Cli: .DS_Store files show up after npm publish

Created on 8 Nov 2019  路  4Comments  路  Source: npm/cli 
  Original bug ticket: [https://npm.community/t/831](https://npm.community/t/831)
  Originally filed: 2018-07-23T20:19:41.160Z
Bug Community
Source
picture darcyclarke
👍3

Most helpful comment

I'm encountering this in npm 6.13.0 . pack will include files ignored by .gitignore and/or .npmignore if listed in files. It's most noticeable when those files are within a directory where other files in the directory are desired to be included.

One workaround that seems to work for me is adding "!.DS_Store" as the last entry in the files array (order appears to matter).

picture aduth on 9 Nov 2019
2

All 4 comments

I'm encountering this in npm 6.13.0 . pack will include files ignored by .gitignore and/or .npmignore if listed in files. It's most noticeable when those files are within a directory where other files in the directory are desired to be included.

One workaround that seems to work for me is adding "!.DS_Store" as the last entry in the files array (order appears to matter).

aduth picture aduth on 9 Nov 2019
2

I'm thinking I'm seeing something similar since npm 6.12.1: My .gitignore specifies to exclude npm-shrinkwrap.json and the /build/ directory. package.json does list the build directory explicitly in the files section. As part of my build procedure I'm producing a npm-shrinkwrap.json in the module root directory, which then gets copied into the build directory.

With npm 6.4.1, ~6.7, ~6.9, ~6.10, ~6.11 and 6.12.0 the packaged file (from npm pack) only contains build/npm-shrinkwrap.json, but with 6.12.1 and later it includes both build/npm-shrinkwrap.json _and_ npm-shrinkwrap.json.

(Community is down/read-only right now, if this not the same issue I would like to apologize!)

ankon picture ankon on 24 Nov 2019

it seems strange to me to include a shrinkwrap file in any part of a published package, but it鈥檇 only have an effect in the root anyways - why does your build process put a copy there?

ljharb picture ljharb on 24 Nov 2019

That's certainly a good question.

I have it in the build/ directory as part of another build step that takes the build/ directory and creates a docker container image. The idea was to run npm test etc once outside docker, and then have the shrinkwrap file speed up the docker process (by letting the npm install inside docker pick up the exact same files). This would then also serve as documentation about what was used for building. The process simply copied the npm-shrinkwrap.json into the build directory.

Fix for me now is to use mv rather than cp to get the file into the build/ directory.

EDIT: Fix/Work-around for me works, but I'm a bit concerned that due to this change in behavior packages on the registries could inadvertently contain files that they shouldn't contain -- I found this by accident because of another part of my system checking for the presence of npm-shrinkwrap.json files.

ankon picture ankon on 24 Nov 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

zypA13510 picture zypA13510  路  4Comments
FaizenR picture FaizenR  路  3Comments
jaydenseric picture jaydenseric  路  3Comments
ahuglajbclajep picture ahuglajbclajep  路  3Comments
chrisspen picture chrisspen  路  3Comments