12

I have a private module stored on github that I'm including in one of my projects using npm. The module has a .npmignore file, but nothing is being ignored when I install or update the module.

Project's package.json

{
  "name": "Your Cool Project",
  "version": "0.0.0",
  "dependencies": {
    "myModule" : "git+ssh://git@github.com:user/myModule.git",
    /* All your other dependencies */
  }
  ...
}

Module's .npmignore file

.git*
gulpfile.js
index.html
tests.js
README.md

When I run npm update myModule these files are still being downloaded into my project. Am I missing something? Does .npmignore work for privately hosted modules? Thanks in advance.

stolksdorf
  • 189
  • 1
  • 10
  • 4
    It is to be noted that README is always included, even if listed in `.npmignore`. See [docs](https://docs.npmjs.com/misc/developers#keeping-files-out-of-your-package) – Aurelio Mar 14 '15 at 16:54
  • 2
    You can use `npm publish --dry-run` to be sure what's going online. – Yauheni Prakopchyk Nov 05 '18 at 05:39
  • Note that if you have a `main` property in your `package.json` and you try to ignore a directory that the path assigned to `main` is in, `npm publish` will include it. Idk the nuances of how this works, I just discovered it through experimenting. Doesn't seem to be documented anywhere that I've found. – electrovir Jan 16 '20 at 03:52

2 Answers2

11

Since you're specifying the dependency myModule as a Git repository, npm is probably just cloning the repo. Therefore your .npmignore files isn't being used.

.npmignore seems to be used when "making modules" eg: pack or publish not consuming modules (like in your example).

kierans
  • 1,533
  • 1
  • 11
  • 32
1

Be careful when using .npmignore

If you haven't been using .npmignore, it defaults to .gitignore with a few additional sane defaults.

What many don't realize that once you add a .npmignore file to your project the .gitignore rules are (ironically) ignored. The result is you will need to audit the two ignore files in sync to prevent sensitive leaks when publishing.

Still, I think is missing put the /node_modules in your .npmignore.

Set the attribute private: true in package.json file as below:

{
  "name": "project-name",
  "version": "0.0.0",
  "license": "MIT",
  "scripts": {
  },
  "private": true,
  "dependencies": {
  },
  "devDependencies": {
  }
}

Generate the build into /public folder to publish it to NPM repository with .npmignore into that folder.

Fernando Santucci
  • 422
  • 4
  • 8