npm breaks publish-packed: missing package.jsons

cli
help-wanted
priority:medium
triaged

(Rob Lourens) #1

What I Wanted to Do

publish-packed (https://github.com/zkochan/publish-packed) is a tool that lets you publish your module’s dependencies, then deletes them after the postInstall. This is useful when the dependencies are needed for postinstall (like for downloading a binary) but not needed at runtime.

Basically it puts the node_modules under “lib/node_modules” and they are published like normal files with the package.

What Happened Instead

With npm 5, publish-packed works fine. With npm 6, npm strips the package.json files from some of the published modules. They should always be included - otherwise install on the target system fails.

It seems to be related to the “files” entry in the package.jsons - if that does not include the package.json itself, the package.json is stripped. This is weird because those files (in lib/node_modules/…/package.json) should be either treated as normal files and the “files” ignored, or treated as real package.jsons and always included.

Reproduction Steps

This is a simple repro that doesn’t actually involve publish-packed, just files and “npm publish”.

npm notice === Tarball Contents ===
npm notice 220B package.json
npm notice 24B  lib/node_modules/myModule/index.js
npm notice 26B  lib/node_modules/myModule2/index.js
npm notice 235B lib/node_modules/myModule2/package.json

lib/node_modules/myModule2/package.json is included, because it doesn’t use “files”.
lib/node_modules/myModule/package.json is not included, because it has “files”: [“index.js”]

Platform Info

$ npm --versions
{ 'npmtest-roblou': '1.0.1',
  npm: '6.4.1',
  ares: '1.10.1-DEV',
  cldr: '32.0',
  http_parser: '2.8.0',
  icu: '60.1',
  modules: '57',
  napi: '3',
  nghttp2: '1.32.0',
  node: '8.12.0',
  openssl: '1.0.2p',
  tz: '2017c',
  unicode: '10.0',
  uv: '1.19.2',
  v8: '6.2.414.66',
  zlib: '1.2.11' }
$ node -p process.platform
darwin

(Kat Marchán) #2

Ooh I bet this is a hiccup with npm-packlist, cc @isaacs