npm-packlist
Advanced tools
Comparing version 7.0.4 to 8.0.0
@@ -41,3 +41,8 @@ 'use strict' | ||
const strictDefaults = [ | ||
// these are forcibly included at all levels | ||
// these are forcibly excluded | ||
'/.git', | ||
] | ||
const allLevels = [ | ||
// these are included by default but can be excluded by package.json files array | ||
'!/readme{,.*[^~$]}', | ||
@@ -47,6 +52,10 @@ '!/copying{,.*[^~$]}', | ||
'!/licence{,.*[^~$]}', | ||
// these are forcibly excluded | ||
'/.git', | ||
] | ||
const rootOnly = [ | ||
/^!.*readme/i, | ||
/^!.*copying/i, | ||
/^!.*licen[sc]e/i, | ||
] | ||
const normalizePath = (path) => path.split('\\').join('/') | ||
@@ -137,2 +146,3 @@ | ||
...strictDefaults, | ||
...allLevels, | ||
...this.requiredFiles.map((file) => `!${file}`), | ||
@@ -290,2 +300,3 @@ ]) | ||
...strictDefaults, | ||
...allLevels, | ||
'!/package.json', | ||
@@ -311,2 +322,5 @@ '/.git', | ||
const inverse = `!${file}` | ||
this.excludeNonRoot(file) | ||
try { | ||
@@ -360,2 +374,16 @@ // if an entry in the files array is a specific file, then we need to include it as a | ||
// excludes non root files by checking if elements from the files array in | ||
// package.json contain an ! and readme/license/licence/copying, and then | ||
// removing readme/license/licence/copying accordingly from strict defaults | ||
excludeNonRoot (file) { | ||
// Find the pattern | ||
const matchingPattern = rootOnly.find(regex => regex.test(file)) | ||
if (matchingPattern) { | ||
// Find which index matches the pattern and remove it from allLevels | ||
const indexToRemove = allLevels.findIndex(element => matchingPattern.test(element)) | ||
allLevels.splice(indexToRemove, 1) | ||
} | ||
} | ||
// custom method: after we've finished gathering the files for the root package, we call this | ||
@@ -362,0 +390,0 @@ // before emitting the 'done' event in order to gather all of the files for bundled deps |
{ | ||
"name": "npm-packlist", | ||
"version": "7.0.4", | ||
"version": "8.0.0", | ||
"description": "Get a list of the files to add from a folder into an npm package", | ||
@@ -21,3 +21,3 @@ "directories": { | ||
"@npmcli/eslint-config": "^4.0.0", | ||
"@npmcli/template-oss": "4.10.0", | ||
"@npmcli/template-oss": "4.18.0", | ||
"mutate-fs": "^2.1.1", | ||
@@ -59,4 +59,5 @@ "tap": "^16.0.1" | ||
"//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", | ||
"version": "4.10.0" | ||
"version": "4.18.0", | ||
"publish": true | ||
} | ||
} |
@@ -33,5 +33,7 @@ # npm-packlist | ||
1. If a `package.json` file is found, and it has a `files` list, | ||
then ignore everything that isn't in `files`. Always include the | ||
then ignore everything that isn't in `files`. Always include the root | ||
readme, license, licence and copying files, if they exist, as well | ||
as the package.json file itself. | ||
as the package.json file itself. Non-root readme, license, licence and | ||
copying files are included by default, but can be excluded using the | ||
`files` list e.g. `"!readme"`. | ||
2. If there's no `package.json` file (or it has no `files` list), and | ||
@@ -38,0 +40,0 @@ there is a `.npmignore` file, then ignore all the files in the |
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
23055
423
109
1