Skip to main content
meow treats package.json as the authority for dependencies, scripts, and project metadata. It’s a standard npm manifest — meow reads the fields below and only ever writes the dependency sections, on explicit add / remove / install <pkg> actions. Your scripts and metadata are never rewritten.

Fields meow reads

package.json
{
  "name": "my-app",
  "version": "0.1.0",
  "private": true,
  "type": "module",
  "dependencies": {
    "zod": "^3.23.0"
  },
  "devDependencies": {
    "typescript": "^5.8.0"
  },
  "peerDependencies": {
    "react": "^19.0.0"
  },
  "overrides": {
    "vite": "^7"
  },
  "scripts": {
    "dev": "meow run main.ts",
    "build": "meow run build.ts"
  },
  "workspaces": ["apps/*", "packages/*"]
}
FieldHow meow uses it
dependencies / devDependenciesThe direct dependencies meow resolves and installs.
peerDependenciesRead for resolution context.
overridesForce a specific version for a (possibly transitive) package during resolve.
scriptsRunnable via meow run <name> / meow dev / meow task, with pre/post hooks.
workspacesMonorepo package globs — either ["apps/*"] or { "packages": [...], "nohoist": [...] }.
name / versionProject metadata.
type: "module" is recommended (and what meow init writes). meow runs ESM natively; CommonJS interop still works in node-compat mode.

Dependency specifiers

The version strings follow npm semantics — see the full table in version specifiers. In short:
{
  "dependencies": {
    "exact": "1.2.3",                       // exactly 1.2.3
    "caret": "^1.2.3",                      // >=1.2.3 <2.0.0
    "partial": "1.2",                       // >=1.2.0 <1.3.0
    "tag": "latest",                        // a dist-tag
    "aliased": "npm:@scope/real-pkg@^2"     // install another package under this name
  }
}

How meow edits it

meow add zod              # inserts/updates "zod" in dependencies
meow add -D vitest        # inserts/updates "vitest" in devDependencies
meow remove zod           # removes "zod" (by name — no version)
After editing the manifest, meow runs a normal install so meow.lock.jsonl stays in sync.
If the same package appears in both dependencies and devDependencies with different specifiers, meow reports a conflict rather than silently picking one:
dependency react is declared in both dependencies and devDependencies
with different specifiers (^18.0.0 vs ^19.0.0)
Keep a package in one section, or make the specifiers match.

Compatibility marker

Some framework detectors look for a package-lock.json. meow can write a minimal marker (flagged meowCompatibilityLockfile) without ceding authority — your meow.lock.jsonl stays the source of truth:
meow install --compat-lockfile

The lockfile

How package.json resolves into meow.lock.jsonl.