files rules
Ensure published files are correct — no sensitive files, proper shebang, valid dependencies.
Rules (10)
| Rule | Description | Severity | Fixable |
|---|---|---|---|
files-field | Check that files field exists and is configured correctly | 🟡 warning | 🔧 |
sensitive | Check for sensitive files in published package and dist | 🔴 error | |
bin-shebang | Check that bin files have a shebang line | 🟡 warning | |
bin-executable | Check that bin files have executable permissions | 🟡 warning | |
all-files-format | Check that all JS files match their expected module format (when no exports field) | 🟡 warning | |
format-validation | Check that .mjs/.cjs files contain the expected module format | 🟡 warning | |
implicit-index-format | Check that implicit index.js matches the declared package type | 🟡 warning | |
prepublish | Check that prepublishOnly script exists | 🟡 warning | 🔧 |
duplicate-dep | Check for packages in both dependencies and devDependencies | 🔴 error | |
local-dependency | Error on file:/link: protocol deps, warn on workspace: protocol | 🔴 error |