Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

.DS_Store files show up after npm publish #440

Closed
darcyclarke opened this issue Nov 8, 2019 · 4 comments
Closed

.DS_Store files show up after npm publish #440

darcyclarke opened this issue Nov 8, 2019 · 4 comments
Labels
Bug thing that needs fixing

Comments

@darcyclarke
Copy link
Contributor 

  Original bug ticket: [https://npm.community/t/831](https://npm.community/t/831)
  Originally filed: 2018-07-23T20:19:41.160Z
@darcyclarke darcyclarke added Bug thing that needs fixing Community labels Nov 8, 2019
@aduth
Copy link

aduth commented Nov 9, 2019

I'm encountering this in npm 6.13.0 . pack will include files ignored by .gitignore and/or .npmignore if listed in files. It's most noticeable when those files are within a directory where other files in the directory are desired to be included.

One workaround that seems to work for me is adding "!.DS_Store" as the last entry in the files array (order appears to matter).

@ankon
Copy link
Contributor

ankon commented Nov 24, 2019

I'm thinking I'm seeing something similar since npm 6.12.1: My .gitignore specifies to exclude npm-shrinkwrap.json and the /build/ directory. package.json does list the build directory explicitly in the files section. As part of my build procedure I'm producing a npm-shrinkwrap.json in the module root directory, which then gets copied into the build directory.

With npm 6.4.1, ~6.7, ~6.9, ~6.10, ~6.11 and 6.12.0 the packaged file (from npm pack) only contains build/npm-shrinkwrap.json, but with 6.12.1 and later it includes both build/npm-shrinkwrap.json and npm-shrinkwrap.json.

(Community is down/read-only right now, if this not the same issue I would like to apologize!)

@ljharb
Copy link
Contributor

ljharb commented Nov 24, 2019

it seems strange to me to include a shrinkwrap file in any part of a published package, but it’d only have an effect in the root anyways - why does your build process put a copy there?

@ankon
Copy link
Contributor

ankon commented Nov 24, 2019
edited
Loading

That's certainly a good question.

I have it in the build/ directory as part of another build step that takes the build/ directory and creates a docker container image. The idea was to run npm test etc once outside docker, and then have the shrinkwrap file speed up the docker process (by letting the npm install inside docker pick up the exact same files). This would then also serve as documentation about what was used for building. The process simply copied the npm-shrinkwrap.json into the build directory.

Fix for me now is to use mv rather than cp to get the file into the build/ directory.

EDIT: Fix/Work-around for me works, but I'm a bit concerned that due to this change in behavior packages on the registries could inadvertently contain files that they shouldn't contain -- I found this by accident because of another part of my system checking for the presence of npm-shrinkwrap.json files.

@fisker fisker mentioned this issue Mar 8, 2020
Merged
mnater added a commit to mnater/Hyphenopoly that referenced this issue Mar 31, 2020
@mnater
fix: do not include .DS_Store in npm pack
682681b 
Problem:
.DS_Store files are included in directories that are explicitely
included in "files" (npm/cli#440)

Solution:
Add `"!.DS_Store"` at the end of the `"files"` array.

Notes:
[skip travis-ci]
@thboop thboop mentioned this issue Jun 4, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug thing that needs fixing
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ljharb @darcyclarke @ankon @aduth