Comments (6)
Thanks for taking a closer look. Cheers!
from pacote.
I understand your use case, and it's valid, but since .gitignore
files are relevant in the context of npm package creation, and dropping a .gitignore
file into an installed node_modules
folder can cause serious problems, we really can't change this too easily. Ultimately, the use cases involved with "publishing and installing packages" take priority over anything else, as far as npm is concerned.
I'd recommend that your template kit uses a filename like template.gitignore
, and move it into place when it's unpacked. Or, pack up your template in a tarball or some other kind of bundle, and unpack when it's deployed.
from pacote.
Regardless of my use case, the code is still bugged. .gitignore
seems to always be extracted before .npmignore
rendering the whole sawIgnores
mechanism pointless. Just sayin'.
from pacote.
So... I must be missing something, then.
What's the behavior that seems to be intended, and what's happening instead?
from pacote.
@isaacs inside _tarxOptions()
, there's this handy filter()
callback. It's called for every entry in the archive.
In all of my testing, .gitignore
is always extracted before .npmignore
. I assume they are alphabetically sorted.
Here's the code:
if (base === '.npmignore')
sawIgnores.add(entry.path)
else if (base === '.gitignore') {
// rename, but only if there's not already a .npmignore
const ni = entry.path.replace(/\.gitignore$/, '.npmignore')
if (sawIgnores.has(ni))
return false
entry.path = ni
}
If .gitignore
is extracted before .npmignore
, then sawIgnores.has(ni)
will return false and thus .gitignore
is renamed to .npmignore
.
If .npmignore is extracted before
.gitignore, then
sawIgnores.has(ni)will return true and will NOT rename
.gitignoreto
.npmignore`.
If the archive has both a .gitignore
and .npmignore
, the .gitignore
is extracted first and renamed to .npmignore
. Then .npmignore
is extracted and overwrites the .gitignore
version of .npmignore
.
There's 2 ways to fix this:
-
Instead of the code using
sawIgnores
to track.npmignore
instances, it needs to track.gitignore
instances. That way when you do extract a.npmignore
, you can remove the.gitignore
from the Set and whatever.gitignore
files are left in the Set after extracting would be renamed to.npmignore
. -
Assuming a clean extract destination, leave the
.gitignore
andsawIgnores.has(ni)
code as is, but before.npmignore
is written, check if the destination exists, and if so, rename the.npmignore
back to.gitignore
. If the archive is being extracted over an existing directory with a.npmignore
, then this won't work as there's no way of knowing if the existing.npmignore
was a renamed.gitignore
.
Hope that helps.
from pacote.
In all cases, where there is either/both of .npmignore
and/or .gitignore
, we should end up extracting a .npmignore
file, and not a .gitignore
. If there's a .gitignore
and no .npmignore
, it should be renamed. If there's both, then we should extract the .npmignore
, and throw away the .gitignore
.
.npmignore
only- base is
.npmignore
, add it tosawIgnores
and extract - never hit the second
if
- result
.npmignore
is extracted ✅
- base is
.gitignore
only- replace the entry path from
.gitignore
to.npmignore
sawIgnores
doesn't contain it, so continue and extract- never hit the first
if
- result file extracted as
.npmignore
✅
- replace the entry path from
.npmignore
then.gitignore
- hit the first
if
, add tosawIgnores
- hit the second
if
, butsawIgnores
already has it, so returnfalse
to not extract - result extracted
.npmignore
, threw away.gitignore
via filter ✅
- hit the first
.gitignore
then.npmignore
- hit the second
if
, rename to.npmignore
- hasn't been seen, so extract it
- hit the second
if
, add tosawIgnores
, and extract over the.gitignore
- result extracted
.npmignore
as.npmignore
, threw away.gitignore
via overwrite ✅
- hit the second
It seems like this is working as intended, regardless of file order.
In all of my testing, .gitignore is always extracted before .npmignore. I assume they are alphabetically sorted.
They are processed in this function in the order in which they appear in the archive. For most packages that are created by npm-packlist
, yes, this will be alphabetical. But if you create a tarball via some other mechanism, they can be in any arbitrary order.
from pacote.
Related Issues (20)
- [BREAKING] remove log property
- [BUG] out of memory on npm install: fork bomb preparing from git repos if they have scripts HOT 2
- [BUG] config field gets overwritten in package.json HOT 2
- [BUG] Proxy settings appear to be ignored.
- [BUG] _cached field is incorrect
- [BUG] No possibility to embed pacote in single js file HOT 2
- Version 15.0.1 HOT 8
- [BUG] Error when extracting a directory after updating from 13.0.4 to 15.0.3 HOT 2
- [BUG] Unlimited concurrent connections are opened when using http proxy HOT 3
- [BUG] `prepack` is not called on installation of git packages HOT 3
- Reporting a vulnerability HOT 1
- [BUG] SSH retry can retry on directory created by HTTP try tried first
- [BUG] FetcherBase._tarxOptions removes files with identical inodes HOT 1
- [BUG] fullMetadata vs. local packages vs. cache
- [BUG] CDN download doesn't use provided HTTP Authorization token (even if it's provided hardcoded in the URL)
- Update TAR dependency to 6.2.1 for Security Vulnerability HOT 1
- [BUG] Symlink support? HOT 1
- [Feature] Update TAR dependency (Security Vulnerability)
- [QUESTION] pacote and npm-registry-fetch/make-fetch-happen both cache tarballs. HOT 1
- [FEATURE] reduce file extractions on disk
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pacote.