Recently we ran into some security issues in another package because npm publish will tar any files in the project directory, even the ones that are git ignored. Since this wasn't clear until npm@6, we didn't notice that random local files were being uploaded into the package.
On top of security, this would decrease the package size significantly, which is a big win.
Requirements
[x] I've read and understood the Contributing guidelines and have done my best effort to follow them.
Description
Recently we ran into some security issues in another package because
npm publish
will tar any files in the project directory, even the ones that are git ignored. Since this wasn't clear until npm@6, we didn't notice that random local files were being uploaded into the package.On top of security, this would decrease the package size significantly, which is a big win.
Requirements