npm-packlist
Advanced tools
Comparing version 7.0.4 to 8.0.0
@@ -41,3 +41,8 @@ 'use strict' | ||
| const strictDefaults = [ | ||
| // these are forcibly included at all levels | ||
| // these are forcibly excluded | ||
| '/.git', | ||
| ] | ||
| const allLevels = [ | ||
| // these are included by default but can be excluded by package.json files array | ||
| '!/readme{,.*[^~$]}', | ||
@@ -47,6 +52,10 @@ '!/copying{,.*[^~$]}', | ||
| '!/licence{,.*[^~$]}', | ||
| // these are forcibly excluded | ||
| '/.git', | ||
| ] | ||
| const rootOnly = [ | ||
| /^!.*readme/i, | ||
| /^!.*copying/i, | ||
| /^!.*licen[sc]e/i, | ||
| ] | ||
| const normalizePath = (path) => path.split('\\').join('/') | ||
@@ -137,2 +146,3 @@ | ||
| ...strictDefaults, | ||
| ...allLevels, | ||
| ...this.requiredFiles.map((file) => `!${file}`), | ||
@@ -290,2 +300,3 @@ ]) | ||
| ...strictDefaults, | ||
| ...allLevels, | ||
| '!/package.json', | ||
@@ -311,2 +322,5 @@ '/.git', | ||
| const inverse = `!${file}` | ||
| this.excludeNonRoot(file) | ||
| try { | ||
@@ -360,2 +374,16 @@ // if an entry in the files array is a specific file, then we need to include it as a | ||
| // excludes non root files by checking if elements from the files array in | ||
| // package.json contain an ! and readme/license/licence/copying, and then | ||
| // removing readme/license/licence/copying accordingly from strict defaults | ||
| excludeNonRoot (file) { | ||
| // Find the pattern | ||
| const matchingPattern = rootOnly.find(regex => regex.test(file)) | ||
| if (matchingPattern) { | ||
| // Find which index matches the pattern and remove it from allLevels | ||
| const indexToRemove = allLevels.findIndex(element => matchingPattern.test(element)) | ||
| allLevels.splice(indexToRemove, 1) | ||
| } | ||
| } | ||
| // custom method: after we've finished gathering the files for the root package, we call this | ||
@@ -362,0 +390,0 @@ // before emitting the 'done' event in order to gather all of the files for bundled deps |
| { | ||
| "name": "npm-packlist", | ||
| "version": "7.0.4", | ||
| "version": "8.0.0", | ||
| "description": "Get a list of the files to add from a folder into an npm package", | ||
@@ -21,3 +21,3 @@ "directories": { | ||
| "@npmcli/eslint-config": "^4.0.0", | ||
| "@npmcli/template-oss": "4.10.0", | ||
| "@npmcli/template-oss": "4.18.0", | ||
| "mutate-fs": "^2.1.1", | ||
@@ -59,4 +59,5 @@ "tap": "^16.0.1" | ||
| "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", | ||
| "version": "4.10.0" | ||
| "version": "4.18.0", | ||
| "publish": true | ||
| } | ||
| } |
@@ -33,5 +33,7 @@ # npm-packlist | ||
| 1. If a `package.json` file is found, and it has a `files` list, | ||
| then ignore everything that isn't in `files`. Always include the | ||
| then ignore everything that isn't in `files`. Always include the root | ||
| readme, license, licence and copying files, if they exist, as well | ||
| as the package.json file itself. | ||
| as the package.json file itself. Non-root readme, license, licence and | ||
| copying files are included by default, but can be excluded using the | ||
| `files` list e.g. `"!readme"`. | ||
| 2. If there's no `package.json` file (or it has no `files` list), and | ||
@@ -38,0 +40,0 @@ there is a `.npmignore` file, then ignore all the files in the |
New alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by4.44%
23055
- Lines of code
- increased by5.49%
423
- Number of lines in readme file
- increased by1.87%
109
Worsened metrics
- Number of medium supply chain risk alerts
- increased byInfinity%
1