打包前清理package.json
[英]Clean package.json before packing
问题描述
Let's say you have a npm project with the following package.json : 
假设您有一个带有以下package.json的npm项目:
{
"name": "XXX",
"version": "YYY",
"license": "ZZZ",
"scripts": {
"scriptA": "...",
"scriptB": "...",
"preinstall": "...",
"postinstall": "..."
},
"devDependencies": {
"depA": "vA",
"depB": "vB"
},
"dependencies": {
"depC": "vC",
"depD": "vD"
}
}
When packing/publishing your package, you don't need the scripts or devDependencies keys. 在打包/发布程序包时,不需要scripts或devDependencies键。 But more dangerously, the preinstall and postinstall scripts could trigger weird/unwanted actions when people install your package as a dependency. 但是更危险的是,当人们将您的软件包作为依赖项安装时, preinstall和postinstall脚本可能会触发奇怪/不需要的操作。
So how do you clean your package.json , ie remove the keys that you don't need? 那么,如何清理package.json ,即删除不需要的密钥?
I'm currently using npm 3.10. 我目前正在使用npm 3.10。 If I use the npm pack command, according to the npm documentation it will simply pack the current package if no arguments are provided (therefore taking the raw package.json from disk) and there is no options I can provide to clean it up. 如果我使用npm pack命令,根据npm文档 ,如果不提供任何参数,它将仅打包当前程序包(因此从磁盘中获取raw package.json ),并且我没有提供清除它的选项。
I can of course write my own scripts that would zip the package and generate my own package.json . 我当然可以编写自己的脚本来压缩包并生成自己的package.json 。 Is it the way to go? 这是要走的路吗?
1 个解决方案
解决方案1
0 2016-12-02 23:37:10
Using npm itself, this does not seem possible. 使用npm本身,这似乎是不可能的。 As of npm 3.10, npm publish or npm pack will indeed just include a pure copy of your package.json in your tgz. 从npm 3.10开始, npm publish或npm pack实际上只会在tgz中包含package.json的纯副本。
The solution is therefore to generate its own packaged file to have full control over the included package.json . 因此,解决方案是生成自己的打包文件,以完全控制所包含的package.json 。
Basic example 基本例子
Note: this is using the shell and synchronous method from npm fs 注意:这是使用npm fs的shell和同步方法
const fs = require('fs');
const os = require('os');
const shell = require('shelljs');
const targz = require('tar.gz');
// create temp directory
const tempDirectory = fs.mkdtempSync(`${os.tmpdir()}/your-project-tarball-`);
const packageDirectory = `${tempDirectory}/package`;
// create subfolder package
fs.mkdirSync(packageDirectory);
// read existing package.json
const packageJSON = require('./package.json');
// copy all necessary files
// https://docs.npmjs.com/files/package.json#files
shell.cp('-R', packageJSON.files, packageDirectory);
shell.cp('-R', ['README.md', 'CHANGELOG.md', 'LICENSE'], packageDirectory);
// create your own package.json or modify it here
Reflect.deleteProperty(packageJSON, 'scripts');
fs.writeFileSync(`${packageDirectory}/package.json`, JSON.stringify(packageJSON, null, 2));
// create tgz and put it in dist folder
targz().compress(packageDirectory, 'your-package.tgz');
Real life example with Lodash Lodash的真实例子
This is for example what the lodash lib does in version 4.17.2. 例如,这是lodash库在版本4.17.2中的功能。 Their original package.json looks like (cf https://github.com/lodash/lodash/blob/4.17.2/package.json ): 他们原始的package.json看起来像(cf https://github.com/lodash/lodash/blob/4.17.2/package.json ):
{
"name": "lodash",
"version": "4.17.2",
"license": "MIT",
"private": true,
"main": "lodash.js",
"engines": { "node": ">=4.0.0" },
"scripts": {
"build": "npm run build:main && npm run build:fp",
"build:fp": "node lib/fp/build-dist.js",
"build:fp-modules": "node lib/fp/build-modules.js",
"build:main": "node lib/main/build-dist.js",
"build:main-modules": "node lib/main/build-modules.js",
"doc": "node lib/main/build-doc github && npm run test:doc",
"doc:fp": "node lib/fp/build-doc",
"doc:site": "node lib/main/build-doc site",
"doc:sitehtml": "optional-dev-dependency marky-markdown@^9.0.1 && npm run doc:site && node lib/main/build-site",
"pretest": "npm run build",
"style": "npm run style:main && npm run style:fp && npm run style:perf && npm run style:test",
"style:fp": "jscs fp/*.js lib/**/*.js",
"style:main": "jscs lodash.js",
"style:perf": "jscs perf/*.js perf/**/*.js",
"style:test": "jscs test/*.js test/**/*.js",
"test": "npm run test:main && npm run test:fp",
"test:doc": "markdown-doctest doc/*.md",
"test:fp": "node test/test-fp",
"test:main": "node test/test",
"validate": "npm run style && npm run test"
},
"devDependencies": {
"async": "^2.1.2",
"benchmark": "^2.1.2",
"chalk": "^1.1.3",
"cheerio": "^0.22.0",
"codecov.io": "~0.1.6",
"coveralls": "^2.11.15",
"curl-amd": "~0.8.12",
"docdown": "~0.7.1",
"dojo": "^1.11.2",
"ecstatic": "^2.1.0",
"fs-extra": "~1.0.0",
"glob": "^7.1.1",
"istanbul": "0.4.5",
"jquery": "^3.1.1",
"jscs": "^3.0.7",
"lodash": "4.17.1",
"lodash-doc-globals": "^0.1.1",
"markdown-doctest": "^0.9.0",
"optional-dev-dependency": "^2.0.0",
"platform": "^1.3.3",
"qunit-extras": "^3.0.0",
"qunitjs": "^2.0.1",
"request": "^2.78.0",
"requirejs": "^2.3.2",
"sauce-tunnel": "^2.5.0",
"uglify-js": "2.7.4",
"webpack": "^1.13.3"
},
"greenkeeper": {
"ignore": [
"lodash"
]
}
}
But the published package.json looks like (cf https://unpkg.com/lodash@4.17.2/package.json ) 但是发布的package.json看起来像(cf https://unpkg.com/lodash@4.17.2/package.json )
{
"name": "lodash",
"version": "4.17.2",
"description": "Lodash modular utilities.",
"keywords": "modules, stdlib, util",
"homepage": "https://lodash.com/",
"repository": "lodash/lodash",
"icon": "https://lodash.com/icon.svg",
"license": "MIT",
"main": "lodash.js",
"author": "John-David Dalton <john.david.dalton@gmail.com> (http://allyoucanleet.com/)",
"contributors": [
"John-David Dalton <john.david.dalton@gmail.com> (http://allyoucanleet.com/)",
"Mathias Bynens <mathias@qiwi.be> (https://mathiasbynens.be/)"
],
"scripts": { "test": "echo \"See https://travis-ci.org/lodash/lodash-cli for testing details.\"" }
}
where you can see the scripts and devDependencies keys for example are not there anymore. 例如,您不再可以在其中看到scripts和devDependencies键的位置。 This is done using a JavaScript Template package.jst as long as a nodejs script Lodash CLI 只要使用nodejs脚本Lodash CLI,就可以使用JavaScript Template package.jst完成此操作
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.