[英]Clean package.json before packing
Let's say you have a npm project with the following package.json
: 假设您有一个带有以下
package.json
的npm项目:
{
"name": "XXX",
"version": "YYY",
"license": "ZZZ",
"scripts": {
"scriptA": "...",
"scriptB": "...",
"preinstall": "...",
"postinstall": "..."
},
"devDependencies": {
"depA": "vA",
"depB": "vB"
},
"dependencies": {
"depC": "vC",
"depD": "vD"
}
}
When packing/publishing your package, you don't need the scripts
or devDependencies
keys. 在打包/发布程序包时,不需要
scripts
或devDependencies
键。 But more dangerously, the preinstall
and postinstall
scripts could trigger weird/unwanted actions when people install your package as a dependency. 但是更危险的是,当人们将您的软件包作为依赖项安装时,
preinstall
和postinstall
脚本可能会触发奇怪/不需要的操作。
So how do you clean your package.json
, ie remove the keys that you don't need? 那么,如何清理
package.json
,即删除不需要的密钥?
I'm currently using npm 3.10. 我目前正在使用npm 3.10。 If I use the
npm pack
command, according to the npm documentation it will simply pack the current package if no arguments are provided (therefore taking the raw package.json
from disk) and there is no options I can provide to clean it up. 如果我使用
npm pack
命令,根据npm文档 ,如果不提供任何参数,它将仅打包当前程序包(因此从磁盘中获取raw package.json
),并且我没有提供清除它的选项。
I can of course write my own scripts that would zip the package and generate my own package.json
. 我当然可以编写自己的脚本来压缩包并生成自己的
package.json
。 Is it the way to go? 这是要走的路吗?
Using npm itself, this does not seem possible. 使用npm本身,这似乎是不可能的。 As of npm 3.10,
npm publish
or npm pack
will indeed just include a pure copy of your package.json
in your tgz. 从npm 3.10开始,
npm publish
或npm pack
实际上只会在tgz中包含package.json
的纯副本。
The solution is therefore to generate its own packaged file to have full control over the included package.json
. 因此,解决方案是生成自己的打包文件,以完全控制所包含的
package.json
。
Note: this is using the shell and synchronous method from npm fs
注意:这是使用npm
fs
的shell和同步方法
const fs = require('fs');
const os = require('os');
const shell = require('shelljs');
const targz = require('tar.gz');
// create temp directory
const tempDirectory = fs.mkdtempSync(`${os.tmpdir()}/your-project-tarball-`);
const packageDirectory = `${tempDirectory}/package`;
// create subfolder package
fs.mkdirSync(packageDirectory);
// read existing package.json
const packageJSON = require('./package.json');
// copy all necessary files
// https://docs.npmjs.com/files/package.json#files
shell.cp('-R', packageJSON.files, packageDirectory);
shell.cp('-R', ['README.md', 'CHANGELOG.md', 'LICENSE'], packageDirectory);
// create your own package.json or modify it here
Reflect.deleteProperty(packageJSON, 'scripts');
fs.writeFileSync(`${packageDirectory}/package.json`, JSON.stringify(packageJSON, null, 2));
// create tgz and put it in dist folder
targz().compress(packageDirectory, 'your-package.tgz');
This is for example what the lodash
lib does in version 4.17.2. 例如,这是
lodash
库在版本4.17.2中的功能。 Their original package.json
looks like (cf https://github.com/lodash/lodash/blob/4.17.2/package.json ): 他们原始的
package.json
看起来像(cf https://github.com/lodash/lodash/blob/4.17.2/package.json ):
{
"name": "lodash",
"version": "4.17.2",
"license": "MIT",
"private": true,
"main": "lodash.js",
"engines": { "node": ">=4.0.0" },
"scripts": {
"build": "npm run build:main && npm run build:fp",
"build:fp": "node lib/fp/build-dist.js",
"build:fp-modules": "node lib/fp/build-modules.js",
"build:main": "node lib/main/build-dist.js",
"build:main-modules": "node lib/main/build-modules.js",
"doc": "node lib/main/build-doc github && npm run test:doc",
"doc:fp": "node lib/fp/build-doc",
"doc:site": "node lib/main/build-doc site",
"doc:sitehtml": "optional-dev-dependency marky-markdown@^9.0.1 && npm run doc:site && node lib/main/build-site",
"pretest": "npm run build",
"style": "npm run style:main && npm run style:fp && npm run style:perf && npm run style:test",
"style:fp": "jscs fp/*.js lib/**/*.js",
"style:main": "jscs lodash.js",
"style:perf": "jscs perf/*.js perf/**/*.js",
"style:test": "jscs test/*.js test/**/*.js",
"test": "npm run test:main && npm run test:fp",
"test:doc": "markdown-doctest doc/*.md",
"test:fp": "node test/test-fp",
"test:main": "node test/test",
"validate": "npm run style && npm run test"
},
"devDependencies": {
"async": "^2.1.2",
"benchmark": "^2.1.2",
"chalk": "^1.1.3",
"cheerio": "^0.22.0",
"codecov.io": "~0.1.6",
"coveralls": "^2.11.15",
"curl-amd": "~0.8.12",
"docdown": "~0.7.1",
"dojo": "^1.11.2",
"ecstatic": "^2.1.0",
"fs-extra": "~1.0.0",
"glob": "^7.1.1",
"istanbul": "0.4.5",
"jquery": "^3.1.1",
"jscs": "^3.0.7",
"lodash": "4.17.1",
"lodash-doc-globals": "^0.1.1",
"markdown-doctest": "^0.9.0",
"optional-dev-dependency": "^2.0.0",
"platform": "^1.3.3",
"qunit-extras": "^3.0.0",
"qunitjs": "^2.0.1",
"request": "^2.78.0",
"requirejs": "^2.3.2",
"sauce-tunnel": "^2.5.0",
"uglify-js": "2.7.4",
"webpack": "^1.13.3"
},
"greenkeeper": {
"ignore": [
"lodash"
]
}
}
But the published package.json
looks like (cf https://unpkg.com/lodash@4.17.2/package.json ) 但是发布的
package.json
看起来像(cf https://unpkg.com/lodash@4.17.2/package.json )
{
"name": "lodash",
"version": "4.17.2",
"description": "Lodash modular utilities.",
"keywords": "modules, stdlib, util",
"homepage": "https://lodash.com/",
"repository": "lodash/lodash",
"icon": "https://lodash.com/icon.svg",
"license": "MIT",
"main": "lodash.js",
"author": "John-David Dalton <john.david.dalton@gmail.com> (http://allyoucanleet.com/)",
"contributors": [
"John-David Dalton <john.david.dalton@gmail.com> (http://allyoucanleet.com/)",
"Mathias Bynens <mathias@qiwi.be> (https://mathiasbynens.be/)"
],
"scripts": { "test": "echo \"See https://travis-ci.org/lodash/lodash-cli for testing details.\"" }
}
where you can see the scripts
and devDependencies
keys for example are not there anymore. 例如,您不再可以在其中看到
scripts
和devDependencies
键的位置。 This is done using a JavaScript Template package.jst as long as a nodejs script Lodash CLI 只要使用nodejs脚本Lodash CLI,就可以使用JavaScript Template package.jst完成此操作
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.