver“与版本兼容”请参阅semver1.2.x1.2.0, 1.2.1, etc., but not 1.3.01.2.0、1.2.1等,但不包括1.3.0http://...See 'URLs as Dependencies' below请参阅下面的“URL作为依赖项”*Matches any version匹配任何版本""(just an empty string) Same as(只是一个空字符串)与**相同version1 - version2Same as与>=version1 <=version2.>=version1 <=version2相同。range1 || range2Passes if either range1 or range2 are satisfied.如果满足范围1或范围2,则通过。git...See 'Git URLs as Dependencies' below请参阅下面的“作为依赖项的Git URL”user/repoSee 'GitHub URLs' below请参阅下面的“GitHub URL”tagA specific version tagged and published as标记并发布为tagtag的特定版本。See请参阅npm dist-tagpath/path/pathSee Local Paths below请参阅下面的本地路径
For example, these are all valid:例如,这些都是有效的:
{"dependencies": {"foo": "1.0.0 - 2.9999.9999","bar": ">=1.0.2 <2.1.2","baz": ">1.0.2 <=2.3.4","boo": "2.0.1","qux": "<1.0.0 || >=2.3.1 <2.4.5 || >=2.5.2 <3.0.0","asd": "http://asdf.com/asdf.tar.gz","til": "~1.2","elf": "~1.2.3","two": "2.x","thr": "3.3.x","lat": "latest","dyl": "file:../dyl"}}
URLs as DependenciesURL作为依赖项
You may specify a tarball URL in place of a version range.您可以指定一个tarball URL来代替版本范围。
This tarball will be downloaded and installed locally to your package at install time.这个tarball将在安装时下载并本地安装到您的软件包中。
Git URLs as Dependencies
Git urls are of the form:Git URL的形式如下:
<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>[#<commit-ish> | #semver:<semver>]
<protocol> is one of git, git+ssh, git+http, git+https, or git+file.
If 如果提供了#<commit-ish> is provided, it will be used to clone exactly that commit. #<commit-ish>,它将用于克隆该提交。If the commitish has the format 如果提交ish的格式为#semver:<semver>, <semver> can be any valid semver range or exact version, and npm will look for any tags or refs matching that range in the remote repository, much as it would for a registry dependency. #semver:<semver>,则<semver>可以是任何有效的semver范围或确切版本,npm将在远程存储库中查找与该范围匹配的任何标记或引用,就像查找注册表依赖项一样。If neither 如果没有指定#<commit-ish> or #semver:<semver> is specified, then the default branch is used.#<commit-ish>或#semver:<semver>,则使用默认分支。
Examples:例子:
git+ssh://git@github.com:npm/cli.git#v1.0.27git+ssh://git@github.com:npm/cli#semver:^5.0git+https://isaacs@github.com/npm/cli.gitgit://github.com/npm/cli.git#v1.0.27
When installing from a 当从git repository, the presence of certain fields in the package.json will cause npm to believe it needs to perform a build. git存储库进行安装时,package.json中某些字段的存在会导致npm认为它需要执行构建。To do so your repository will be cloned into a temporary directory, all of its deps installed, relevant scripts run, and the resulting directory packed and installed.要做到这一点,您的存储库将被克隆到一个临时目录中,安装其所有dep,运行相关脚本,并打包并安装生成的目录。
This flow will occur if your git dependency uses 如果您的git依赖项使用workspaces, or if any of the following scripts are present:workspaces,或者存在以下任何脚本,则会发生此流:
buildprepareprepackpreinstallinstallpostinstall
If your git repository includes pre-built artifacts, you will likely want to make sure that none of the above scripts are defined, or your dependency will be rebuilt for every installation.如果您的git存储库包含预构建的工件,那么您可能需要确保没有定义上述脚本,或者每次安装都会重新构建您的依赖关系。
GitHub URLs
As of version 1.1.65, you can refer to GitHub urls as just "foo": "user/foo-project". 从1.1.65版本开始,您可以将GitHub URL称为“foo”:“user/foo项目”。Just as with git URLs, a 就像git URL一样,可以包含commit-ish suffix can be included. commit-ish后缀。For example:例如:
{"name": "foo","version": "0.0.0","dependencies": {"express": "expressjs/express","mocha": "mochajs/mocha#4727d357ea","module": "user/repo#feature\/branch"}}
Local Paths
As of version 2.0.0 you can provide a path to a local directory that contains a package. 从2.0.0版本开始,您可以提供包含包的本地目录的路径。Local paths can be saved using 可以使用以下任何形式使用npm install -S or npm install --save, using any of these forms:npm install -S或npm install --save保存本地路径:
../foo/bar~/foo/bar./foo/bar/foo/bar
in which case they will be normalized to a relative path and added to your 在这种情况下,它们将被规范化为一个相对路径,并添加到您的package.json. For example:package.json中。例如:
{"name": "baz","dependencies": {"bar": "file:../foo/bar"}}
This feature is helpful for local offline development and creating tests that require npm installing where you don't want to hit an external server, but should not be used when publishing packages to the public registry.此功能有助于本地脱机开发和创建需要在不想访问外部服务器的地方安装npm的测试,但在将包发布到公共注册表时不应使用此功能。
note: Packages linked by local path will not have their own dependencies installed when :在这种情况下,当运行npm install is ran in this case. npm install时,由本地路径链接的程序包将不会安装它们自己的依赖项。 You must run 您必须从本地路径本身内部运行npm install from inside the local path itself.npm install。
devDependencies
If someone is planning on downloading and using your module in their program, then they probably don't want or need to download and build the external test or documentation framework that you use.如果有人计划在他们的程序中下载并使用您的模块,那么他们可能不想或不需要下载并构建您使用的外部测试或文档框架。
In this case, it's best to map these additional items in a 在这种情况下,最好将这些附加项映射到devDependencies object.devDependencies对象中。
These things will be installed when doing 这些东西将在从包的根目录进行npm link or npm install from the root of a package, and can be managed like any other npm configuration param. npm link或npm install时安装,并且可以像任何其他npm配置参数一样进行管理。See config for more on the topic.有关该主题的更多信息,请参阅配置。
For build steps that are not platform-specific, such as compiling CoffeeScript or other languages to JavaScript, use the 对于非特定于平台的构建步骤,例如将CoffeeScript或其他语言编译为JavaScript,请使用prepare script to do this, and make the required package a devDependency.prepare脚本来完成此操作,并使所需的包成为devDependency。
For example:例如:
{"name": "ethopia-waza","description": "a delightfully fruity coffee varietal","version": "1.2.3","devDependencies": {"coffee-script": "~1.6.3"},"scripts": {"prepare": "coffee -o lib/ -c src/waza.coffee"},"main": "lib/waza.js"}
The prepare script will be run before publishing, so that users can consume the functionality without requiring them to compile it themselves. prepare脚本将在发布之前运行,这样用户就可以使用该功能,而无需自己编译。In dev mode (ie, locally running 在开发模式下(即本地运行npm install), it'll run this script as well, so that you can test it easily.npm install),它也会运行这个脚本,这样您就可以轻松地测试它。
peerDependencies
In some cases, you want to express the compatibility of your package with a host tool or library, while not necessarily doing a 在某些情况下,您希望表达软件包与主机工具或库的兼容性,而不一定要对此主机进行require of this host. require。This is usually referred to as a plugin. 这通常被称为插件。Notably, your module may be exposing a specific interface, expected and specified by the host documentation.值得注意的是,您的模块可能会暴露主机文档预期和指定的特定接口。
For example:例如:
{"name": "tea-latte","version": "1.3.5","peerDependencies": {"tea": "2.x"}}
This ensures your package 这确保了您的包tea-latte can be installed along with the second major version of the host package tea only. tea-latte只能与主包tea的第二个主要版本一起安装。npm install tea-latte could possibly yield the following dependency graph:可能产生以下依赖关系图:
├── tea-latte@1.3.5└── tea@2.2.0
In npm versions 3 through 6, 在npm版本3到6中,peerDependencies were not automatically installed, and would raise a warning if an invalid version of the peer dependency was found in the tree. peerDependencies不会自动安装,如果在树中发现对等依赖关系的无效版本,则会引发警告。As of npm v7, peerDependencies are installed by default.从npm v7开始,默认情况下会安装peerDependencies。
Trying to install another plugin with a conflicting requirement may cause an error if the tree cannot be resolved correctly. 如果无法正确解析树,则尝试安装另一个具有冲突需求的插件可能会导致错误。For this reason, make sure your plugin requirement is as broad as possible, and not to lock it down to specific patch versions.因此,请确保您的插件需求尽可能广泛,不要将其锁定在特定的补丁版本中。
Assuming the host complies with semver, only changes in the host package's major version will break your plugin. 假设主机符合semver,只有主机包主要版本的更改才会破坏插件。Thus, if you've worked with every 1.x version of the host package, use 因此,如果您使用过主机包的每个1x版本,请使用"^1.0" or "1.x" to express this. "^1.0"或"1.x"来表达这一点。If you depend on features introduced in 1.5.2, use 如果您依赖1.5.2中介绍的功能,请使用"^1.5.2"."^1.5.2"。
peerDependenciesMeta
When a user installs your package, npm will emit warnings if packages specified in 当用户安装您的软件包时,如果peerDependencies are not already installed. peerDependencies中指定的软件包尚未安装,npm将发出警告。The peerDependenciesMeta field serves to provide npm more information on how your peer dependencies are to be used. peerDependenciesMeta字段用于向npm提供有关如何使用对等依赖关系的更多信息。Specifically, it allows peer dependencies to be marked as optional.具体来说,它允许将对等依赖关系标记为可选。
For example:例如:
{"name": "tea-latte","version": "1.3.5","peerDependencies": {"tea": "2.x","soy-milk": "1.2"},"peerDependenciesMeta": {"soy-milk": {"optional": true}}}
Marking a peer dependency as optional ensures npm will not emit a warning if the 如果主机上没有安装soy-milk package is not installed on the host. soy-milk包,则将对等依赖关系标记为可选可以确保npm不会发出警告。This allows you to integrate and interact with a variety of host packages without requiring all of them to be installed.这允许您集成各种主机包并与之交互,而无需安装所有主机包。
bundleDependencies
This defines an array of package names that will be bundled when publishing the package.这定义了发布包时将绑定的包名称的数组。
In cases where you need to preserve npm packages locally or have them available through a single file download, you can bundle the packages in a tarball file by specifying the package names in the 如果您需要在本地保留npm包或通过单个文件下载使其可用,则可以通过在bundleDependencies array and executing npm pack.bundleDependencies数组中指定包名称并执行npm pack,将包捆绑在tarball文件中。
For example:例如:
If we define a package.json like this:如果我们这样定义一个package.json:
{"name": "awesome-web-framework","version": "1.0.0","bundleDependencies": ["renderized","super-streams"]}
we can obtain 通过运行awesome-web-framework-1.0.0.tgz file by running npm pack. npm pack,我们可以获得awesome-web-framework-1.0.0.tgz文件。This file contains the dependencies 该文件包含依赖项renderized and super-streams which can be installed in a new project by executing npm install awesome-web-framework-1.0.0.tgz. renderized和super-streams,可以通过执行npm install awesome-web-framework-1.0.0.tgz将其安装在新项目中。Note that the package names do not include any versions, as that information is specified in 请注意,包名称不包括任何版本,因为这些信息是在dependencies.dependencies中指定的。
If this is spelled 如果这拼写为"bundledDependencies", then that is also honored."bundledDependencies",那么这也是值得尊敬的。
Alternatively, 或者,"bundleDependencies" can be defined as a boolean value. "bundleDependencies"可以定义为布尔值。A value of 值true will bundle all dependencies, a value of false will bundle none.true将绑定所有依赖项,值false将不绑定任何依赖项。
optionalDependencies
If a dependency can be used, but you would like npm to proceed if it cannot be found or fails to install, then you may put it in the 如果可以使用依赖项,但如果找不到或安装失败,您希望npm继续,则可以将其放入optionalDependencies object. optionalDependencies对象中。This is a map of package name to version or url, just like the 这是一个包名称到版本或url的映射,就像dependencies object. dependencies对象一样。The difference is that build failures do not cause installation to fail. 不同之处在于,生成失败不会导致安装失败。Running 运行npm install --omit=optional will prevent these dependencies from being installed.npm install --omit=optional将阻止安装这些依赖项。
It is still your program's responsibility to handle the lack of the dependency. For example, something like this:处理缺乏依赖性的问题仍然是程序的责任。例如,类似以下内容:
try {var foo = require('foo')var fooVersion = require('foo/package.json').version} catch (er) {foo = null}if ( notGoodFooVersion(fooVersion) ) {foo = null}// .. then later in your program ..if (foo) {foo.doFooThings()}
Entries in optionalDependencies will override entries of the same name in dependencies, so it's usually best to only put in one place.optionalDependencies中的条目将覆盖dependencies中同名的条目,因此通常最好只放在一个位置。
overrides
If you need to make specific changes to dependencies of your dependencies, for example replacing the version of a dependency with a known security issue, replacing an existing dependency with a fork, or making sure that the same version of a package is used everywhere, then you may add an override.如果需要对依赖项的依赖项进行特定更改,例如用已知的安全问题替换依赖项的版本,用fork替换现有的依赖项,或者确保在任何地方都使用相同版本的包,则可以添加覆盖。
Overrides provide a way to replace a package in your dependency tree with another version, or another package entirely. 覆盖提供了一种方法,可以将依赖关系树中的包替换为另一个版本或完全替换为其他包。These changes can be scoped as specific or as vague as desired.根据需要,这些更改的范围可以是具体的,也可以是模糊的。
To make sure the package 为了确保包foo is always installed as version 1.0.0 no matter what version your dependencies rely on:foo始终以1.0.0版本安装,无论您的依赖项依赖于哪个版本:
{"overrides": {"foo": "1.0.0"}}
The above is a short hand notation, the full object form can be used to allow overriding a package itself as well as a child of the package. 上面是一个简短的注释,完整的对象形式可以用于覆盖包本身以及包的子级。This will cause 这将导致foo to always be 1.0.0 while also making bar at any depth beyond foo also 1.0.0:foo始终为1.0.0,同时也使foo以外任何深度的bar也为1.0.0:
{"overrides": {"foo": {".": "1.0.0","bar": "1.0.0"}}}
To only override 要仅在foo to be 1.0.0 when it's a child (or grandchild, or great grandchild, etc) of the package bar:foo是包栏的子级(或孙子级、曾孙级等)时将其重写为1.0.0,请执行以下操作:
{"overrides": {"bar": {"foo": "1.0.0"}}}
Keys can be nested to any arbitrary length. 键可以嵌套到任意长度。To override 要仅在foo only when it's a child of bar and only when bar is a child of baz:foo是bar的子级并且bar是baz的子级时覆盖foo,请执行以下操作:
{"overrides": {"baz": {"bar": {"foo": "1.0.0"}}}}
The key of an override can also include a version, or range of versions. 替代的键也可以包括一个版本或一系列版本。To override 将foo to 1.0.0, but only when it's a child of bar@2.0.0:foo重写为1.0.0,但仅当它是的子级时bar@2.0.0:
{"overrides": {"bar@2.0.0": {"foo": "1.0.0"}}}
You may not set an override for a package that you directly depend on unless both the dependency and the override itself share the exact same spec. 除非依赖项和重写本身共享完全相同的规范,否则不能为直接依赖的包设置重写。To make this limitation easier to deal with, overrides may also be defined as a reference to a spec for a direct dependency by prefixing the name of the package you wish the version to match with a 为了更容易处理这个限制,重写也可以定义为对直接依赖项规范的引用,方法是在您希望版本与$.$匹配的包的名称前加上前缀。
{"dependencies": {"foo": "^1.0.0"},"overrides": {// BAD, will throw an EOVERRIDE error// "foo": "^2.0.0"// GOOD, specs match so override is allowed// "foo": "^1.0.0"// BEST, the override is defined as a reference to the dependency"foo": "$foo",// the referenced package does not need to match the overridden one"bar": "$foo"}}
engines
You can specify the version of node that your stuff works on:你可以指定你的东西工作的节点的版本:
{"engines": {"node": ">=0.10.3 <15"}}
And, like with dependencies, if you don't specify the version (or if you specify "*" as the version), then any version of node will do.和依赖项一样,如果不指定版本(或者指定“*”作为版本),那么任何版本的节点都可以。
You can also use the "engines" field to specify which versions of npm are capable of properly installing your program. 您还可以使用“engines”字段来指定哪些版本的npm能够正确安装您的程序。For example:例如:
{"engines": {"npm": "~1.0.20"}}
Unless the user has set the 除非用户设置了engine-strict config flag, this field is advisory only and will only produce warnings when your package is installed as a dependency.engine-strict config标志,否则此字段仅为咨询性字段,并且仅当您的包作为依赖项安装时才会产生警告。
os
You can specify which operating systems your module will run on:您可以指定模块将在哪些操作系统上运行:
{"os": ["darwin","linux"]}
You can also block instead of allowing operating systems, just prepend the blocked os with a '!':你也可以阻止而不是允许操作系统,只需在被阻止的操作系统前加一个“!”:
{"os": ["!win32"]}
The host operating system is determined by 主机操作系统由process.platformprocess.platform决定
It is allowed to both block and allow an item, although there isn't any good reason to do this.它可以阻止和允许一个项目,尽管没有任何好的理由这样做。
cpu
If your code only runs on certain cpu architectures, you can specify which ones.如果您的代码只在某些cpu架构上运行,那么您可以指定哪些架构。
{"cpu": ["x64","ia32"]}
Like the 与os option, you can also block architectures:os选项一样,您也可以阻止体系结构:
{"cpu": ["!arm","!mips"]}
The host architecture is determined by 主机体系结构由process.archprocess.arch决定
private
If you set 如果您在package.json中设置了"private": true in your package.json, then npm will refuse to publish it."private": true,那么npm将拒绝发布它。
This is a way to prevent accidental publication of private repositories. 这是一种防止私人存储库意外发布的方法。If you would like to ensure that a given package is only ever published to a specific registry (for example, an internal registry), then use the publishConfig dictionary described below to override the registry config param at publish-time.
publishConfig
This is a set of config values that will be used at publish-time. 这是一组将在发布时使用的配置值。It's especially handy if you want to set the tag, registry or access, so that you can ensure that a given package is not tagged with "latest", published to the global public registry or that a scoped module is private by default.如果您想设置标记、注册表或访问权限,那么它特别方便,这样您就可以确保给定的包没有标记为“最新”、发布到全局公共注册表,或者默认情况下作用域模块是私有的。
See config to see the list of config options that can be overridden.请参阅config以查看可以覆盖的配置选项列表。
workspaces
The optional workspaces field is an array of file patterns that describes locations within the local file system that the install client should look up to find each workspace that needs to be symlinked to the top level node_modules folder.
It can describe either the direct paths of the folders to be used as workspaces or it can define globs that will resolve to these same folders.它可以描述用作工作区的文件夹的直接路径,也可以定义将解析为这些相同文件夹的glob。
In the following example, all folders located inside the folder ./packages will be treated as workspaces as long as they have valid package.json files inside them:
{"name": "workspace-example","workspaces": ["./packages/*"]}
See workspaces for more examples.
DEFAULT VALUES默认值
npm will default some values based on package contents.npm将根据包内容默认一些值。
-
"scripts": {"start": "node server.js"}If there is a
server.jsfile in the root of your package, then npm will default thestartcommand tonode server.js. -
"scripts":{"install": "node-gyp rebuild"}If there is a
binding.gypfile in the root of your package and you have not defined aninstallorpreinstallscript, npm will default theinstallcommand to compile using node-gyp. -
"contributors": [...]If there is an
AUTHORSfile in the root of your package, npm will treat each line as aName <email> (url)format, where email and url are optional. Lines which start with a#or are blank, will be ignored.