Yarn pack is ignoring .npmignore files #685
Comments
|
Thanks for the report! Can you post the |
|
Sure. {
"name": "patternity",
"version": "2.0.0",
"description": "Patternity is the pattern library and style guide for all Influitive apps",
"main": "index.js",
"scripts": {
"test": "tape-babel-css-modules \"src/**/*/*.test.js\" | faucet && karma start",
"test-circleci": "tape-babel-css-modules \"src/**/*/*.test.js\" | faucet && karma start --single-run --log-level error",
"karma-test": "karma start",
"tape-watch": "watch 'clear && tape-babel-css-modules \"src/**/*/*.test.js\" | faucet && exit 0' src -d -u",
"coverage": "babel-node node_modules/.bin/isparta cover src/**/*/*.test.js | tap-spec",
"babel": "babel {src,infl-components-src} --out-dir lib --ignore *.test.js && gulp copy-lib-styles",
"babel-watch": "babel {src,infl-components-src} -w --out-dir lib & gulp watch-scss",
"testbed": "node ./webpacktestbed/devServer.js",
"postinstall": "npm run babel",
"create": "gulp create-component",
"lint": "eslint ./src; exit 0",
"lint:check": "eslint ./src",
"githooks": "cd .git/hooks && ln -s ../../.githooks/commit-msg ./commit-msg && cd -",
"newcomp": "babel-node .newcomponent.js"
},
"repository": {
"type": "git",
"url": "https://github.com/influitive/patternity.git"
},
"keywords": [
"Pattern",
"Lab",
"Style",
"Guide",
"Infl-Styles",
"Infl-Components"
],
"author": "Influitive Team",
"license": "ISC",
"bugs": {
"url": "https://github.com/influitive/patternity/issues"
},
"homepage": "https://github.com/influitive/patternity",
"browserify": {
"transform": [
"reactify"
]
},
"devDependencies": {
"autoprefixer": "^6.3.1",
"babel-eslint": "^4.0.5",
"babel-tape-runner": "^1.2.0",
"babelify": "^6.3.0",
"browserify": "^8.1.3",
"browserify-single-file": "^0.3.0",
"chai": "^3.5.0",
"chalk": "^1.1.1",
"css-loader": "^0.19.0",
"css-modulesify": "^0.17.0",
"eslint": "^1.2.0",
"eslint-plugin-react": "^3.2.2",
"express": "^4.13.3",
"extract-text-webpack-plugin": "^0.8.2",
"faucet": "0.0.1",
"file-loader": "^0.8.5",
"html-webpack-plugin": "^2.8.0",
"infl-icons": "git://github.com/influitive/infl-icons.git",
"is-dir": "^1.0.0",
"isparta": "^3.1.0",
"jasmine-core": "^2.2.0",
"json-loader": "^0.5.4",
"karma": "^0.12.31",
"karma-browserify": "^3.0.1",
"karma-chrome-launcher": "^0.1.7",
"karma-jasmine": "^0.3.5",
"karma-mocha": "^0.1.10",
"karma-phantomjs-launcher": "^1.0.0",
"lost": "^6.7.1",
"mocha": "^2.4.4",
"postcss": "^5.0.16",
"postcss-loader": "^0.8.0",
"postcss-modules-extract-imports": "^1.0.0",
"postcss-modules-local-by-default": "^1.0.1",
"postcss-modules-scope": "^1.0.0",
"precss": "^1.4.0",
"react": "^0.14.3",
"react-addons-test-utils": "^0.14.3",
"react-dom": "^0.14.3",
"react-hot-loader": "^1.2.9",
"react-transform-catch-errors": "^1.0.0",
"react-transform-hmr": "^1.0.0",
"reactify": "^1.0.0",
"sass-loader": "^2.0.1",
"sinon": "^1.17.3",
"sinon-chai": "^2.8.0",
"skin-deep": "^0.13.0",
"strictify": "^0.2.0",
"style-loader": "^0.12.4",
"tape": "^4.2.2",
"tape-babel-css-modules": "git://github.com/justinsisley/tape-babel-css-modules.git",
"tape-catch": "^1.0.4",
"testling": "^1.7.1",
"url-loader": "^0.5.7",
"watchify": "^3.5.0",
"webpack": "^1.12.12",
"webpack-dev-middleware": "^1.2.0",
"webpack-dev-server": "^1.10.1",
"webpack-hot-middleware": "^2.2.0"
},
"dependencies": {
"babel-cli": "^6.7.7",
"babel-core": "^6.7.7",
"babel-loader": "^6.2.4",
"babel-plugin-add-module-exports": "^0.2.1",
"babel-plugin-react-display-name": "^2.0.0",
"babel-preset-es2015": "^6.6.0",
"babel-preset-react": "^6.5.0",
"babel-preset-stage-0": "^6.5.0",
"classnames": "^1.1.4",
"color": "^0.10.1",
"es5-shim": "^4.1.0",
"gulp": "^3.9.0",
"gulp-batch": "^1.0.5",
"gulp-debug": "^2.1.2",
"gulp-flatten": "^0.2.0",
"gulp-header": "^1.7.1",
"gulp-notify": "^2.2.0",
"gulp-postcss": "^6.0.0",
"gulp-replace": "^0.5.4",
"gulp-watch": "^4.3.5",
"jquery": "^1.9.1",
"jss": "^3.2.0",
"jss-nested": "^1.0.1",
"lodash": "^3.7.0",
"lost": "^6.7.1",
"moment": "^2.11.2",
"node-bourbon": "~1.2.3",
"node-neat": "^1.7.2",
"node-sass": "^3.2.0",
"phantomjs-prebuilt": "^2.1.7",
"postcss": "^5.0.14",
"postcss-media-minmax": "^2.1.1",
"postcss-nested": "^1.0.0",
"postcss-scss": "^0.1.2",
"quill": "^0.20.1",
"react-color": "1.3.6",
"react-datetime": "^2.0.3",
"react-jss": "^2.0.1",
"react-quill": "^0.4.0",
"react-tether": "^0.5.2",
"redbox-react": "^1.1.0",
"rucksack-css": "^0.8.2",
"tap-bail": "0.0.0",
"tap-pessimist": "^1.0.1",
"tap-spec": "^4.1.0"
},
"peerDependencies": {
"react": "^0.14.3"
}
}It's a little bit of a mess. It's a legacy package. |
|
I assume the reason the |
|
I have multiple packages with package.json syntax P.S. I tried with |
|
+1 @Ciantic Developing local packages can be a problem because of this For example, if the package is on git, the entire yarn 0.20.3, windows 10 |
|
Isn't this an exact duplicate of #754? |
|
This makes testing React Native modules a hassle. If you have |
|
I think this should be renamed, it's not just "yarn pack" it's also "yarn install", which is far more common. |
|
I guess all yarn is ignoring This may be by design, in which case I'd say it's quite a strange decision! |
|
I'm facing the same issue and it's really annoying. Currently I'm using |
|
It seems yarn is not reading |
|
I just tested I'm using the latest v0.24.6 and this behavior is unexpected and inconsistent with npm's behavior. @kittens @bestander @Daniel15 could you please comment on what the expected behavior is and what the barriers to resolving this are? |
|
The root of the issue is that yarn gives the same priority to both |
|
@GAumala what version of yarn are you using? The issue I'm encountering goes further than what you're describing, as none of |
|
My system version is 0.24.5. My patched version which has commits up to today's morning works fine for my use case while system version does not. In my use case I have a single Maybe your |
|
I am also seeing this issue. I can validate that moving the .gitignore, running the yarn pack command, and then putting it back does indeed work for now. Make sure to ignore the .gitbackup file or that will come through in the package.
|
|
That should not be hard to fix, anyone volunteers? |
|
fixed via #3538 |
|
I am having the same issue as those above. |
|
Let's open a new issue so that it is easier to track what is fixed and what needs to be done. |
|
I can replicate this issue as far as 1.5.1, the only thing worked was to temporarily delete .gitignore & then run "yarn package", worthwhile to note that i didn't had any files declared in my package.json |
|
Turns out it is of a feature, pack command does not pack files listed in .gitignore, .npmignore and .yarnignore. I understand the idea behind this - so that people don't pack build artifacts when they publish packages. I added some code to walk around this for offline mirror feature here: #5793. But I am not sure if this should be the default behavior for pack command. I can open the issue to allow the discussion. |
|
I'd just like to clarify a few things:
I recommend to read https://medium.com/@jdxcode/for-the-love-of-god-dont-use-npmignore-f93c08909d8d |
|
@Vadorequest To clarify further, what you described is NPM's behavior. With Yarn, Others have said that Yarn doesn't read The code that defines this behavior is in the sortFilter() utility function. As soon as the function finds a matching whitelist rule, it skips all other rules. I have a feeling this is because Yarn wants to always include certain files like I think user-defined rules should be processed first, allowing blacklist rules to override whitelist rules. Then the built-in whitelist for |
The files directive causes yarn to ignore .npmignore altogether. This causes quite a bit of test data to be published with the package which is annoying. Instead we set up .npmignore to blacklist all of this for us. This is slightly less secure but works better until the Yarn issue is fixed. yarnpkg/yarn#685
With Yarn, the files field always overrides .npmignore files. See yarnpkg/yarn#685 (comment).
workaround for yarnpkg/yarn#685
|
It seems everyone is in agreement that using a whitelist is much better than using a blacklist. There are security concerns with using a blacklist because you might accidentally forget to blacklist sensitive files. This issue is doing two things:
Welcome to |
This problem is related to this issue: yarnpkg/yarn#685 The problem is that yarn copies the entire folder from `./tripetto-block-text/` to `./app/node_modules/tripetto-block-text`. This also includes the `node_modules` folder in `./tripetto-block-text/node_modules`. This folder also contains the `tripetto` package. So now, the text block will use this locale instance of Tripetto to register the block instead of the one used by the app.
|
I tried every solution in this thread while using yarn 1.22.17, to no avail. I had to upgrade yarn from v1 for it to work using the package.json files option. So v1 seemingly is forever broken in this regard. |
Can confirm same experience here with Tried |
|
Coming here years later and I can say I have exactly the same issues. This enforces me to use NPM which I didn't want in the first place at all. |
This comment was marked as off-topic.
This comment was marked as off-topic.
|
Yarn v1 is not under active development any more. If you want this fixed, you'll either have to contribute a fix yourself, or report a bug for Yarn v4 if this is still an issue in newer versions. |
and others
Do you want to request a feature or report a bug?
Bug
What is the current behavior?
If I specify a .npmignore with a bunch of files that should NOT be published along with the package, a bunch of files seem to be included no matter what and some aren't included at all.
If the current behavior is a bug, please provide the steps to reproduce.
eg
yarn packtar -ztvf <package>Notice that the package contains README.md files that were specified in node_modules AND in src. It also does not include the directory lib.
What is the expected behavior?
node_modules and src should not exist in the archive. lib should exist in the archive.
Please mention your node.js, yarn and operating system version.
OS X: 10.11.6
node: 5.5.0
yarn: 0.15.1
The text was updated successfully, but these errors were encountered: