package-config-checker Only report packages with extraneous files

Only report packages with extraneous files

Open jfmengels opened this issue 8 years ago • 3 comments

When listing the packages, I see that quite a few faulty ones (examples, all the lodash.XXX) do not have any extraneous dependencies files, yet no files setting or .npmignore.

Example: the content of node_modules/lodash.find is:

├── index.js
├── LICENSE
├── package.json
└── README.md

I suggest not reporting those as faulty by default, and to add an option to report those.

Thanks for the tool :)

May 04 '16 14:05 jfmengels

Agreed.

Seems like using "contains only files which match npm's default whitelist plus whatever's in package.json main" as an heuristic would cover avoiding false positives for the individual lodash modules and anything like them

May 04 '16 15:05 insin

Yes, that sounds pretty good to me.

The real problem will be with packages that have files or npmignore but that include unused files :D

May 04 '16 15:05 jfmengels

modclean has a bunch of different heuristics with different "safetly" levels which might be worth looking at.

May 04 '16 15:05 insin

package-config-checker package-config-checker copied to clipboard

Only report packages with extraneous files

package-config-checker
package-config-checker copied to clipboard