我有一个简单的包裹。json文件,我想添加一个评论。有办法做到这一点吗,或者有什么hack可以做到这一点吗?
{
"name": "My Project",
"version": "0.0.1",
"private": true,
"dependencies": {
"express": "3.x",
"mongoose": "3.x"
},
"devDependencies" : {
"should": "*"
/* "mocha": "*" not needed as should be globally installed */
}
}
上面的示例注释在npm崩溃时不起作用。我还尝试了// style注释。
当前回答
用于npm的包。我发现了两种方法(在阅读这段对话后):
"devDependencies": {
"del-comment": [
"some-text"
],
"del": "^5.1.0 ! inner comment",
"envify-comment": [
"some-text"
],
"envify": "4.1.0 ! inner comment"
}
但是在更新或重新安装带有“——save”或“——save-dev”的包时,会出现“^4.1.0 !”注释”中相应的地方将被删除。所有这些都将打破npm审计。
其他回答
以下是我对包内评论的看法。Json / bower.json:
我有文件package.json.js,其中包含一个脚本,导出实际的package.json。运行脚本将覆盖旧包。Json并告诉我它所做的更改,完美地帮助你跟踪NPM所做的自动更改。这样,我甚至可以通过编程方式定义我想要使用的包。
最新的Grunt任务如下: https://gist.github.com/MarZab/72fa6b85bc9e71de5991
在浪费了一个小时的复杂和俗套的解决方案后,我找到了注释package.json中庞大的依赖项部分的简单而有效的解决方案。就像这样:
{
"name": "package name",
"version": "1.0",
"description": "package description",
"scripts": {
"start": "npm install && node server.js"
},
"scriptsComments": {
"start": "Runs development build on a local server configured by server.js"
},
"dependencies": {
"ajv": "^5.2.2"
},
"dependenciesComments": {
"ajv": "JSON-Schema Validator for validation of API data"
}
}
当以同样的方式排序时,现在我很容易在Git提交差异中或在编辑器中跟踪这些依赖/注释对,同时使用package.json文件。
不需要使用额外的工具,只需要简单有效的JSON。
我一直在这样做:
{
...
"scripts": {
"about": "echo 'Say something about this project'",
"about:clean": "echo 'Say something about the clean script'",
"clean": "do something",
"about:build": "echo 'Say something about building it'",
"build": "do something",
"about:watch": "echo 'Say something about how watch works'",
"watch": "do something",
}
...
}
这样,我既可以读取脚本本身的“伪注释”,也可以运行如下代码,在终端中查看某种帮助:
npm run about
npm run about:watch
如果你用的是纱线就更好了。
yarn about:clean
此外,正如@Dakota Jang在评论中指出的那样,你可以使用//之类的键来更清楚地表明这是一条评论。 像这样:
{
...
"scripts": {
"//clean": "echo 'Say something about the clean script'",
"clean": "do something",
"//build": "echo 'Say something about building it'",
"build": "do something",
"//watch": "echo 'Say something about how watch works'",
"watch": "do something",
}
...
}
然后运行:
npm run //build
# or
yarn //build
在终端中会有一个helper输出,在包中会有一个“comment”。Json也是。
您总是可以滥用重复的键会被覆盖的事实。这就是我刚才写的:
"dependencies": {
"grunt": "...",
"grunt-cli": "...",
"api-easy": "# Here is the pull request: https://github.com/...",
"api-easy": "git://..."
"grunt-vows": "...",
"vows": "..."
}
然而,不清楚JSON是否允许复制键(参见 JSON语法是否允许在一个对象中重复键?它似乎与npm一起工作,所以我冒这个险。
推荐的破解方法是使用“//”键(来自nodejs邮件列表)。当我测试它时,它不能处理“依赖”部分。另外,文章中的例子使用了多个“//”键,这意味着npm不会拒绝具有重复键的JSON文件。换句话说,上面的hack应该总是好的。
更新:重复密钥的一个恼人的缺点是npm install——save无声地消除了所有重复密钥。不幸的是,它很容易被忽视,你善意的评论也消失了。
“//”攻击看起来仍然是最安全的。但是,多行注释也会被npm install -save删除。
As of pnpm 7.17.1, which was just released, you can switch to pnpm for package management, move your package.json to package.json5, and comments in package.json5 are allowed and will be preserved by pnpm. Note however that for publishing as a package to use on the npm registry (for example), a package.json5 will not be recognized by other package managers and I doubt by all of the registry's processing. So you would have to convert the package.json5 to a package.json before publishing. On the other hand, for "top-level applications" that are unlikely to be included as packages in other projects, a package.json5 seems to work just fine, as long as you then stick with pnpm as your package manager.
