You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The reason will be displayed to describe this comment to others. Learn more.
Was just a suggestion, @steilerDev! In my experience it is very easy to accidentally add new folders/files that are not needed for the package. For example generated temp files or some other files that might even be git ignored.
in the best case it might just be package bloat, in the worst case you might leak passwords or tokens.
a0fb08fThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@steilerDev There is also the alternative of
files[]: https://docs.npmjs.com/cli/v6/configuring-npm/package-json#files in package.json which is an allow-list rather than a deny-list.a0fb08fThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would that be preferable? 🤔
I'd put in
files: [ 'bin/**/*' ], right?a0fb08fThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah that is cleaner - now part of
1.2.0-beta.3- thanks for the feedback!a0fb08fThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was just a suggestion, @steilerDev! In my experience it is very easy to accidentally add new folders/files that are not needed for the package. For example generated temp files or some other files that might even be git ignored.
in the best case it might just be package bloat, in the worst case you might leak passwords or tokens.
a0fb08fThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can see the appeal - this is my first "real" node project - always looking for best practices :)