chore(deps): update dependency publint to v0.3.21

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
publint (source)	0.2.12 → 0.3.21

---

Release Notes

publint/publint (publint)

v0.3.21

Compare Source

Patch Changes

• Suggest adding "sideEffects": false when bundler-oriented package fields or conditions are detected and the field is missing. (#​228)

v0.3.20

Compare Source

Patch Changes

• Suggest adding engines.node when it is missing from detected Node.js packages (#​226)

• Loosen "breaking change" wording in lint messages (7bb3f4f)

v0.3.19

Compare Source

Patch Changes

• Add NESTED_PACKAGE_JSON_FIELD_IGNORED to warn when published nested package.json files define "exports" or "imports", which Node.js ignores outside the package root. (#​224)

• Fix internal browser directory traversal logic (#​224)

v0.3.18

Compare Source

Patch Changes

• Fix deprecated subpath mapping check crash and make getPkgPathValue from publint/utils return undefined if the path is invalid (ad2aa9c)

v0.3.17

Compare Source

Patch Changes

• Fix packing packages with pnpm when publishConfig.directory is set (#​216)

• Updated dependencies [2dcb107]:

  • @​publint/pack@​0.1.3

v0.3.16

Compare Source

Patch Changes

• Re-enable file existence checks for TS and TSX files if they do not use custom conditions. In v0.3.10, this was done unconditionally instead which missed catching possible file typos if only common conditions are used. (7b1408e)

v0.3.15

Compare Source

Patch Changes

• Skip file existence checks when crawling subpath imports as they may be dev-only and not used after bundling or publish. This check may be improved in the future when publint can scan for files to see if the subpath imports are used. (0d72997)

• Handle exports["default"] and exports['default'] for CJS_WITH_ESMODULE_DEFAULT_EXPORT rule (8285f77)

v0.3.14

Compare Source

Patch Changes

• Add a new warning when an entrypoint is exported as CJS-only, has a default export, and has the __esModule marker. This setup has different interpretations by bundlers and runtimes, and implicit handling detection that may not be obvious for both package authors and users, hence it is discouraged. (#​201)

v0.3.13

Compare Source

Patch Changes

• Improve message for "main" field with empty value and has missing files (0499518)

• Update fallback arrays message for CLI output (37b9dd5)

v0.3.12

Compare Source

Patch Changes

• Fix shebang check to allow spaces after the #! (#​183)

v0.3.11

Compare Source

Patch Changes

• Update EXPORTS_GLOB_NO_DEPRECATED_SUBPATH_MAPPING message and severity to error (#​179)

• Add a new warning when the "exports" or "imports" field contain a fallback array as most tooling will only the pick the first value that can be parsed, and other tooling may work differently leading to inconsistent behaviors (#​180)

v0.3.10

Compare Source

Patch Changes

• Support custom conditions in "exports" that points to raw TS or TSX files. This configuration is common in monorepo setups where packages refer to the raw files among themselves using a custom condition so custom aliasing isn't needed. (b34ea94)

  With this support, the "types" condition is allowed to come after any exports of the raw TS or TSX files. File existence checks are also disabled for raw TS and TSX files reference as after publish these files may intentionally be not published.

v0.3.9

Compare Source

Patch Changes

• Support the formatMessage utility in the browser. It has a new color: 'html' option to highlight important parts with <strong> tags instead of ANSI colors. It also has a new reference: boolean option so the messages are worded in reference of the message location. (e1cfef0)

• If formatMessage is passed a package.json object with missing keys, the message part that references the value will now fallback to "undefined" instead of completely erroring out. (45962d1)

v0.3.8

Compare Source

Patch Changes

• Support passing a tarball path to the publint CLI. This allows to easily lint any tarball files at hand. (#​166)

  npx publint ./mylib-1.0.0.tgz

• The publint API now returns a pkg object as a convenience to pass it to formatMessage (#​166)

• Updated dependencies [02d169b]:

  • @​publint/pack@​0.1.2

v0.3.7

Compare Source

Patch Changes

• The "imports" field is now linted with the following rules: (#​162)

  • IMPORTS_KEY_INVALID: Ensure the imports key starts with a #
  • IMPORTS_VALUE_INVALID: Ensure the imports value is a valid path that starts with a ./
  • IMPORTS_GLOB_NO_MATCHED_FILES: Ensure the imports glob matches at least one file
  • IMPORTS_DEFAULT_SHOULD_BE_LAST: Ensure the "default" condition is last in an entrypoint's object
  • IMPORTS_MODULE_SHOULD_BE_ESM: Ensure the "module" condition file is ESM
  • IMPORTS_MODULE_SHOULD_PRECEDE_REQUIRE: Ensure the "module" condition precedes the "require" condition in an entrypoint's object

• Improve SSH git URL detection when checking the "repository" field. Values like "git@github.com:user/project.git" is now detected as a valid git URL, but will be suggested to use a full git URL instead, like "git+ssh://git@github.com/user/project.git" (28da844)

• Fix exports types message when the "require" or "import" condition already exists but the dts file format is still invalid (a731ec3)

v0.3.6

Compare Source

Patch Changes

• Fix checking bin field file path that omits .js or /index.js (04f289e)

v0.3.5

Compare Source

Patch Changes

• Check the "bin" field if the referenced file exists, has the correct JS format, and can be executed (#​150)

• Deprecate the deps command. The command has been tricky to maintain and incomplete (e.g. doesn't lint recursively). A separate tool can be used to run publint on dependencies instead, e.g. npx renoma --filter-rules "publint". (#​149)

v0.3.4

Compare Source

Patch Changes

• When globbing "exports" values that contains *, also respect "exports" keys that mark paths as null. For example: (b9605ae)

  {
    "exports": {
      "./*": "./dist/*",
      "./browser/*": null
    }
  }

  The glob in "./*": "./dist/*" will no longer match and lint files in "./browser/*" as it's marked null (internal).

• Update logs when running the publint CLI: (58d96a2)

  • The publint version is now displayed.
  • The packing command is also displayed.
  • Messages are now logged in the order of errors, warnings, and suggestions, instead of the other way round, to prioritize errors.
  • The publint deps command no longer logs passing dependencies. Only failing dependencies are logged.

  Examples:

  $ npx publint
  $ Running publint v0.X.X for my-library...
  $ Packing files with `npm pack`...
  $ All good!

  $ npx publint deps
  $ Running publint v0.X.X for my-library deps...
  $ x my-dependency
  $ Errors:
  $ 1. ...

• Fix detecting shorthand repository URLs with the . character (09d8cbb)

• Clarify message when "types" is not the first condition in the "exports" field (5a6ba00)

• Correctly detect if a "types" value in "exports" is used for dual publishing (3f3d8b2)

v0.3.3

Compare Source

Patch Changes

• Rename EXPORT_TYPES_INVALID_FORMAT message to EXPORTS_TYPES_INVALID_FORMAT (#​139)

• Allow versioned types conditions (e.g. "types@>=5.2") in "exports" when checking for "types" condition ordering (#​138)

v0.3.2

Compare Source

Patch Changes

• (Potentially breaking) Disable running lifecycle scripts, such as prepare, prepack, and postpack, when running the pack command internally. This returns to the behavior in v0.2. (Note that this change does not apply to yarn as it does not support ignoring lifecycle scripts for local projects) (#​128)

  This change is made as running lifecycle scripts was an unintentional behavior during the v0.3 breaking change, which could cause the linting process to take longer than expected, or even cause infinite loops if publint is used in a lifecycle script.

• Update repository and bugs URLs to point to the new publint organization (1eda033)

• Updated dependencies [1eda033, 10e3891]:

  • @​publint/pack@​0.1.1

v0.3.1

Compare Source

Patch Changes

• Add a new warning when an entrypoint is exported as CJS-only, has a default export, and has the __esModule marker. This setup has different interpretations by bundlers and runtimes, and implicit handling detection that may not be obvious for both package authors and users, hence it is discouraged. (#​201)

v0.3.0

Compare Source

Minor Changes

• The vfs option is removed in favour of an extended support of pack: { tarball: ArrayBuffer | ReadableStream } and pack: { files: PackFile[] } APIs. Now, it is even easier to use publint in the browser or against a packed .tgz file in Node.js. See the docs for more examples of how to use these new options. (#​122)

• Bump node version support to >=18 (cb2ed8b)

• publint now runs your project's package manager's pack command to get the list of packed files for linting. The previous npm-packlist dependency is now removed. (#​120)

  NOTE: In this release (v0.3.0), the pack command also runs lifecycle scripts like prepare, prepack, and postpack. This behavior is unintentional and is fixed in v0.3.2, where they will no longer run (except for yarn as it does not support ignoring lifecycle scripts for local projects). This returns to the behavior in v0.2.

  A new pack option is added to the node API to allow configuring this. It defaults to 'auto' and will automatically detect your project's package manager using package-manager-detector. See its JSDoc for more information of the option.

  This change is made as package managers have different behaviors for packing files, so running their pack command directly allows for more accurate linting. However, as a result of executing these commands in a child process, it may take 200-500ms longer to lint depending on the package manager used and the project size. The new handling also does not support yarn 1. See this comment for more information.

  If you use yarn 1, you should upgrade to the latest yarn version or a different package manager. Otherwise, no other changes are required for this new behavior.

Patch Changes

• Initial setup to publish with Changesets (24a62f5)

• When a dependency with the file: or link: protocol is specified in the package.json, it will now error to prevent accidentally publishing dependencies that will likely not work when installed by end-users (6e6ab33)

• Fix EXPORT_TYPES_INVALID_FORMAT linting to detect .d.mts and .d.cts files (af5e88b)

• Updated dependencies [d0b406b]:

  • @​publint/pack@​0.1.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 1fac3ac

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR