What is the difference between dependencies and devDependencies?

dependencies lists packages required at runtime in production. devDependencies lists tools used only during development (test runners, compilers, linters, type definitions). When installing with npm install --production, only dependencies are installed.

What version range syntax should I use?

The caret (^) range is most common: ^1.2.3 allows patch and minor updates but not breaking major updates. The tilde (~) allows only patch updates. An exact version string (1.2.3) pins to that exact release. Wildcard (*) accepts any version and is generally discouraged for published packages.

When should I set private: true?

Set private: true for any project that should not be published to the npm registry: web applications, internal tools, monorepo roots, and anything that is not a reusable library. It prevents accidental npm publish.

What is the type field in package.json?

The type field controls how Node.js interprets .js files. Setting it to "module" makes .js files use ES module syntax (import/export). Setting it to "commonjs" or omitting it makes .js files use CommonJS (require/module.exports). Individual files can override this with the .mjs or .cjs extension.

Is my data sent to a server?

No. All package.json generation happens entirely in your browser using JavaScript. No data is sent to any server. Your project information stays completely private.

Package.json Generator Online | npm, pnpm, Yarn

You’re starting a new Node.js project and need a package.json with "type": "module", the right "scripts" block, "engines" to pin Node 18+, and a proper "license" field. npm init -y gives you a skeleton that needs 10 manual edits. You’d rather fill in a form and get the complete file.

Why This Generator (Not the NPM Package.json Generator)

PureDevTools has an NPM Package.json Generator with project templates (library, CLI, monorepo). This generator is a form-based builder for any package.json — name, version, license, author, scripts, dependencies, and every standard field. Use the NPM generator for opinionated templates; use this generator for full manual control.

What Is package.json?

package.json is the manifest file at the root of every Node.js project. It records essential metadata — the package name, version, description, entry point, and license — and instructs package managers such as npm, pnpm, and Yarn on how to install dependencies, run scripts, and publish the package to a registry like npmjs.com.

Every JavaScript or TypeScript project — whether it is a CLI tool, a web application, a library, or a monorepo workspace — depends on a correctly formed package.json. An invalid or incomplete manifest causes install failures, broken builds, and confusing error messages.

This tool lets you build a valid package.json through a guided form, then copy the formatted JSON directly into your project.

How to Use This Tool

Fill in Basic Info — enter the package name (lowercase, URL-safe), version (semver), description, main entry file, module type, and license.
Add Author details — name, email, and URL are combined into the standard author object.
Set the repository — paste a full Git URL, an SSH remote (git@github.com:user/repo.git), or a GitHub shorthand (user/repo).
Add keywords — type a keyword and press Enter or , to add it as a tag. Keywords improve discoverability on npm.
Configure scripts — use the quick-add presets (dev, build, start, test, lint) or type custom script names and commands.
List dependencies — enter package names and version ranges for runtime (dependencies) and development (devDependencies) packages.
Copy the output — the formatted package.json updates live as you type. Click Copy to copy it to the clipboard.

All processing happens in your browser. Nothing is sent to a server.

package.json Fields Explained

`name`

The name of your package. Rules from the npm registry:

Must be lowercase
No spaces — use hyphens (-) or underscores (_)
Maximum 214 characters
Scoped packages use the format @scope/name (e.g. @my-org/my-package)

"name": "my-cli-tool"
"name": "@acme/shared-utils"

`version`

A semantic version string following the MAJOR.MINOR.PATCH format defined by semver.org:

Component	Meaning
MAJOR	Breaking change
MINOR	New backward-compatible feature
PATCH	Backward-compatible bug fix

Pre-release tags (e.g. 1.0.0-beta.1) and build metadata (e.g. 1.0.0+build.42) are also valid.

`description`

A short one-line description of the package. Displayed on npm search results and the package page. Keep it under 100 characters.

`main`

The entry point module when the package is imported via require() (CommonJS) or resolved by a bundler. Defaults to index.js if omitted.

"main": "dist/index.js"

For ESM-only or dual CJS/ESM packages, use the exports field instead (not yet in this generator, as it requires conditional exports).

`type`

Controls how .js files in the package are interpreted:

Value	Effect
`"commonjs"`	`.js` files use `require()` / `module.exports`
`"module"`	`.js` files use ES module `import` / `export`
(omit)	Defaults to `"commonjs"`

Use "module" for modern ESM packages. Use .cjs / .mjs file extensions to override on a per-file basis regardless of this setting.

`private`

Setting "private": true prevents the package from being accidentally published to the npm registry. Always set this for applications, internal packages, and monorepo roots.

`license`

An SPDX license identifier string. Common choices:

License	Use case
`MIT`	Permissive; most popular for open-source
`ISC`	Functionally equivalent to MIT, slightly simpler
`Apache-2.0`	Permissive with patent grant
`GPL-3.0`	Copyleft — derivative works must also be GPL
`UNLICENSED`	Proprietary; no open-source rights granted

`author`

Can be a string shorthand or an object:

// String shorthand
"author": "Jane Doe <jane@example.com> (https://janedoe.dev)"

// Object form (used by this generator when email or URL is provided)
"author": {
  "name": "Jane Doe",
  "email": "jane@example.com",
  "url": "https://janedoe.dev"
}

`repository`

Points to the source code repository. This generator auto-detects GitHub shorthand (user/repo) and expands it to the full HTTPS URL:

"repository": {
  "type": "git",
  "url": "https://github.com/user/my-package.git"
}

`keywords`

An array of string tags. npm uses these for search ranking. Use specific, relevant terms — not vague words like “javascript” or “utility”.

"keywords": ["cli", "json-formatter", "developer-tools"]

`scripts`

Arbitrary shell commands keyed by a script name. Run with npm run <name> (or pnpm run, yarn run).

Common name	Typical command
`dev`	Start a development server (e.g. `vite dev`)
`build`	Compile for production (e.g. `tsc`, `vite build`)
`start`	Run the compiled output (e.g. `node dist/index.js`)
`test`	Run the test suite (e.g. `vitest`)
`lint`	Run the linter (e.g. `eslint src`)
`prepublishOnly`	Run before `npm publish` (e.g. `npm test && npm run build`)

The pre and post hooks are automatically run before and after the matching script (e.g. prebuild runs before build).

`dependencies` vs `devDependencies`

Field	Purpose	Installed when
`dependencies`	Runtime packages (required in production)	Always (`npm install`)
`devDependencies`	Build tools, test runners, type definitions	Not installed for production deploys (`npm install --production`)

Version range syntax:

Syntax	Meaning
`"1.2.3"`	Exact version
`"^1.2.3"`	Compatible with 1.x.x (patch + minor updates)
`"~1.2.3"`	Approximately equivalent (patch updates only)
`">=1.0.0 <2.0.0"`	Range
`"*"`	Any version
`"latest"`	Latest dist-tag

Most packages recommend the caret (^) range which allows non-breaking updates.

Common Mistakes

Uppercase in package name

npm names must be lowercase. MyPackage is invalid; my-package is correct.

Missing `type: "module"` for ESM

If you use ES module syntax (import/export) in .js files, you must set "type": "module". Without it, Node.js treats .js as CommonJS and throws a SyntaxError.

Putting devDependencies in dependencies

Test runners (Vitest, Jest), build tools (TypeScript, Vite, Rollup), and type definitions (@types/*) belong in devDependencies. They do not need to be shipped to production, and including them in dependencies inflates install size for consumers of your package.

Not setting `private: true` for applications

Applications are not meant to be published to npm. Always add "private": true to prevent accidental npm publish.

Wildcard `*` versions in published packages

Using "*" as a version range means “any version”, which can silently install a breaking major version during a fresh install months later. Pin your dependencies with ^ or ~ instead.

Frequently Asked Questions

Can I add peerDependencies with this tool? This generator covers the most common fields. For peerDependencies, optionalDependencies, engines, exports, bin, and workspaces, edit the generated JSON directly and add those fields manually.

Should I use a package-lock.json or pnpm-lock.yaml? Always commit your lock file. It ensures every developer and CI environment installs the exact same dependency tree. The package.json specifies allowed version ranges; the lock file pins exact resolved versions.

What is the difference between npm install and npm ci? npm install installs packages according to package.json ranges and updates the lock file if needed. npm ci installs exactly what the lock file specifies and fails if the lock file is out of sync — ideal for CI/CD pipelines.

How do I publish a package to npm? Run npm publish after logging in with npm login. The registry reads name, version, main, license, and files (or the default exclusion list) from your package.json. Remember to increment the version before each publish.

What is a scoped package? Scoped packages use the @scope/name format and are grouped under your npm username or organisation. They can be published as private (paid npm plan) or public (npm publish --access public). They are useful for monorepo workspaces and organisational namespacing.

Package.json Generator

Why This Generator (Not the NPM Package.json Generator)

What Is package.json?

How to Use This Tool

package.json Fields Explained

`name`

`version`

`description`

`main`

`type`

`private`

`license`

`author`

`repository`

`keywords`

`scripts`

`dependencies` vs `devDependencies`

Common Mistakes

Uppercase in package name

Missing `type: "module"` for ESM

Putting devDependencies in dependencies

Not setting `private: true` for applications

Wildcard `*` versions in published packages

Frequently Asked Questions

Related Tools

More Code & Config Generators

Package.json Generator

Why This Generator (Not the NPM Package.json Generator)

What Is package.json?

How to Use This Tool

package.json Fields Explained

name

version

description

main

type

private

license

author

repository

keywords

scripts

dependencies vs devDependencies

Common Mistakes

Uppercase in package name

Missing type: "module" for ESM

Putting devDependencies in dependencies

Not setting private: true for applications

Wildcard * versions in published packages

Frequently Asked Questions

Related Tools

More Code & Config Generators

`name`

`version`

`description`

`main`

`type`

`private`

`license`

`author`

`repository`

`keywords`

`scripts`

`dependencies` vs `devDependencies`

Missing `type: "module"` for ESM

Not setting `private: true` for applications

Wildcard `*` versions in published packages