Hacker News new | comments | ask | show | jobs | submit login

There's an easy way to prevent credential leakage when publishing to npm => Explicitly list the files to include in the package through the `files` property in package.json.

Docs: https://docs.npmjs.com/files/package.json#files

Example: https://github.com/sindresorhus/got/blob/2f5d5ba94d625802880...

I have taken to this route. It also clears out the cruft to bring dependency directory size down. Your module doesn't need .editorconfig or README.md and other stuff to run, remove it from the published stuff.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact