Setting the maintainer field in a package.json manually

(Richard Littauer) #1

Will manually adding an array of users to a public maintainers field in the package.json cause issues for npm?

More detail

The package.json docs note that npm creates a maintainers field with the publisher’s npm user information. This field most likely echoes the printout that shows when you type npm info, which prints the current maintainers (owner-level) for a project. While the docs say that npm sets this field, it is not public; as in, it’s not part of the package.json which the user will see when setting one up.

While the author field can only be one user, and the contributors field can be an Array, I want to know if you can set the maintainer field manually, and if it can be set as an Array. Specifically, I want a field that shows that there are multiple people with owner rights to a repository. I want to limit the bus factor in my organization by making sure that there are multiple publishers for any given package, and I want to use the maintainers field to verify that I’ve done so. I don’t want to use npm organizations at the moment, as I find the UX to be confusing and I want to keep publishing and ownership for packages with the original author.

0 Likes

(John Gee) #2

Will manually adding an array of users to a public maintainers field in the package.json cause issues for npm?

Even if it does not cause problems now, it may in the future. I recommend you use a custom field name for this purpose.

I found a good coverage of custom field names in this comment:

0 Likes

(Richard Littauer) #3

A custom field solves part of the problem.

Is there any way for npm to enforce a field that matches the maintainer printout from npm info? Why isn’t that information publicly logged in the package.json?

0 Likes