sort-package-json MIT 14 versions

sort-package-json

npm Repository Homepage

Sort an Object or package.json based on the well-known package.json keys

14

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

keithamus

Keywords

keysobjectsort

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:detect-indent	AI (dependencies): detect-indent is a well-known, widely-used utility for detecting indentation; appropriate dependency for a package.json sorting tool.	ai	2026/04/21
dependencies	unvetted-dep:git-hooks-list	AI (dependencies): git-hooks-list is a small, legitimate utility listing git hook names; appropriate for sort-package-json which sorts git hooks fields.	ai	2026/04/21
dependencies	unvetted-dep:sort-object-keys	AI (dependencies): sort-object-keys is a core dependency for this package's primary functionality; well-established utility with no known issues.	ai	2026/04/21

Versions (showing 14 of 114)

Version	Deps	Published
1.10.0	1 / 4	2018-02-23
1.9.0	1 / 4	2018-02-23
1.8.0	1 / 4	2018-02-22
1.7.1	1 / 4	2017-08-30
1.7.0	1 / 4	2017-06-08
1.6.1	1 / 4	2017-04-24
1.6.0	1 / 4	2017-04-04
1.5.0	1 / 4	2017-01-29
1.4.0	1 / 4	2016-03-15
1.3.0	1 / 4	2016-02-14
1.2.0	1 / 4	2016-01-22
1.1.3	1 / 2	2015-12-14
1.0.1	1 / 0	2015-12-09
1.0.0	1 / 0	2015-12-09

v1.10.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.8.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.7.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.7.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.6.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.6.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.2.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.1.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.