From ec62362104be24458ad06d085be5d58ea61f5aeb Mon Sep 17 00:00:00 2001 From: isaacs Date: Thu, 27 Jun 2019 16:15:58 -0700 Subject: [PATCH] npm-packlist@1.4.4 Never include /.git in the package. It creates packages that, once installed, can not be easily removed. Prevent .DS_Store files from being picked up if they are files rather than folders. (Note that a .DS_Store file in a specifically included dir _will_ still be included.) Don't bother walking node_modules in the root if no packages are bundled. (Saves thousands of lstat calls on npm publish in normal cases.) Sort package file lists in the tarball to optimize for gzip compression. --- node_modules/npm-packlist/index.js | 42 ++++++++++++++++++++------ node_modules/npm-packlist/package.json | 31 ++++++++++--------- package-lock.json | 6 ++-- package.json | 2 +- test/tap/pack-files-and-ignores.js | 2 +- test/tap/publish.js | 8 ++--- 6 files changed, 58 insertions(+), 33 deletions(-) diff --git a/node_modules/npm-packlist/index.js b/node_modules/npm-packlist/index.js index 777b58590d11e..8bfd257794f9e 100644 --- a/node_modules/npm-packlist/index.js +++ b/node_modules/npm-packlist/index.js @@ -34,6 +34,7 @@ const defaultRules = [ 'npm-debug.log', '**/.npmrc', '.*.swp', + '.DS_Store', '**/.DS_Store/**', '._*', '**/._*/**', @@ -90,6 +91,16 @@ const npmWalker = Class => class Walker extends Class { } } + onReaddir (entries) { + if (!this.parent) { + entries = entries.filter(e => + e !== '.git' && + !(e === 'node_modules' && this.bundled.length === 0) + ) + } + return super.onReaddir(entries) + } + filterEntry (entry, partial) { // get the partial path from the root of the walk const p = this.path.substr(this.root.length + 1) @@ -147,6 +158,14 @@ const npmWalker = Class => class Walker extends Class { // if there's a bin, browser or main, make sure we don't ignore it // also, don't ignore the package.json itself! + // + // Weird side-effect of this: a readme (etc) file will be included + // if it exists anywhere within a folder with a package.json file. + // The original intent was only to include these files in the root, + // but now users in the wild are dependent on that behavior for + // localized documentation and other use cases. Adding a `/` to + // these rules, while tempting and arguably more "correct", is a + // breaking change. const rules = [ pkg.browser ? '!' + pkg.browser : '', pkg.main ? '!' + pkg.main : '', @@ -234,15 +253,20 @@ const walkSync = options => { return walker.result } -// package.json first, node_modules last, files before folders, alphasort -const sort = (a, b) => - a === 'package.json' ? -1 - : b === 'package.json' ? 1 - : /^node_modules/.test(a) && !/^node_modules/.test(b) ? 1 - : /^node_modules/.test(b) && !/^node_modules/.test(a) ? -1 - : path.dirname(a) === '.' && path.dirname(b) !== '.' ? -1 - : path.dirname(b) === '.' && path.dirname(a) !== '.' ? 1 - : a.localeCompare(b) +// optimize for compressibility +// extname, then basename, then locale alphabetically +// https://twitter.com/isntitvacant/status/1131094910923231232 +const sort = (a, b) => { + const exta = path.extname(a).toLowerCase() + const extb = path.extname(b).toLowerCase() + const basea = path.basename(a).toLowerCase() + const baseb = path.basename(b).toLowerCase() + + return exta.localeCompare(extb) || + basea.localeCompare(baseb) || + a.localeCompare(b) +} + module.exports = walk walk.sync = walkSync diff --git a/node_modules/npm-packlist/package.json b/node_modules/npm-packlist/package.json index c5be026edaff9..d72eef9cae739 100644 --- a/node_modules/npm-packlist/package.json +++ b/node_modules/npm-packlist/package.json @@ -1,29 +1,29 @@ { - "_from": "npm-packlist@latest", - "_id": "npm-packlist@1.4.1", + "_from": "npm-packlist@^1.4.3", + "_id": "npm-packlist@1.4.4", "_inBundle": false, - "_integrity": "sha512-+TcdO7HJJ8peiiYhvPxsEDhF3PJFGUGRcFsGve3vxvxdcpO2Z4Z7rkosRM0kWj6LfbK/P0gu3dzk5RU1ffvFcw==", + "_integrity": "sha512-zTLo8UcVYtDU3gdeaFu2Xu0n0EvelfHDGuqtNIn5RO7yQj4H1TqNdBc/yZjxnWA0PVB8D3Woyp0i5B43JwQ6Vw==", "_location": "/npm-packlist", "_phantomChildren": {}, "_requested": { - "type": "tag", + "type": "range", "registry": true, - "raw": "npm-packlist@latest", + "raw": "npm-packlist@^1.4.3", "name": "npm-packlist", "escapedName": "npm-packlist", - "rawSpec": "latest", + "rawSpec": "^1.4.3", "saveSpec": null, - "fetchSpec": "latest" + "fetchSpec": "^1.4.3" }, "_requiredBy": [ "#USER", "/", "/pacote" ], - "_resolved": "https://registry.npmjs.org/npm-packlist/-/npm-packlist-1.4.1.tgz", - "_shasum": "19064cdf988da80ea3cee45533879d90192bbfbc", - "_spec": "npm-packlist@latest", - "_where": "/Users/zkat/Documents/code/work/npm", + "_resolved": "https://registry.npmjs.org/npm-packlist/-/npm-packlist-1.4.4.tgz", + "_shasum": "866224233850ac534b63d1a6e76050092b5d2f44", + "_spec": "npm-packlist@^1.4.3", + "_where": "/Users/isaacs/dev/npm/cli", "author": { "name": "Isaac Z. Schlueter", "email": "i@izs.me", @@ -42,7 +42,7 @@ "devDependencies": { "mkdirp": "^0.5.1", "rimraf": "^2.6.1", - "tap": "^12.0.1" + "tap": "^14.2.1" }, "directories": { "test": "test" @@ -59,10 +59,11 @@ "url": "git+https://github.com/npm/npm-packlist.git" }, "scripts": { - "postpublish": "git push origin --all; git push origin --tags", + "postpublish": "git push origin --follow-tags", "postversion": "npm publish", "preversion": "npm test", - "test": "tap test/*.js --100 -J" + "snap": "tap", + "test": "tap" }, - "version": "1.4.1" + "version": "1.4.4" } diff --git a/package-lock.json b/package-lock.json index 914b0652f6069..d0271bd92dbea 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3870,9 +3870,9 @@ } }, "npm-packlist": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/npm-packlist/-/npm-packlist-1.4.1.tgz", - "integrity": "sha512-+TcdO7HJJ8peiiYhvPxsEDhF3PJFGUGRcFsGve3vxvxdcpO2Z4Z7rkosRM0kWj6LfbK/P0gu3dzk5RU1ffvFcw==", + "version": "1.4.4", + "resolved": "https://registry.npmjs.org/npm-packlist/-/npm-packlist-1.4.4.tgz", + "integrity": "sha512-zTLo8UcVYtDU3gdeaFu2Xu0n0EvelfHDGuqtNIn5RO7yQj4H1TqNdBc/yZjxnWA0PVB8D3Woyp0i5B43JwQ6Vw==", "requires": { "ignore-walk": "^3.0.1", "npm-bundled": "^1.0.1" diff --git a/package.json b/package.json index acdeb22908e06..7c982bba945ba 100644 --- a/package.json +++ b/package.json @@ -96,7 +96,7 @@ "npm-install-checks": "~3.0.0", "npm-lifecycle": "^2.1.0", "npm-package-arg": "^6.1.0", - "npm-packlist": "^1.4.1", + "npm-packlist": "^1.4.4", "npm-pick-manifest": "^2.2.3", "npm-registry-fetch": "^3.9.0", "npm-user-validate": "~1.0.0", diff --git a/test/tap/pack-files-and-ignores.js b/test/tap/pack-files-and-ignores.js index 4ef41cea64ce8..4d9b97a32ad25 100644 --- a/test/tap/pack-files-and-ignores.js +++ b/test/tap/pack-files-and-ignores.js @@ -484,7 +484,7 @@ test('default-ignored files can be explicitly included', function (t) { }) ) withFixture(t, fixture, function (done) { - t.ok(fileExists('.git'), '.git included') + t.notOk(fileExists('.git'), '.git should never be included') t.ok(fileExists('.svn'), '.svn included') t.ok(fileExists('CVS'), 'CVS included') t.ok(fileExists('.hg'), '.hg included') diff --git a/test/tap/publish.js b/test/tap/publish.js index 39000faeac591..c507044433690 100644 --- a/test/tap/publish.js +++ b/test/tap/publish.js @@ -125,8 +125,8 @@ test('npm publish --json', (t) => { name: 'publish-organized', version: '1.2.5', files: [ - {path: 'package.json'}, - {path: 'index.js'} + {path: 'index.js'}, + {path: 'package.json'} ], entryCount: 2 }, 'JSON output reflects package contents') @@ -154,8 +154,8 @@ test('npm publish --dry-run --json', (t) => { name: 'publish-organized', version: '1.2.5', files: [ - {path: 'package.json'}, - {path: 'index.js'} + {path: 'index.js'}, + {path: 'package.json'} ], entryCount: 2 }, 'JSON output reflects package contents')