3.0.1 has .DS_Store inside

[paulmillr]

node_modules/braces
node_modules/braces/LICENSE
node_modules/braces/CHANGELOG.md
node_modules/braces/index.js
node_modules/braces/README.md
node_modules/braces/package.json
node_modules/braces/lib
node_modules/braces/lib/constants.js
node_modules/braces/lib/stringify.js
node_modules/braces/lib/.DS_Store
node_modules/braces/lib/parse.js
node_modules/braces/lib/expand.js
node_modules/braces/lib/utils.js
node_modules/braces/lib/compile.js

[jonschlinkert]

Are you sure it's not on your machine? .DS_Store is ignored in .gitignore.

[paulmillr]

Positive. Download https://registry.npmjs.org/braces/-/braces-3.0.1.tgz and check it by yourself, it's there.

[paulmillr]

I think what happened here is it got gitignored but not npmignored.

[paulmillr]

(No need to publish 3.0.2 — let's just add some constraints for the future release)

[jonschlinkert]

I think what happened here is it got gitignored but not npmignored.

It's more likely that it was either committed by me when the project was initialized, and for some reason, there wasn't a .gitignore yet, or something like that.

edit: also, NPM won't include project files that aren't specified. You only need to ignore patterns that override inclusive patterns. See the NPM docs on this.

let's just add some constraints for the future release)

I'm not sure what those constraints would be. This is a fluke, I've never seen this in one of my projects in thousands of commits over the past 5 years. I'm still not convinced that it's from me, but I'll track it down.

[jonschlinkert]

Positive. Download https://registry.npmjs.org/braces/-/braces-3.0.1.tgz and check it by yourself, it's there.

It's not there for me, and I have all dotfiles visible on my system.

[paulmillr]

.DS_Store is hidden by MacOS, use ls -la:

test ❯ wget https://registry.npmjs.org/braces/-/braces-3.0.1.tgz
2019-04-16 22:23:43 (14.8 MB/s) - ‘braces-3.0.1.tgz’ saved [15971/15971]

test ❯ tar -xvzf braces-3.0.1.tgz 
x package/package.json
x package/CHANGELOG.md
x package/index.js
x package/LICENSE
x package/README.md
x package/lib/.DS_Store
x package/lib/compile.js
x package/lib/constants.js
x package/lib/expand.js
x package/lib/parse.js
x package/lib/stringify.js
x package/lib/utils.js
test ❯ ls -la package/lib 
total 72
drwxr-xr-x  9 user  staff   288 Apr 16 22:24 .
drwxr-xr-x  8 user  staff   256 Apr 16 22:24 ..
-rw-r--r--  1 user  staff  6148 Oct 26  1985 .DS_Store
-rw-r--r--  1 user  staff  1415 Oct 26  1985 compile.js
-rw-r--r--  1 user  staff  1593 Oct 26  1985 constants.js
-rw-r--r--  1 user  staff  2780 Oct 26  1985 expand.js
-rw-r--r--  1 user  staff  6913 Oct 26  1985 parse.js
-rw-r--r--  1 user  staff   700 Oct 26  1985 stringify.js
-rw-r--r--  1 user  staff  2451 Oct 26  1985 utils.js

[doowb]

I see it also.

(No need to publish 3.0.2 — let's just add some constraints for the future release)

There is already a constraint in place using the files property in package.json. According to the NPM docs .DS_Store is always excluded, so this is bug with NPM.

I can publish a patch to ensure it gets removed.

[jonschlinkert]

sorry for being an idiot. @doowb saves the day!

[doowb]

Fixes on NPM in version 3.0.2. I'll also check NPM's issue tracker to open a ticket if one isn't already opened.