Ensure that required files are packaged

[fregante]

I just published a package with the wrong files and bin package.json settings. I'm surprised that npm doesn't check this at all since an incorrect bin causes a subsequent install to fail.

Possible checks:

• files listed in files exist
• files listed in bin exist
• walk the dependency tree starting from main to make sure that all non-external requires are included in files or not npmignored

[sindresorhus]

files listed in files exist
files listed in bin exist

Good idea! For files, we can do it as long as it's not a glob pattern, which is allowed.

walk the dependency tree starting from main to make sure that all non-external requires are included in files or not npmignored

We talked about it previously, but it's very complicated, especially when you start having Babel and Webpack in the picture. I think we instead should get it implemented in eslint-plugin-import and recommend that.

// @benmosher @jfmengels

[benmosher]

eslint-plugin-node has no-unpublished-requires. I'd be up for something similiar in eslint-plugin-import but what's there in the node plugin might work as-is? (though I don't know if that plugin handles ES6 modules, I'd believe it doesn't)

[sindresorhus]

@bfred-it Would you mind reposting your npm/npm#13948 proposal on the Yarn issue tracker? I don't see it going anywhere with the npm client.

[fregante]

npm exposes a useful method: require('npm/libs/pack').getContents()

From this I think it's a matter of testing pkg.bin in getContents() and such

[fregante]

Here: https://github.com/typicode/pkg-ok

Apparently it's pretty old, even

[tommy-mitchell]

I think with #682, this could be two checks:

1. Use pkg-ok to ensure fields in package.json are setup correctly
2. Validate that the files to be packed include the fields checked in pkg-ok

[fregante]

This new tool also verifies the exports and the existence of each file. Given the complexity of the field, I think it's a worthwhile addition:

• https://github.com/bluwy/publint