When your package is installed by other users, your entire git package is installed with it and not just your distribution file. In node_modules, your package is installed like this by default:
Why?
I see that you are using a distribution build which is one step in the right direction to compatibility and good distribution practice. What you are missing is the minimalistic approach. When running npm publish, the npm pack command runs first. The pack command looks first for a files key entry in package.json, then a .npmignore, then defaults to .gitignore and uses this specification to determine which files to include before uploading to npmjs.com. Your package only requires 3 dependencies which will be installed automatically based on package.json and then of course your babel compiled dist file so that should be the only few that are installed (ignoring LICENSE or other npm publish specific files, see here). Your new installation will look like this:
node_modules may or may not exist depending on how npm runs installation and if there are other packages that use the same dependency (if so it will be hoisted).
Bug Report
Problem
When your package is installed by other users, your entire git package is installed with it and not just your distribution file. In node_modules, your package is installed like this by default:
Why? I see that you are using a distribution build which is one step in the right direction to compatibility and good distribution practice. What you are missing is the minimalistic approach. When running
npm publish
, thenpm pack
command runs first. The pack command looks first for a files key entry inpackage.json
, then a.npmignore
, then defaults to.gitignore
and uses this specification to determine which files to include before uploading to npmjs.com. Your package only requires 3 dependencies which will be installed automatically based onpackage.json
and then of course your babel compiled dist file so that should be the only few that are installed (ignoring LICENSE or other npm publish specific files, see here). Your new installation will look like this:node_modules
may or may not exist depending on how npm runs installation and if there are other packages that use the same dependency (if so it will be hoisted).You can review my repository if you would like to see an example. @codejedi365/gitlab-npm-audit-parser
Fix