Aha! Develop | Package.json file format

The package.json file is used by npm to define the dependencies of JavaScript code. Including the standard file format, Aha! Develop extensions require particular fields to be present and also add a proprietary section to define the extension's contributions.

Click any of the following links to skip ahead:

Required fields

  • name: A unique identifier for the extension. This identifier should take the form of your organization/extension-name according to the normal rules for naming npm packages.

  • description: A human-readable description of the extension.

  • version: A version string for the extension.

  • author:The author of the extension.

  • repository: Information about where to find the source code of the extension. Access to the source code is important to allow the person installing an extension to review what they are installing. The repository object must contain a type and url key.


Define contributions

The extension contributions are defined by a key named ahaExtension.contributes, such as:

  "ahaExtension": {
"contributes": {
"views": {
"links": {
"title": "GitHub links",
"entryPoint": "src/links.js",
"recordTypes": ["Feature", "Epic", "Requirement"]
"commands": {
"createBranch": {
"title": "GitHub: Create a branch",
"entryPoint": "src/createBranch.js"

Under the contributes key, there is a separate section for each type of contribution: views, commands, endpoints, settings, importers, and events. Each contribution then has a key for its identifier and a sub-object value defining the contribution. In the example above, there is a contribution with the identifier of links that defines a view contribution. It has the human-readable title of GitHub links. The shape of the contribution definition depends on the contribution type.


Define cspSources

Under ahaExtension , you can define cspSources , which accepts an array of HTTPS URIs. This allowlists external resource sources by adding them to the page's Content Security Policy (CSP). If you connect to an external API or load an external stylesheet or other resource, you will need a cspSources entry.

For example, to allow connections to Github's API:

"ahaExtension": {
"cspSources": ["https://api.github.com"],

cspSources can handle wildcards, e.g. to allow any subdomain of github.com:

"ahaExtension": {
"cspSources": ["https://*.github.com"],