Use files property in package.json
#100
Conversation
|
Why would we not want any of the other files? for starts the readme & license are invaluable, in addition there are zlib and fs files, which can be used by node v0.10 allowing them to utilise streams3. I am not sure what the benefit is of doing this? |
|
The readme is always included by default, but I could add the license if you want. Why you say. Well, the obvious reason is to keep the size as small as possible. So many modules includes useless files causing the |
|
I get your point, but actually this should be covered in the .npmignore |
|
It's always preferable to include the files that are necessary as opposed to excluding the ones you don't need because noone seems to maintain their Plus, you get to get rid of a |
|
I don't know, it depends on the scenario if that is not ignoring the files. Yes the I can definitely see how using the files property in the package.json would be useful to specify only a sub-set of what could exist in a repo. As a side note I would 100% always include the licence files if there is one, working at a huge international corporation, we have to be extremely careful in ensuring that we are not violating licensing terms of any module (or nested dependencies) that we want to include in our code base. |
|
license is also included by default. In general +1 for whitelist instead of blacklist. |
|
Oh, it is? Guess mine never is because I use license.md. |
|
license.* is included by defualt as of npm 2.1.6 |
|
Ahh, must've missed. @sonewman, yes, it's 30kb but so many packages depend on this package and because of how npm handles dependencies ( |
|
ahh, that is something i didn't know. Well in general I am not overly opinionated about either way. merge? |
|
-1. I'm not convinced size is a problem here. Also, is including just |
I'm using npm v2.2.0 but it doesn't download license file if it's not included in Example: |
|
it needs to be published with a newer version of npm for it to be included in the package. doesn't matter which version you're downloading the package with. |
|
|
@jonathanong Thank you for letting me know. |
|
yeah, @jonathanong that is a good shout. - I guess this is because it has already been published minus the license file |
|
And, +1 for adding |
The npm website (https://github.com/npm/newww) has 33 instances of With this change, that means it'd save a whopping Note that almost none of that ever goes over the wire. Browserify already restricts the bundle to only pieces that are actually loaded, so it's minimal by default. It's almost always loaded from cache on install, so it's only a single download and multiple unpacks. npm 3.0 will dedupe by default, so this becomes even less of an issue, and will result in only 40kb saved, about half the size of our 404 image. If we want to remove the example files, then fine, let's make them separate modules, and remove them from this repo entirely. It'd be good to have proper tests and documentation for them at any rate. But having unnecessary divergence from the published artifact and the repo on the grounds of disk space is kind of misguided, imo. |
|
I'm -1 on whitelisting files, for the reasons @isaacs lists above. Additionally, it seems like a potential footgun for publishers disguised as an optimization – I can easily see someone publishing a copy of readable-stream that works locally, but breaks for others due to forgetting to put a file in the whitelist. |
|
Just as an anecdote. A year ago
Forgetting to add installed dependencies to package.json is also a foot-gun, but that's still totally possible. |
| @@ -3,6 +3,14 @@ | |||
| "version": "1.1.13", | |||
| "description": "Streams3, a user-land copy of the stream library from Node.js v0.11.x", | |||
| "main": "readable.js", | |||
| "files": [ | |||
There was a problem hiding this comment.
no. you should include the readme tests and examples.
Being able to debug and understand node_modules locally is more important then saving bytes.
There was a problem hiding this comment.
That's what git clone is for. And readme is included by default.
There was a problem hiding this comment.
we fundamentally disagree. node_modules is part of my application.
It's incredibly important for all the information to be there.
If your using npm and node_modules to publish "binary libraries" and complain about the size, maybe have less modules.
|
Looking at it closer I think the problem lies in fact that npm with First one is for production install of utilities (like yeoman or bower), and second one is for development, and while in development we usually prefer to have tests and documentation to be included with an installed package, then for production install, it's not needed and may attribute to some crazy package bloat as @sindresorhus pointed. Probably real problem is that npm uses same strategy for both cases, which in my opinion would be better if addressed with different approach and possibly with two different binaries (just adding Speaking from my experience I would never ever use npm (as it works now) for production installs, too many things can go wrong. So @sindresorhus probably best solution for you is to install projects like |
|
Related discussion in browserify issue: browserify/browserify#1093 FWIW, I'm also -1 on this. |
|
+1. size is important for node-webkit apps. it is ridiculous to package tests, examples, docs or whatever into client-side app |
|
This is a contentious point because i find it really helpful to use |
|
@sonewman I can't imagine such a tool. We can use browserify-related packages to find used |
|
@sonewman, as mentioned before, the readme and license are always included, no matter if you've defined them in the |
|
@vkurchatkin If it's a post-install tool, one should be able to only look for Generally speaking, it strikes me that approaching the package size problem is best approached from the angle of pruning unnecessary files after having installed them, instead of attacking the problem at the individual package level. There is a use case for pruning the files (node-webkit!), but:
Building a tool to prune unused files from |
|
+1 on @chrisdickinson suggestion @kevva I know you explained before, but the other files included are also useful, since reading tests can be very useful in understanding how code is intended to work. |
Tried that, and it generally doesn't work. There are all sorts of dynamic |
|
Any conclusion on this? |
|
Its interesting to see people having the exact opposite way to see the problem. What is the recommended way of npm registry? Is it supposed to host files that are only used by the consumers or should it include tests and related files that might be used by a few people (so they don't have to manually find the exact version of the code on github, which might be hard)? I can't find any on the npm website. |
|
The actual effect of this PR on readable-stream-2.0.0.tgz: --- before.txt 2015-06-12 19:57:31.000000000 -0700
+++ after.txt 2015-06-12 19:57:38.000000000 -0700
@@ -1,16 +1,13 @@
-package/.npmignore
-package/.travis.yml
package/LICENSE
package/README.md
-package/doc/wg-meetings/2015-01-30.md
package/duplex.js
package/lib/_stream_duplex.js
package/lib/_stream_passthrough.js
package/lib/_stream_readable.js
package/lib/_stream_transform.js
package/lib/_stream_writable.js
package/package.json
package/passthrough.js
package/readable.js
package/transform.js
package/writable.js |
|
@rmg plus you have to maintain it. |
|
Yeah what if we just added Edit:correct folder |
|
It's useful to have the docs when you're offline. This will only save a few KB, and this doesn't even get shipped to the user in the browser or loaded into memory, so it's really not worth it. cc @dominictarr |
|
Though these are just the meeting notes, not the actual docs probably On Sat, Jun 13, 2015, 12:29 PM Feross Aboukhadijeh [email protected]
|
|
I feel like in this case it might be better not to have the |
$ cat .npmignore .travis.yml doc/wg-meetings/2015-01-30.md | wc -c
2436 <-- bytesclosing this as the savings are incredibly small, if we ever have more working group meetings it may make sense to put doc/wg-meetings/ into the .npmignore |
|
@dcousens agreed. My comment wasn't meant as an endorsement of any kind, I just thought it was missing from the discussion. |
|
@rmg and I would characterize it as a decisive contribution to the discussion 🎉 |
No description provided.