search

rollup / rollup-starter-lib

Bare-bones example of how to create a library using Rollup
MIT License
961 stars 230 forks source link

chore(package): use absolute path for files #34

Closed Justkant closed 5 years ago

Justkant commented 5 years ago

Avoid matching subfolders with the same name (in case this happens)

Note that you want to prefix all the elements of files with “/”. Otherwise, if you had a directory “test/lib” that would be included as well. Not really a security concern generally, but it helps keep things clean.

link

eventualbuddha commented 5 years ago

This is not the behavior I see with npm:

// package.json
{
  "name": "test-pkg",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "files": [
    "lib"
  ],
  "author": "",
  "license": "ISC"
}
❯ tree
.
├── lib
│   └── a.js
├── package.json
└── test
    └── lib
        └── b.js

3 directories, 3 files
❯ npm pack
npm notice
npm notice 📦  test-pkg@1.0.0
npm notice === Tarball Contents ===
npm notice 232B package.json
npm notice 0    lib/a.js
npm notice === Tarball Details ===
npm notice name:          test-pkg
npm notice version:       1.0.0
npm notice filename:      test-pkg-1.0.0.tgz
npm notice package size:  284 B
npm notice unpacked size: 232 B
npm notice shasum:        b1e0a24db92c0ee58a0de11b7be3a9194d1f338b
npm notice integrity:     sha512-YBWbx6TglT3lj[...]PjV3jEFVwi4ow==
npm notice total files:   2
npm notice
test-pkg-1.0.0.tgz

Feel free to comment if I've missed something.

Justkant commented 5 years ago

My bad on this, did not actually test the claim of the blogpost. Thanks for testing.