publint icon indicating copy to clipboard operation
publint copied to clipboard

Published 20 hours ago verified publisher icon bluwy

Guard against publishing files that depend on local files

Open kwangure opened this issue 1 year ago • 1 comments

I usually use npm pack to test files locally . That has resulted in the tarball install path ending up in a published package before. It would be nice if Publint had a check guarding against packages installed from local files:

"dependencies": {
	"package": "file:../package-0.1.0.tgz"
}

kwangure avatar May 09 '23 21:05 kwangure

I probably need some time to think about this, as right now publint focuses on JS file syntax and exports. Expanding to dependencies checking could be nice as a "publish linter". I think it'll be clearer whether this make sense after implementing https://github.com/bluwy/publint/issues/13

bluwy avatar May 12 '23 04:05 bluwy