Socket
Socket
Sign inDemoInstall

comprehensive-npmignore

Package Overview
Dependencies
17
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

    comprehensive-npmignore

Verify that everything is either explicitly excluded by npmignore or included by files array.


Version published
Maintainers
1
Install size
279 kB
Created

Readme

Source

Tool that forces all files to be either explicitly included or excluded for npm publication.

Why?

Using an .npmignore file is more convenient than the "files" array, but it means you may accidentally publish sensitive data to npm. Using a "files" array is safer but means you may accidentally forget to add items, meaning you publish a broken package.

This tool enables a third option: it forces you to specify all files as either included or excluded. Any ambiguous files are shown so you can explicitly specify them.

Usage

Ignored files can either be specified in an ".npmignore" file or in an "npmignore": [] array in your "package.json" The latter option allows everything to be specified in the same place and avoids an extra file.

CLI

Invoke as an executable:

comprehensive-npmignore

JavaScript

Call the validate function, optionally passing the path of your project root. Throws an error on failure, so you can easily add this to your test suite.

import {validate as validateNpmIgnore} from 'comprehensive-npmignore';
desribe('project trivia', () => {
    it('avoid npmignore mistakes', () => {
        validateNpmIgnore();
    });
});

FAQs

Last updated on 26 Jan 2019

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc