-
-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update npm-packlist #11
Comments
|
Thinking about this today, I think it's better to take a step back and not get involved by manually invoking packing. Different package managers have different ways of packing files and packing
This means Proposed solutionCreate a new option: pack: 'auto' | 'npm' | 'yarn' | 'pnpm' | { command: string } | { tarballPath: string }
After unpacking the tarball, the paths should be normalized to match the existing filesystem paths. The main data we need is really only the published |
Would be great to update the dependency npm-packlist! I get 2 warn depreciated and 3 high vulnerabilities warnings because of that dependency. |
+1 |
Perhaps it makes sense to cut a breaking minor for now to resolve this. I haven't got the time to do a better overhaul. |
I looked into bumping this today and it looks like it also requires This is a dealbreaker for me, so I'll hold off bumping it for now and await the proper solution proposed at #11 (comment)
I only got deprecated warnings. No vulnerability warnings on my end: bjorn@Bjorns-MacBook-Pro publint-vul % npm i publint
npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
added 17 packages in 2s
2 packages are looking for funding
run `npm fund` for details
bjorn@Bjorns-MacBook-Pro publint-vul % npm audit
found 0 vulnerabilities
|
npm v9 introduced a breaking change to
npm-packlist
(release notes). However yarn v3 and pnpm v7 have not adopted this yet.This issue tracks when yarn and pnpm start moving towards the new pack logic before we update it.
The text was updated successfully, but these errors were encountered: