Print warning when trying to use .npmignore without "files" entry in package.json


(Danny) #1

As we all know, node_modules bloat is a serious problem. This has a good deal to do with the fact that very few people use the “files” entry in package.json, opting instead for .npmignore. The problem with this blacklist approach is that you can easily publish unnecessary files when you add some new config file and forget to add it to .npmignore. I propose a few ways to fix this:

  1. npm init should include the “files” field as a gentle nudge to use it.
  2. The docs should suggest favoring “files” to .npmignore
  3. npm-cli will print a error (or at least a warning) if you use .npmignore without “files”

I’d like to come up with some data on how large this issue is, but I imagine the savings would be huge if every library author starting using “files” today.

Here’s a good article which demonstrates the problem: https://medium.com/@jdxcode/for-the-love-of-god-dont-use-npmignore-f93c08909d8d.