npmignore: Don't include the source of tests #5799

glasser · 2021-10-08T23:35:40Z

We know of no reason that including the source of tests in built npm
packages would be helpful, and we've heard reports that including the
RSA private key fixture as we do in apollo-server-core can trigger
security scans.

Change how we drop tests from "dist" to drop the whole test directory in
case some other files sneak in there.

Fixes #5781.

We know of no reason that including the source of tests in built npm packages would be helpful, and we've heard reports that including the RSA private key fixture as we do in apollo-server-core can trigger security scans. Change how we drop tests from "dist" to drop the whole test directory in case some other files sneak in there. Add a comment to the one npmignore file that differs from the others. Fixes #5781.

glasser added the 2021-10 label Oct 8, 2021

glasser force-pushed the glasser/no-bundle-tests branch 2 times, most recently from 71ce883 to 669c710 Compare October 8, 2021 23:41

glasser force-pushed the glasser/no-bundle-tests branch from 669c710 to fd3462c Compare October 8, 2021 23:42

glasser enabled auto-merge (squash) October 8, 2021 23:42

glasser merged commit 61695f1 into main Oct 8, 2021

glasser deleted the glasser/no-bundle-tests branch October 8, 2021 23:46

github-actions bot locked as resolved and limited conversation to collaborators Apr 20, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

npmignore: Don't include the source of tests #5799

npmignore: Don't include the source of tests #5799

glasser commented Oct 8, 2021

npmignore: Don't include the source of tests #5799

npmignore: Don't include the source of tests #5799

Conversation

glasser commented Oct 8, 2021