npm breaks publish-packed: missing package.jsons


(Rob Lourens) #1

What I Wanted to Do

publish-packed ( is a tool that lets you publish your module’s dependencies, then deletes them after the postInstall. This is useful when the dependencies are needed for postinstall (like for downloading a binary) but not needed at runtime.

Basically it puts the node_modules under “lib/node_modules” and they are published like normal files with the package.

What Happened Instead

With npm 5, publish-packed works fine. With npm 6, npm strips the package.json files from some of the published modules. They should always be included - otherwise install on the target system fails.

It seems to be related to the “files” entry in the package.jsons - if that does not include the package.json itself, the package.json is stripped. This is weird because those files (in lib/node_modules/…/package.json) should be either treated as normal files and the “files” ignored, or treated as real package.jsons and always included.

Reproduction Steps

This is a simple repro that doesn’t actually involve publish-packed, just files and “npm publish”.

npm notice === Tarball Contents ===
npm notice 220B package.json
npm notice 24B  lib/node_modules/myModule/index.js
npm notice 26B  lib/node_modules/myModule2/index.js
npm notice 235B lib/node_modules/myModule2/package.json

lib/node_modules/myModule2/package.json is included, because it doesn’t use “files”.
lib/node_modules/myModule/package.json is not included, because it has “files”: [“index.js”]

Platform Info

$ npm --versions
{ 'npmtest-roblou': '1.0.1',
  npm: '6.4.1',
  ares: '1.10.1-DEV',
  cldr: '32.0',
  http_parser: '2.8.0',
  icu: '60.1',
  modules: '57',
  napi: '3',
  nghttp2: '1.32.0',
  node: '8.12.0',
  openssl: '1.0.2p',
  tz: '2017c',
  unicode: '10.0',
  uv: '1.19.2',
  v8: '6.2.414.66',
  zlib: '1.2.11' }
$ node -p process.platform

(Kat Marchán) #2

Ooh I bet this is a hiccup with npm-packlist, cc @isaacs

(Rob Lourens) #3

If anyone can give me a pointer for where to start looking for the problem, I could investigate some more. I’d like to be able to use up to date npm without trying to find a way around using publish-packed!

(Lars Willighagen) #4

I thought I had figured this out earlier, but I can’t find anything about it in my notes (apart from a line saying “reproduced”).

  1. The file that checks if files should be included or not : npm-packlist/index.js. This also builds the set of rules, mostly.
  2. The file does the actual checking is this one (useful for console.logs, in my experience): ignore-walker/index.js

If you want to skip straight to the cause:

The '*\n' rule here is the one that excludes package.json.

(system) closed #5

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.