Tootfinder

Santa #Python came super early in 2026!
With build 1.4.0, it is now possible to easily dump effective package metadata!
So getting the version of a package in the current directory is now as easy as `pipx run build --metadata 2>/dev/null | jq -r .version`.
This is NOT like parsing pyproject.toml or whatever. It builds the package and looks at the result. So it works even with…

Release 1.4.0 · pypa/build
Add --quiet flag (PR #947) Add option to dump PEP 517 metadata with --metadata (PR #940, PR #943) Support UV environment variable (PR #971) Remove a workaround for 3.14b1 (PR #960) In 3.14 final re...

Node.js devs, so picture this: you run `npm install` and you get a bunch of packages with audit errors.
The only thing I want to know at that point is what’s the root package that these dependencies belong to? (Running npm audit fix is a last resort as I don’t like it fiddling around with the dependencies of nested packages.)
It’s also not a straightforward thing to do, but it’s nothing jq and a bit of piping can’t fix:
```bash
npm audit --json | jq -r '.vulnerabil…