dependency-check
dependency-check copied to clipboard
Handle NPM `files` and `.npmignore`
This recently come up, and has come up in the past with my own modules, but it would be cool if while traversing the dependency graph it checked the relative files against the files
list inpackage.json
and the .npmignore
file. Somewhat related to https://github.com/maxogden/dependency-check/issues/25.
/cc @iarna what should we use the ensure we're replicating the behaviour of files
and .npmignore
correctly here?
files
and .npmignore
behavior is surprisingly complicated and awful. 😭 The closest thing we have to comprehensive documentation is the files and ignores test that @zkat wrote the last time we had to touch it.
That test can probably be adapted to other projects by swapping out npm pack
and tarball extract steps for your own behavior.
There's also a wiki page about it that's a bit more human-consumable over at https://github.com/npm/npm/wiki/Files-and-Ignores