The npm community forum has been discontinued.
To discuss usage of npm, visit the GitHub Support Community.
yarn.lock not published by npm publish anymore
What I Wanted to Do
We’re running whatever version of npm comes with the latest node LTS, which means it was recently upgraded from 6.4.1 to 6.9, so the bug happened somewhere in that range of versions.
When using npm publish, yarn.lock used to be published. It is not anymore. Flipping between 6.4.1 and 6.9 leads to different packages, and the difference is that file.
From an empty repo, npm init, yarn add taco, npm publish --dry-run.
npm notice npm notice 📦 firstname.lastname@example.org npm notice === Tarball Contents === npm notice 253B package.json npm notice === Tarball Details === npm notice name: npm-publish npm notice version: 1.0.0 npm notice package size: 265 B npm notice unpacked size: 253 B npm notice shasum: fbe101b58e31ce167fe38309c96a4e5a37987b56 npm notice integrity: sha512-Q0nF4PTqYgNVB[...]mbvOQTH6zncHg== npm notice total files: 1 npm notice + email@example.com
npm notice npm notice 📦 firstname.lastname@example.org npm notice === Tarball Contents === npm notice 253B package.json npm notice 5.0kB yarn.lock npm notice === Tarball Details === npm notice name: npm-publish npm notice version: 1.0.0 npm notice package size: 2.3 kB npm notice unpacked size: 5.3 kB npm notice shasum: eaff0597b92c4f44e265835c034743d989c03e34 npm notice integrity: sha512-aDod27Nh2vSls[...]CbBlBMiiNCt+Q== npm notice total files: 2 npm notice + email@example.com
Ubuntu 18.04. See npm version above
you must not want to publish either yarn.lock or package-lock.json
I want to publish yarn.lock. And whether that should be the default behavior or not, it is not documented, and is a breaking change in a minor semver release.
has you tried to add an empty .npmignore file?
skipping files like yarn.lock is good practive because 99% user expect it and might be as mistake publish heavy useless in packages files like this
We use it for an internal package that we use to deploy an application to a cloud PaaS, not for a public library, so I guess we’re part of the 1%.
I don’t really want to argue the pros and cons of the behavior. I can see both sides. If npm 7.0 decided to change it, that would be fine with me. The reason this is a bug is because it broke semver, and is not documented behavior (https://docs.npmjs.com/misc/developers). That fact is made worst by the inclusion of 6.9 with a LTS minor version of node, which should be stable.
You are quite correct that not documented on the page you linked, which could at least have helped you after encountering the behaviour.
Do you want to move this to #support:docs-needed ? (To hopefully achieve a positive outcome from your experience and report.)