node-rsa-pem-from-mod-exp icon indicating copy to clipboard operation
node-rsa-pem-from-mod-exp copied to clipboard

Published 20 hours ago verified publisher icon tracker1

Avoid publishing test files

Open agerard-godaddy opened this issue 1 year ago • 0 comments

This package showed up in a security scan due to the tokens in signature.tests.js. Ideally any test files are not published with the package to npm, which is what this PR aims to solve by setting the package.json files property (docs).

Before

> npm pack --dry-run                  
npm notice 
npm notice 📦  [email protected]
npm notice === Tarball Contents === 
npm notice 1.1kB LICENSE                
npm notice 1.6kB README.md              
npm notice 163B  index.d.ts             
npm notice 1.8kB index.js               
npm notice 684B  package.json           
npm notice 420B  test/index.tests.js    
npm notice 1.7kB test/input.json        
npm notice 5.2kB test/signature.tests.js

After

> npm pack --dry-run             
npm notice 
npm notice 📦  [email protected]
npm notice === Tarball Contents === 
npm notice 1.1kB LICENSE     
npm notice 1.6kB README.md   
npm notice 163B  index.d.ts  
npm notice 1.8kB index.js    
npm notice 735B  package.json

agerard-godaddy avatar Feb 21 '24 17:02 agerard-godaddy