new: no-private-api

[aladdin-add]

it's not a good practice to use non-public api. it would be nice to have a rule warns its usage.

// invalid
var foo = require('foo/bar.js');

// valid
var foo = require('foo');

/* eslint no-private-api: ["error", exceptions: ["foo/bar.js"]]
var foo = require('foo/bar.js');

• a better rule name?
• exceptions defaults to ["*/dist"]?

[mysticatea]

Thank you for this proposal.

Hmm. I understand what you want to check. However, all internal files of packages are not private. I think that we cannot distinguish which files are private. For example, lodash has many public files in the package.

[aladdin-add]

I think that we cannot distinguish which files are private. For example, lodash has many public files in the package.

maybe a better rule name. I agreed it's not 100% reasonable, that's why we need the option: excepitons. I bring this up since I've seen quite a few cases. e.g: https://github.com/gajus/eslint-plugin-jsdoc/issues/251

[mysticatea]

OK. After re-thought, I'm fine to add the rule. Maybe the rule name is no-deep-import-path (I take the name from https://2ality.com/2019/04/nodejs-esm-impl.html#categories-of-module-specifiers). And it has the ignores option that has glob patterns. The default value of the ignores option is empty.