comprehensive-npmignore
Advanced tools
Verify that everything is either explicitly excluded by npmignore or included by files array.
Readme
Tool that forces all files to be either explicitly included or excluded for npm publication.
Using an .npmignore file is more convenient than the "files" array, but it means you may accidentally publish sensitive data to npm. Using a "files" array is safer but means you may accidentally forget to add items, meaning you publish a broken package.
This tool enables a third option: it forces you to specify all files as either included or excluded. Any ambiguous files are shown so you can explicitly specify them.
Ignored files can either be specified in an ".npmignore" file or in an "npmignore": [] array in your "package.json"
The latter option allows everything to be specified in the same place and avoids an extra file.
Invoke as an executable:
comprehensive-npmignore
Call the validate function, optionally passing the path of your project root. Throws an error on failure, so you can
easily add this to your test suite.
import {validate as validateNpmIgnore} from 'comprehensive-npmignore';
desribe('project trivia', () => {
it('avoid npmignore mistakes', () => {
validateNpmIgnore();
});
});
FAQs
Verify that everything is either explicitly excluded by npmignore or included by files array.
The npm package comprehensive-npmignore receives a total of 0 weekly downloads. As such, comprehensive-npmignore popularity was classified as not popular.
We found that comprehensive-npmignore demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Git dependencies in open source packages can introduce significant risks, including lack of version control, stability issues, dependency drift, and difficulty in auditing, making them potential targets for supply chain attacks.
Security News
Node.js has added experimental support for TypeScript, a move that highlights the growing importance of TypeScript in modern development.
Product
Check out what's new at Socket with our Product Changelog. It tracks all public-facing updates, improvements, and fixes so you can take full advantage of our features.