Right now I can't see what commits was released. This is why we have this best practices:

1. Use separated Release x.x.x commit to update version in package.json and add section to ChangeLog.
2. Sign this commit by git tag -s x.x.x (x.x.x is a version number). You may need to have PGP keys. Upload them to GitHub, so GitHub will show that this release was made by you and not by a hacker.

Every open source project must have tests (and run it on Travis CI).

At least, ESLint to check syntax error.

Technically this isn't an issue with your code (sorry in advance!), but having found this package very useful for managing our npm modules, I'm wondering if the clean-publish package can be used with the vsce publish and vsce package tool for packaging/publishing visual studio code extensions?

vscode extensions are very like npm modules, running on node with a package.json, etc. AFAICT, the only difference is instead of the npm command line tool, its vsce

If it's not currently something that your module can do, are there any any plans to make it so?

➜ npx clean-publish
/usr/bin/env: ‘node\r’: No such file or directory
npm ERR! code 127
npm ERR! path /home/ai/Dev/storeon
npm ERR! command failed
npm ERR! command sh -c clean-publish

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/ai/.npm/_logs/2020-10-22T23_37_49_537Z-debug.log

@shashkovdanil maybe we use a Windows \r\n and it causes a problem in npm 7 on Linux?

I think this tool has to run prepublishOnly or prepublish scripts from package.json after start clone some files

Not all ignored files are a configs

Hello.
How can I use clean-publish with semantic-release?

The reason behind Cult of Martians task was not to clean files (like .eslintrc). We already have .npmignore for it.

The reason was to clean package.json. For example, "eslintConfig": key in package.json.

yarn exec -- clean-publish
yarn exec v1.21.1
env: node\r: No such file or directory
error Command failed.

You should re-publish it with LF line-endings.

I want to run a small script during the release (which will transform ESM files to CJS). clean-publish is a perfect place.

I am suggesting this API. package.json:

  "clean-publish": {
    "beforeScript": "esm-compiler"
  }

clean-publish will call esm-compiler /home/ai/Dev/project/tmp-jv4j3hvj3.

@shashkovdanil what do you think?

People don’t like to read docs. They mostly look for some simple way to get information. This is why small example will be great. It should show what exactly clean-publish does and show benefits of using it.

New versions should be on top. Since most of the users will open this file to check changes in the latest release.

Need support --tag. Command example:

npx dual-publish --tag beta

Docs: https://docs.npmjs.com/cli/publish

I want to use clean-publish, so I add the publish script to my package.json:

"scripts": {
    "publish": "clean-publish",
    "postversion": "some postversion script",
    "test": "some test script"
}

If I now run clean-publish --dry-run (to see what gets exported), but the process gets caught in an endless loop.

I tried to investigate; when I look into the cleaned package.json, I notice the following:

"scripts": {
    "publish": "clean-publish",
    "postversion": "some postversion script"
}

The publish script isn't deleted and is thus being called over and over. Inside the temporary directory, I notice an endless tree of temporary directories.

Getting this vulnerability due to a dependency of clean-publish. Though this problem only matters in devDependencies, I feel it is better to resolve it as much as possible. I also verified that the latest version of yargs does not have this vulnerability.

Is it possible to update the dependency without breaking anything?

It runs failed on GitLab runner.

I want to use this tool alongside with np, is it possible?
https://github.com/sindresorhus/np

And if answer is yes, then how?

np supports argument --contents to specify folder to publish, but clean-publish creates temporary folder with a new name each time

https://keepachangelog.com/en/1.0.0/

I'm not sure about that and don't really understand what isTTY property stands for, but it looks like it might be false even if no data provided in stdin - I've tested in github actions, and it fails with error

SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at Socket.<anonymous> (/home/runner/work/dts-bundle-generator/dts-bundle-generator/node_modules/clean-publish/utils.js:43:29)
    at Socket.emit (events.js:328:22)
    at endReadableNT (_stream_readable.js:1201:12)
    at processTicksAndRejections (internal/process/task_queues.js:84:21)`

Related to actions/runner#241

@ai, не получается установить npm пользователя глобально. После перехода в tmp директорию и попытки выполнить npm publish просит выполнить npm adduser.

My package.json contains {"postinstall": "simple-git-hooks && yarn-deduplicate --strategy fewer || exit 0"}, it is unexpected to preserve on publishing.

I just found I could change it to prepare, but it would be better to override this package's config.

To publish scoped packages we need to run npm publish --access=public. So I suggest to add npx clean-publish --access=public support.

/cc @shashkovdanil

Are these scripts necessary if --without-publish is used?

• version
• postversion
• postpack
• prepublish
• publish
• postpublish

Is there any reason why in

Can we safely remove "files" from package.json?
It works like .npmignore, but in reverse.

Hi, nice idea!

But it might be useful to use regexps in ignore list too. Because even ESLint has 5 variations of config name:

Better use one regexp rather than copy-paste each variation I think 🤔

I need to remove single file from within subfolder, but I cannot make this work... Is this possible somehow?

Good docs in the first section explain the reasons behind the tool and show some self-explain example

It allows you to specify a white list of files to publish

https://docs.npmjs.com/files/package.json#files

Hello! I've read about this package in @ai's twitter and tried to check the difference of published size for my package.

So, I use npm publish --dry-run to check the list of file to publish and the final size of package. I think, the same mode for this package can be useful to emphasize difference between native publish and this package.

Example of dry-mod in npm:

➜  eslint-plugin-effector git:(master) ✗ npm publish --dry-run        
npm notice 📦  [email protected]
npm notice === Tarball Contents === 
...
npm notice 2.0kB rules/no-ambiguity-target/no-ambiguity-target.js                                        
...                                                             
npm notice === Tarball Details === 
npm notice name:          eslint-plugin-effector                  
npm notice version:       0.3.1                                   
npm notice package size:  8.4 kB                                  
npm notice unpacked size: 34.8 kB                                 
...
npm notice total files:   32                                      

Реализовано:

• Копирование только нужных файлов в tmp директорию
• Удаление ненужных полей и скриптов из package.json
• Установка доп. файлов и полей через аргументы
• Выполнение npm publish после копирования файлов и очистки package.json
• Удаление tmp директории после публикации

Осталось сделать:

• Написать тесты
• Убрать ненужные скрипты из файла npm-scripts.js
• Подумать над новыми фичами и составить их список

@ai, можешь пожалуйста провести код-ревью и посмотреть библиотеку?

Hello everyone, thank you for such a useful package!

Have you thought about separating the CLI API (handleOptions) of the JS API (run function content)?
And makes package.json exports.

I'll explain the motivation:
Right now, I'm using clean-publish in my CLI tools with a call to process.spawn and passing a bunch of arguments, and in monorepos with 50+ packages, such spawn becomes a liitle stuck.

I posted a draft of my thoughts here:
isuvorov@16477fc

I've solved my task, but maybe this will also be useful for you.
I can do this more neatly, write typings, add usage examples in the doc and makes PR.
The only question is, do you need such functionality in principle?

Всем привет, спасибо за такой полезный пакет!

А вы не думали над тем, чтобы отделить CLI API (handleOptions) от самой реализации JS API cleanPublish (в функциии run)?
И раздать его в package.json exports;

Поясню мотивацию:
Сейчас я использую clean-publish в своих CLI инструментах вызова process.spawn и передаю туда с кучей аргументов, и в монорепах с 50+ пакетами такой вызов становится ощутимый.

Драфт моих мыслей выложил тут:
isuvorov@16477fc

Свою задачу я решил, но может вам тоже будет это полезно.
Я могу сделать это более аккуратно, прописать тайпинги, добавить примеры использования в доку и сделать PR.
Вопрос только, нужен ли вам впринципи такой функционал?

Remove "scripts": {} from package.json

Example:
test.js

// TODO: something

module.exports = {
  env: {
    browser: false,
    node: true,
  },
  extends: ['airbnb-base', 'prettier'],
  plugins: ['simple-import-sort', 'prettier'],
  ignorePatterns: [
    '**/node_modules/**',
    '**/__*/**',
    '**/lib/**',
    '**/dist/**',
    '**/build/**',
    '**/coverage/**',
    '**/public/**',
    '!.gitlab-ci.js',
  ],
};

Expected result:

module.exports = {
  env: {
    browser: false,
    node: true,
  },
  extends: ['airbnb-base', 'prettier'],
  plugins: ['simple-import-sort', 'prettier'],
  ignorePatterns: [
    '**/node_modules/**',
    '**/__*/**',
    '**/lib/**',
    '**/dist/**',
    '**/build/**',
    '**/coverage/**',
    '**/public/**',
    '!.gitlab-ci.js',
  ],
};

Actual result:

module.exports = {
  env: {
    browser: false,
    node: true,
  },
  extends: ['airbnb-base', 'prettier'],
  plugins: ['simple-import-sort', 'prettier'],
  ignorePatterns: [
    '**/node_modules
__*
lib
dist
build
coverage
public/**',
    '!.gitlab-ci.js',
  ],
};

P.S.
For now I have turned off the option in projects, if no one takes it in 2 weeks I will fix the regular schedule at Christmas

Пока в проектах опцию выключил, если никто не возьмется за 2 недели пофикшу регулярку на рождественских

Currently the repo is ~30MB big.

./tmp dir in the current dir is a bad idea since:

1. The project maybe have it for a different purpose
2. If you tool will throw a error tmp/ dir will not be cleaned

Node.js has a special API to create tmp dirs

Will it be a good idea to ignore ChangeLog. On one hand, npm force to put CHANGELOG to npm package. On the other, it is a huge file which very rarely is used from node_modules.

When I run npx clean-publish --before-script ./node_modules/.bin/dual-publish my script can’t print with color, chalk do not see color support.

Seems like you need to replace exec to spawn(cmd, { std: 'inherit' })