`npm pack` includes items from `.git` folder if there is a branch called `readme` (regression in 6.9.0)

(Dominykas Blyžė) #1

What I Wanted to Do

$ git branch readme
$ npm pack

What Happened Instead

14:01 $ npm pack
[..snip..]
npm notice === Tarball Contents === 
[..snip..]
npm notice 169B   .git/logs/refs/heads/readme   
npm notice 41B    .git/refs/heads/readme        
[..snip..]

Reproduction Steps

(same as “What I wanted to do”)

Platform Info

14:02 $ npm --versions
{ '@my-namespace/my-package: '4.16.0',
  npm: '6.9.0',
  ares: '1.15.0',
  cldr: '33.1',
  http_parser: '2.8.0',
  icu: '62.1',
  modules: '64',
  napi: '3',
  nghttp2: '1.34.0',
  node: '10.15.3',
  openssl: '1.1.0j',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.23.2',
  v8: '6.8.275.32-node.51',
  zlib: '1.2.11' }
14:03 $ node -p process.platform
darwin

This is causing issues if such a package is installed as a dep, and then npm prune --production is run, as it starts to complain about EISGIT.

(Julien Vanier) #2

This regression happens as well when installing from a github URL.

Steps to reproduce:

npx npm@6.9.0 install github:particle-iot/zeromq.js
ls node_modules/zeromq/.git # index (should be "No such file or directory"
(Philipp Bohnenstengel) #3

This problem also occurs if there is a filename with readme in .git/hooks. I noticed this after publishing a package where I cloned the repo with GitKraken. GitKraken always creates a README.sample in the hooks directory. Later calling npm install in the parent project failed with an error message like this:

Error: npm: Command failed with exit code 1 Error output:
npm ERR! path /path/to/package/in/node_modules
npm ERR! code EISGIT
npm ERR! git /path/to/package/in/node_modules: Appears to be a git repo or submodule.
npm ERR! git     /path/to/package/in/node_modules
npm ERR! git Refusing to remove it. Update manually,
npm ERR! git or move it out of the way first.

I also found an issue in the old npm github repo which was never addressed: