-
Notifications
You must be signed in to change notification settings - Fork 239
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC: Expand list of ignored files #114
base: main
Are you sure you want to change the base?
RFC: Expand list of ignored files #114
Conversation
discussion started here: npm/npm-packlist#48 and the @npm/cli-team decided it would be nice to throw a proper RFC to discuss this a bit more with the community. |
5ee1fe0
to
14189d3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The real solution imo isn’t to exclude more files, it’s to allow publishers to create two lists: “everything” and “production” - and publish both tarballs, so that by default the smallest tarball installs, but it’s easy to opt in to installing the more complete one.
- `.idea/` (or other editors similar configs/store/etc) | ||
- `.travis.yml`, `.github/` (and/or more ci services) | ||
- `.yo-rc.json` template/boilerplate related files | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
.env
files would be another good addition.
Action items from the OpenRFC call:
|
It would be awesome if folks can contribute to this by suggesting files that they notice have high potential to be harmful if published by mistake to the registry 😊 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM pending the one comment
What about also ignoring |
from @bnb in OpenRFC call:
|
- `.editorconfig` common plugins | ||
- `.gitattributes` and/or more git things | ||
- `.idea/` (or other editors similar configs/store/etc) | ||
- `.travis.yml`, `.github/` (and/or more ci services) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FWIW, removing .travis.yml
/ .github/workflow/*.yml
files would be a breaking change for some packages that use the CI configuration in order to provide users with useful messaging about supported platforms (where the supported platforms are defined as platforms that are under test).
An example would be this code in ember-cli, which is used to emit warnings like:
Node ${process.version} is no longer supported by Ember CLI. We recommend that you use the most-recent "Active LTS" version of Node.js. See https://git.io/v7S5n for details.
Or:
Node ${process.version} is not tested against Ember CLI on your platform. We recommend that you use the most-recent "Active LTS" version of Node.js. See https://git.io/v7S5n for details.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wow, TIL people do this.
altho in this case, https://github.com/ember-cli/ember-cli/blob/v3.18.0/.npmignore#L18 would ensure ember-cli is not broken by this change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wow, TIL people do this.
Ya, our goal was to ensure we could use a single source of truth for this guidance. We could remove it I suppose, but it has come in helpful for things like new Node releases that are untested with their release.
altho in this case, ember-cli/[email protected]/.npmignore#L18 would ensure ember-cli is not broken by this change.
Ya, good point. As long as the .npmignore
"wins" (including negation) this won't be an issue. Thank you for looking at that!
|
||
## Implementation | ||
|
||
Add some more entries to the already existing [list of ignored files in packlist](https://github.com/npm/npm-packlist/blob/master/index.js#L38) and make sure we have tests asserting it behaves the way we intend. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add some more entries to the already existing [list of ignored files in packlist](https://github.com/npm/npm-packlist/blob/master/index.js#L38) and make sure we have tests asserting it behaves the way we intend. | |
Add some more entries to the already existing [list of ignored files in packlist](https://github.com/npm/npm-packlist/blob/main/index.js#L38) and make sure we have tests asserting it behaves the way we intend. |
|
||
## Detailed Explanation | ||
|
||
Expand the current list of ignored files to also ignore by default: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do the items listed here mean e.g. /.editorconfig
or **/.editorconfig
? The latter could cause breakage in generators / initializers that have template files in subdirectories, for example https://github.com/pkgjs/create/tree/main/templates
Is there any incentive to move forward with this? I was shocked to find how many dependabot and workflow files I had in various repos today. Yarn already excludes |
Please do not include |
TLDR; Expand the default list of files that should not end up in published tarball.
See RFC