Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Could npm pack evaluate .npmignore of bundledDependencies? #718

Closed
haxtibal opened this issue Jan 22, 2020 · 2 comments · May be fixed by Iceymann18777/cli#1, LadyK-21/cli#3, jackromo888/cli-1#1 or jackromo888/cli-1#6
Closed

[FEATURE] Could npm pack evaluate .npmignore of bundledDependencies? #718

haxtibal opened this issue Jan 22, 2020 · 2 comments · May be fixed by Iceymann18777/cli#1, LadyK-21/cli#3, jackromo888/cli-1#1 or jackromo888/cli-1#6
Labels
Enhancement new feature or improvement

Comments

@haxtibal
Copy link

Currently it doesn't. The complete node_modules/<bundled_pkg> directory as it appears after npm install is packed without filtering. Files not required at runtime are packed too, leading to unnecessary big tarballs.

There are at least two scenarios where matching ignore rules of bundledDependencies would IMO make sense:

  • If you depend on native addons that get compiled locally: Intermediate build artifacts (*.o, stripped debug symbols, ...) are created during compilation and are currently packed. Those are not needed in production, and would usually be filtered if the .npmignore of the native addon would be considered.
  • If you bundle git/file dependencies: They're basically npm installed in their "unpublished state". npm publish hasn't already been run for them and .npmignore hasn't been applied yet. Any kind of production-unrelated files like tests, non-js, non-node stuff may be there and is currently packed. That stuff is not needed in production, and would usually be filtered if the .npmignore of the git/file dependency would be considered.

Background: I'm using npm pack + bundledDependencies to generate self-contained tarballs for deployment where size matters and build/deploy/runtime dependency on "the internet" is mostly a no no. There's even more I'd like to filter out, like *.c/*.h and dead JS code, but obviously .npmignore will never help there. pkg and webpack seem to approach the latter case, but I read about pitfalls when it comes to native addons, so I think they're not the right tool either?
@darcyclarke darcyclarke added the Enhancement new feature or improvement label Oct 30, 2020
@romangr
Copy link

romangr commented Apr 26, 2021

Good point.
I work with monorepo and I'd like to use file:... dependencies without publishing it because it's simply one of the benefits of using monorepo approach. But now I need to use some workarounds to bundle my dependencies correctly.

@romangr romangr mentioned this issue Apr 26, 2021
Closed
@darcyclarke
Copy link
Contributor

npm v6 is no longer in active development; We will continue to push security releases to v6 at our team's discretion as-per our Support Policy.

If your bug is preproducible on v7, please re-file this issue using our new issue template.

If your issue was a feature request, please consider opening a new RRFC or RFC. If your issue was a question or other idea that was not CLI-specific, consider opening a discussion on our feedback repo

Closing: This is an automated message.

@snyk-bot snyk-bot mentioned this issue Feb 12, 2022
Open
@snyk-bot snyk-bot mentioned this issue Jun 21, 2022
Open
@snyk-bot snyk-bot mentioned this issue Apr 19, 2023
Open
@jackromo888 jackromo888 mentioned this issue Jul 7, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement new feature or improvement
Projects
None yet
Milestone
No milestone
3 participants
@darcyclarke @romangr @haxtibal