[no-extraneous-dependencies] Use package.json "files" field · import-js/eslint-plugin-import#2749

(1 comment) (0 reactions) (0 assignees)JavaScript (4,946 stars) (1,540 forks)batch import

enhancementhelp wanted

Description

Currently, [no-extraneous-dependencies] allows usage of a glob pattern with the option devDependencies.

This pattern is used to avoid emitting the following warning:

'pkg' should be listed in the project's dependencies, not devDependencies

See import/no-extraneous-dependencies

When a dev wants to include a folder, while still supporting a recommended eslint ruleset (eg: airbnb-base), special configuration may have to be done over the override property. In addition to allowing this configurable pattern, we can use already existing files field in package.json properties to extend the glob pattern list. Here is a citation from the documentation:

The optional files field is an array of file patterns that describes the entries to be included when your package is installed as a dependency. File patterns follow a similar syntax to .gitignore, but reversed: including a file, directory, or glob pattern (, **/, and such) will make it so that file is included in the tarball when it's packed. Omitting the field will make it default to ["*"], which means it will include all files.

Some special files and directories are also included or excluded regardless of whether they exist in the files array (see below).

You can also provide a .npmignore file in the root of your package or in subdirectories, which will keep files from being included. At the root of your package it will not override the "files" field, but in subdirectories it will. The .npmignore file works just like a .gitignore. If there is a .gitignore file, and .npmignore is missing, .gitignore's contents will be used instead.

Files included with the "package.json#files" field cannot be excluded through .npmignore or .gitignore.

https://docs.npmjs.com/cli/v9/configuring-npm/package-json#files

Therefore, it should be reasonable we can conclude the following:

if the JSFILE has an import that is in devDependencies and the JSFILE is to be included
- emit devDepErrorMessage
if the JSFILE has an import that is not in dependencies and the JSFILE is to be included
- emit missingErrorMessage
if the JSFILE has an import that is not in devDependencies and the JSFILE is NOT to be included
- emit missingDevErrorMessage (new error)

If the files field is blank, then .npmignore is to be checked. If there is no .npmignore then, then check .gitignore.

This will allow users to configure their dependencies/devDependencies only once without having to configure the eslint rule to match the contents of the files field. (less duplication of work)

Caveats include packages that include files used by dev dependencies. I'm not sure of the use case right, but I'm sure they exist. Therefore, the configurable eslint rule property devDependencies should probably still exist.

Contributor guide

Tech stack: javascriptnodejs
Domain: developer experiencetooling
Issue type: feature
Difficulty: 3
Estimated time: half day
Activity status: fresh
Clarity: clear
Prerequisites: JavaScriptNode.jsnpm package.json 'files' field
Newbie friendliness: 60
Research direction: Study the existing implementation of the no extraneous dependencies rule in the eslint plugin import repository. Understand the current devDependencies option and how glob patterns are processed. Review the npm documentation for the 'files' field in package.json. After understanding, implement logic to check if the file's imports are in dependencies/devDependencies based on the 'files' field, following the examples provided in the issue.