Product
Introducing License Enforcement in Socket
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
comprehensive-npmignore
Advanced tools
Verify that everything is either explicitly excluded by npmignore or included by files array.
Tool that forces all files to be either explicitly included or excluded for npm publication.
Using an .npmignore file is more convenient than the "files" array, but it means you may accidentally publish sensitive data to npm. Using a "files" array is safer but means you may accidentally forget to add items, meaning you publish a broken package.
This tool enables a third option: it forces you to specify all files as either included or excluded. Any ambiguous files are shown so you can explicitly specify them.
Ignored files can either be specified in an ".npmignore" file or in an "npmignore": []
array in your "package.json"
The latter option allows everything to be specified in the same place and avoids an extra file.
Invoke as an executable:
comprehensive-npmignore
Call the validate
function, optionally passing the path of your project root. Throws an error on failure, so you can
easily add this to your test suite.
import {validate as validateNpmIgnore} from 'comprehensive-npmignore';
desribe('project trivia', () => {
it('avoid npmignore mistakes', () => {
validateNpmIgnore();
});
});
FAQs
Verify that everything is either explicitly excluded by npmignore or included by files array.
We found that comprehensive-npmignore demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
Product
We're launching a new set of license analysis and compliance features for analyzing, managing, and complying with licenses across a range of supported languages and ecosystems.
Product
We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.