Only report packages with extraneous files - Githubissues

insin / package-config-checker

Checks if your dependencies have package.json files config or an .npmignore for packaging

MIT License

47 stars 3 forks source link

Only report packages with extraneous files #1

Open jfmengels opened 8 years ago

jfmengels commented 8 years ago

When listing the packages, I see that quite a few faulty ones (examples, all the lodash.XXX) do not have any extraneous dependencies files, yet no files setting or .npmignore.

Example: the content of node_modules/lodash.find is:

├── index.js
├── LICENSE
├── package.json
└── README.md

I suggest not reporting those as faulty by default, and to add an option to report those.

Thanks for the tool :)

insin commented 8 years ago

Agreed.

Seems like using "contains only files which match npm's default whitelist plus whatever's in package.json main" as an heuristic would cover avoiding false positives for the individual lodash modules and anything like them

jfmengels commented 8 years ago

Yes, that sounds pretty good to me.

The real problem will be with packages that have files or npmignore but that include unused files :D

insin commented 8 years ago

modclean has a bunch of different heuristics with different "safetly" levels which might be worth looking at.