From 68b7c96982c2f4cf5b9d7070f07a478364bd034b Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Thu, 27 Jun 2019 14:05:51 -0700
Subject: [PATCH] Never include .git folders in package root

Git folders are in the default ignore set.  However, occasionally git
can create a file named 'readme', or another of npm's 'always include'
filenames.

This roots the always-include filename set to the root with a /, and
also avoids even walking the root's .git folder.  (Git folders can still
be included explicitly deeper in the package, if they are included in a
package.json files list, or un-ignored in a .gitignore or .npmignore.)
---
 index.js        | 14 ++++++++++++++
 test/ignores.js |  6 ++++++
 2 files changed, 20 insertions(+)

diff --git a/index.js b/index.js
index 777b585..fc328c7 100644
--- a/index.js
+++ b/index.js
@@ -90,6 +90,12 @@ const npmWalker = Class => class Walker extends Class {
     }
   }
 
+  onReaddir (entries) {
+    if (!this.parent)
+      entries = entries.filter(e => e !== '.git')
+    return super.onReaddir(entries)
+  }
+
   filterEntry (entry, partial) {
     // get the partial path from the root of the walk
     const p = this.path.substr(this.root.length + 1)
@@ -147,6 +153,14 @@ const npmWalker = Class => class Walker extends Class {
 
     // if there's a bin, browser or main, make sure we don't ignore it
     // also, don't ignore the package.json itself!
+    //
+    // Weird side-effect of this: a readme (etc) file will be included
+    // if it exists anywhere within a folder with a package.json file.
+    // The original intent was only to include these files in the root,
+    // but now users in the wild are dependent on that behavior for
+    // localized documentation and other use cases.  Adding a `/` to
+    // these rules, while tempting and arguably more "correct", is a
+    // breaking change.
     const rules = [
       pkg.browser ? '!' + pkg.browser : '',
       pkg.main ? '!' + pkg.main : '',
diff --git a/test/ignores.js b/test/ignores.js
index d997584..be16ec7 100644
--- a/test/ignores.js
+++ b/test/ignores.js
@@ -121,6 +121,12 @@ t.test('setup', t => {
     path.join(gitDir, 'gitstub'),
     "won't fool git, also won't be included"
   )
+  const gitDeep = path.join(pkg, '.git/logs/refs/remotes/name')
+  mkdirp.sync(gitDeep)
+  fs.writeFileSync(
+    path.join(gitDeep, 'readme'),
+    'please do not include git dirs (or even walk to them)'
+  )
 
   const historyDir = path.join(pkg, 'node_modules/history')
   mkdirp.sync(historyDir)