dependency-check icon indicating copy to clipboard operation
dependency-check copied to clipboard

Published 20 hours ago verified publisher icon dependency-check-team

Handle NPM `files` and `.npmignore`

Open blakeembrey opened this issue 7 years ago • 2 comments

This recently come up, and has come up in the past with my own modules, but it would be cool if while traversing the dependency graph it checked the relative files against the files list inpackage.json and the .npmignore file. Somewhat related to https://github.com/maxogden/dependency-check/issues/25.

/cc @iarna what should we use the ensure we're replicating the behaviour of files and .npmignore correctly here?

blakeembrey avatar Apr 21 '17 14:04 blakeembrey

files and .npmignore behavior is surprisingly complicated and awful. 😭 The closest thing we have to comprehensive documentation is the files and ignores test that @zkat wrote the last time we had to touch it.

That test can probably be adapted to other projects by swapping out npm pack and tarball extract steps for your own behavior.

iarna avatar Apr 22 '17 03:04 iarna

There's also a wiki page about it that's a bit more human-consumable over at https://github.com/npm/npm/wiki/Files-and-Ignores

zkat avatar Apr 22 '17 04:04 zkat