@fast-check/packaged
Advanced tools
Utility package removing any files that will not be part of the final bundle
@fast-check/packagedUtility package removing any files that will not be part of the final bundle published to npm registry
When publishing packages to npm registry, it is quite easy to forget about some files. It also happens many times that we want somehow to check the packaged bundle in some of our tests but totally forget that some files have not been added to the bundle and so that the final user will actually never be able to run this code.
This package mostly try to prevent this issue. It can easily be used in monorepos to emulate the bundled package when used against other packages of the monorepo to make sure others do not depend on internals or non published stuff.
Run the following command at the root of your package to drop any file that will not make it in the final bundle published to npm.
# With npm
npx -p @fast-check/packaged packaged
# With yarn
yarn dlx -p @fast-check/packaged packaged
⚠️ You may want to try with --dry-run flag first to give it a try.
It also comes with some extra flags:
--dry-run: do not drop any file or directory from the file system and only print what would have been removed--keep-node-modules: keep the node_modules directory if any at the root of the directoryimport { computePublishedFiles, removeNonPublishedFiles } from '@fast-check/packaged';
// Compute the list of all files that would be part of the bundle
// if we attempted to publish the packge defined at .
const publishedFilesRoot = await computePublishedFiles('.');
// Compute the list of all files that would be part of the bundle
// if we attempted to publish the packge defined at ./sub-directory
const publishedFilesSubDirectory = await computePublishedFiles('./sub-directory');
// Run the deletion of unwanted files
const { kept, removed } = await removeNonPublishedFiles('.', { dryRun: false, keepNodeModules: false });
// kept and removed are arrays of strings
// they may contain files or directories
| @fast-check/packaged | node |
|---|---|
| 0.2.x | ≥16.14.0(3) |
| 0.1.x | ≥16.14.0(2) |
| 0.0.x | ≥14.17.0(1) |
pacote@^15.0.0 internally, we have to align with its requirements: ^14.17.0 || ^16.13.0 || >=18.0.0.pacote@^17.0.0: ^16.14.0 || >=18.0.0.pacote@^17.0.0 which is one of the dependencies of @npmcli/arborist.FAQs
Utility package removing any files that will not be part of the final bundle
We found that @fast-check/packaged demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Security News
Research
A malicious npm campaign is targeting Ethereum developers by impersonating Hardhat plugins and the Nomic Foundation, stealing sensitive data like private keys.