fix: do not include yarn-related files in released bundle

[Simek]

Why

While browsing through React Native Directory using Bundle Size sort I have spotted that @invertase/react-native-apple-authentication package have unusual large bundle (106 MB).

How

Explore the current bundle on npm to find the root cause:

• https://www.npmjs.com/package/@invertase/react-native-apple-authentication?activeTab=code

It ended up being a .yarn with publisher local cache and yarn bin file, which is a part of the repository.

To fix that problem, and prevent similar accidents to happen on publish, I have modified the .npmignore file to exclude all Yarn-related files, the second example app (example-other), ReleaseIt config file and all archives created by running npm pack locally (*.tgz).

Currently published package on npm (latest)

unpacked size: 106 MB
total files: 893

npm pack before changes (no additional local files)

npm notice filename: invertase-react-native-apple-authentication-2.5.0.tgz
npm notice package size: 2.2 MB
npm notice unpacked size: 6.3 MB
npm notice total files: 68

npm pack after changes

npm notice filename: invertase-react-native-apple-authentication-2.5.0.tgz
npm notice package size: 33.9 kB
npm notice unpacked size: 131.2 kB
npm notice total files: 39

[CLAassistant]

All committers have signed the CLA.

[mikehardy]

Oh my - thanks for spotting that and posting a PR

[mikehardy]

Ok - all looks good. Thanks again

Appears it's time to test the re-automation of releases here in combo with NPM Trusted Publish. All pretty fresh. Hope it works! If not I'll have some fixups to do but I'll get this shipped

[mikehardy]

there's a chance in the future this module may need patches or be typescript (requiring a post-install build step), and I usually like to make sure that in all normal cases you could run a yarn in the node_modules installed directory of a module in order to do patch-package style in-place development

But I can't see a way to ship .yarnrc.yml and the .yarn/plugins contents without bloating the normal build by at least 1.7kb already (the postinstall plugin) even though 99.9999% of people will never ever want or use it.

So, on balance I considered asking for the yarnrc and the plugins to stay in place, but I agree with leaving them - it wasn't just casually approved though, I did think about it - in case I or someone in the future looks through this and is curious about the thought process.

Cheers

[Simek]

Thanks for the quick merge and providing your POV on that. I agree that .yarnrc.yml and the .yarn/plugins parts can be left in, they do not that that much space, and their overall contribution to the package size is ~1%, which should not be a problem., we are not taking several MBs here. 🙂

[mikehardy]

altered to fix PR title and will squash merge with the PR title so it triggers a release

I think this is more than a chore, it's a real benefit to folks

[mikehardy]

@Simek you noticed this - so you'll probably be able to verify correctness faster than anyone else. It merged and seemingly published correctly as 2.5.1 - https://github.com/invertase/react-native-apple-authentication/releases/tag/v2.5.1 - if you see problems still with 2.5.1 please let me know. Thanks again

[Simek]

According to npm registry, package size seems to be fine now (as low, as expected). 🙏

Will try upgrading the package in one of my projects later today, but I do not expect any user-side issues.