list-npm-package-content

by vercel

list-npm-package-content helps you inspect the exact files that npm will publish by building the package, creating a tarball, listing its contents, and cleaning up. Useful for verifying build output, catching missing files, and debugging npm publish or deployment issues.

Stars0

Favorites0

Comments0

AddedMar 31, 2026

CategoryDeployment

Install Command

npx skills add vercel/ai --skill list-npm-package-content

Curation Score

This skill scores 68/100, which means it is acceptable to list for directory users who want a focused npm publishing check, but they should expect a narrow workflow with some execution assumptions left implicit. The repository gives a clear trigger, a concrete command, and a real script that lists tarball contents, so an agent can use it with less guesswork than a generic prompt. However, install-decision clarity is limited by the lack of setup guidance, constraints, and edge-case handling.

68/100

Strengths

Strong triggerability: the description clearly says to use it for checking npm bundle contents or debugging publish issues.
Real executable workflow: SKILL.md points to `bash scripts/list-package-files.sh`, and the script actually builds, packs, lists files, and cleans up.
Helpful packaging context: the skill explains how `files`, `.npmignore`, `.gitignore`, and npm's always-included/excluded rules affect results.

Cautions

Environment assumptions are implicit: the script requires `pnpm`, a working build, and running from the package directory, but setup prerequisites are not documented.
Limited operational depth: there is no guidance for failures, monorepo/package selection beyond one example, or how to interpret unexpected output.

Npm Pnpm Cli Bash Node.js

Overview

Overview of list-npm-package-content skill

What list-npm-package-content actually does

The list-npm-package-content skill helps you inspect the exact files that would ship in an npm package tarball before you publish. Its practical job is simple: build the package, create the tarball, list the tarball contents, and remove the temporary archive so you can verify what users would actually install.

Best fit for this skill

This skill is most useful for package maintainers, release engineers, and library authors who need to answer questions like:

“Did my build output make it into the published package?”
“Why is npm shipping source files, test fixtures, or secrets?”
“Why is a required file missing after install?”
“Will this package work in deployment environments that only see published artifacts?”

If you maintain monorepos or publish from subpackages, this is especially relevant.

The real job-to-be-done

The real value of list-npm-package-content is not just printing files. It reduces release risk before publish by showing the packaged result that npm consumers receive, which is often different from your repository tree. That matters when debugging package size, missing build artifacts, accidental file leaks, and deployment failures caused by incomplete published output.

What makes it different from a generic prompt

A generic AI prompt might tell you to “check files, .npmignore, and .gitignore.” This skill is stronger because it centers the decision on the actual tarball result, not just the config rules. In practice, the tarball is what matters. The included helper script also gives a concrete workflow: build, pack, inspect, clean up.

Key constraints to know before installing

The current list-npm-package-content skill is intentionally narrow:

It is focused on npm package contents, not full release validation.
The helper script assumes a pnpm-based workflow.
It expects you to run from the package directory you want to inspect.
It does not explain every npm packaging edge case for you; you still need to interpret the output.

If you want a broad packaging tutorial, this is too focused. If you want a fast pre-publish check, it is a good fit.

How to Use list-npm-package-content skill

Install context for list-npm-package-content

Use the skill in an environment where the target package can already build successfully. The repository evidence shows the packaged workflow is driven by a shell script:

bash scripts/list-package-files.sh

That script runs:

pnpm build
pnpm pack
tar -tzf on the created tarball
cleanup of the tarball

So before using list-npm-package-content, confirm your environment has pnpm, tar, and the project dependencies available.

Read these files first

For this skill, the fastest useful reading path is:

skills/list-npm-package-content/SKILL.md
skills/list-npm-package-content/scripts/list-package-files.sh
The target package's package.json
The target package's .npmignore if present
The target package's .gitignore if no .npmignore exists

That order mirrors how you move from abstract guidance to the exact packaging rules that control output.

What input the skill needs from you

To use list-npm-package-content well, provide the agent with:

the package path, such as packages/ai
the package manager in use
whether the package must be built before packing
what you are trying to verify
any suspicious files or missing files you care about

Good inputs are concrete. “Check my package” is weak. “Show whether dist/, README.md, and generated type files are included, and confirm test fixtures are excluded” is much better.

The practical invocation workflow

A practical workflow for list-npm-package-content usage looks like this:

Change into the package directory.
Run the helper script if your repo layout matches the skill.
Review the tarball file list.
Compare the result against:
- package.json files
- .npmignore
- build output expectations
Adjust packaging config and rerun.

This is best used as a loop, not a one-off command.

Example prompt that triggers the skill well

A stronger prompt for an agent is:

“Use list-npm-package-content on packages/my-lib. Build the package, list the tarball contents, and tell me whether dist/, type declarations, and README.md are included. Flag any source files, tests, env files, or large artifacts that should probably not ship.”

Why this works:

It names the package path.
It states the desired inspection targets.
It asks for both inclusion and exclusion review.
It makes the output decision-oriented, not just descriptive.

Stronger prompts for deployment checks

For list-npm-package-content for Deployment, tailor the prompt to runtime needs:

“Use list-npm-package-content on packages/sdk and verify the published tarball contains all files needed for production install in CI and serverless deployment. Confirm compiled output exists, entry points resolve, and no local-only files are required at runtime.”

This improves results because deployment failures often come from missing built assets rather than obvious packaging mistakes.

What the helper script is really validating

The bundled shell script validates the packaged outcome, not just declared intent. It effectively asks:

Did the build produce the expected artifacts?
Did pnpm pack include them?
Does the tarball match what end users will download?

That makes the skill particularly useful when repository contents and publish contents diverge.

How npm decides what appears in the tarball

The skill surfaces the key packaging rules you should inspect:

files in package.json
.npmignore
.gitignore when .npmignore is absent
npm's always-included files like package.json, README, LICENSE, CHANGELOG
npm's always-excluded paths like .git, node_modules, .npmrc

This hierarchy matters. Many packaging bugs come from assuming the repo tree automatically matches the published package.

When to use this instead of only reading package.json

Use list-npm-package-content when config inspection is not enough. Reading package.json can tell you intent, but not whether the built tarball actually contains the expected files after build tooling, ignore rules, and generated outputs all interact. For release verification, the tarball output is more trustworthy than the config alone.

Common adaptation needs in real repos

You may need to adapt the script if:

your repo uses npm or yarn instead of pnpm
your build command differs from pnpm build
you want to inspect a package without rebuilding
you publish from a monorepo package path
your environment does not have GNU-compatible shell tooling

That does not reduce the value of the skill, but it does mean list-npm-package-content install is more about workflow adoption than drop-in portability.

list-npm-package-content skill FAQ

Is list-npm-package-content beginner-friendly

Yes, if you already understand basic package publishing. The skill is narrow and concrete, which helps beginners avoid abstract npm documentation. The main blocker is environment setup: you need to know where the package directory is and whether it requires a build step before packing.

What problem does this solve better than an ordinary prompt

list-npm-package-content is better than an ordinary prompt when you need an execution-oriented answer. Instead of only explaining npm rules, it gives you a reproducible check against the actual tarball contents. That is more useful for pre-publish QA and debugging missing files.

Does this replace npm pack or npm publish dry runs

Not exactly. The skill is built around the same packaging reality, but its value is the guided workflow and the included script pattern. Think of it as a reliable inspection routine around packing, not a separate packaging system.

Is list-npm-package-content only for monorepos

No. It works for single-package repos too. It becomes even more valuable in monorepos because package boundaries, build outputs, and publish roots are easier to get wrong there.

When should I not use list-npm-package-content

Skip this skill if your question is purely about npm versioning, changelog generation, registry auth, or release automation. Also skip it if you only need a conceptual explanation of files and ignore rules without inspecting a real package.

Can I use this for deployment debugging

Yes. list-npm-package-content for Deployment is a strong use case when production installs fail because the published package is missing compiled files, runtime assets, or declaration files. It helps you verify what downstream environments actually receive.

How to Improve list-npm-package-content skill

Start with a decision-focused prompt

To get better results from list-npm-package-content, ask a question that supports a decision. For example:

verify required runtime files
detect unexpected shipped files
compare shipped contents to repo structure
explain why a specific file is missing

This yields a better outcome than simply asking for a file list.

Name the exact package path and expected artifacts

The single highest-value improvement is to specify:

package directory
expected build output
package entry points
files that must exist in the tarball
files that must not exist

Example:

“Run list-npm-package-content for packages/ui and confirm dist/index.js, dist/index.d.ts, and README.md are included, while src/, tests, and .env files are excluded.”

This turns vague inspection into publish validation.

Compare tarball output against package entry points

A common failure mode is that the tarball includes files, but not the ones referenced by main, module, exports, or types. Improve the skill output by explicitly asking for that comparison:

“List packaged files and verify they satisfy the paths referenced in package.json exports and types fields.”

That catches many broken publishes early.

Use it iteratively after config changes

The best workflow is iterative:

inspect tarball
change files or ignore rules
rebuild and repack
compare again

list-npm-package-content guide quality improves when you treat the first output as a diagnostic baseline, not the final answer.

Watch for false confidence from successful builds

A successful build does not mean a correct publish. The build may generate dist/, but your tarball can still exclude it. When using list-npm-package-content, ask the agent to separate “build succeeded” from “published package is complete.” That distinction is where the skill adds real value.

Improve portability if your tooling differs

If your repo does not use pnpm, adapt the helper script logic rather than the purpose:

replace pnpm build with your build command
replace pnpm pack with the equivalent pack command
keep the tarball listing and cleanup steps

This preserves the core of list-npm-package-content usage while matching your environment.

Common failure modes to check first

The most common issues worth checking are:

dist/ missing from the tarball
source files included unintentionally
test data or fixtures shipped
ignore files excluding required assets
README or license files missing unexpectedly
entry points referencing files not present in the tarball

If you ask the skill to check these explicitly, the output becomes much more actionable.

Ask for explanation, not just enumeration

To improve output quality, request both the file list and the likely reason behind inclusion or exclusion. For example:

“List the tarball contents and explain which rules likely caused unexpected files to be included or omitted.”

That pushes the skill from inspection into debugging support.

Use list-npm-package-content before every release candidate

The most practical improvement is process-based: run list-npm-package-content before release candidates, not after a broken publish. It is a lightweight preflight check that can prevent avoidable support, rollback, and deployment issues.

Ratings & Reviews

No ratings yet

Share your review

0/10000

Latest reviews

Saving...

more skill

uv-package-manager

by wshobson

Use the uv-package-manager skill to plan installs, migrate from pip or Poetry, and apply practical uv workflows for Python project setup, lockfiles, CI, Docker, and workspaces.

Project Setup

Favorites 0GitHub 32.6k

aspire

by github

aspire skill for install, AppHost setup, local run, dashboard debugging, and publish workflows for Deployment. Covers CLI usage, references, troubleshooting, and the key publish-vs-deploy boundary.

Deployment

Favorites 0GitHub 0

deploy-to-vercel

by vercel-labs

deploy-to-vercel is a Vercel deployment skill that checks repo state, local project linking, CLI auth, and team scope before deploying. It defaults to preview deploys, supports helper scripts, and helps return the deployment URL with less guesswork.

Deployment

Favorites 0GitHub 24k

expo-cicd-workflows

by expo

expo-cicd-workflows helps create, edit, and validate Expo EAS workflow YAML. Install the skill, fetch the live schema and docs, then generate or fix .eas/workflows files with validator-backed guidance for builds, submissions, updates, and deployment pipelines.

Deployment

Favorites 0GitHub 1.6k

python-packaging

by wshobson

Use the python-packaging skill to structure, build, and publish Python packages with pyproject.toml, wheels, source distributions, CLI entry points, and PyPI-ready workflows.

Deployment

Favorites 0GitHub 32.6k

k8s-manifest-generator

by wshobson

k8s-manifest-generator helps generate production-shaped Kubernetes manifests for Deployment, Service, ConfigMap, Secret, and PVC resources using repo templates and spec references.

Deployment

Favorites 0GitHub 32.6k

bash-defensive-patterns

by wshobson

bash-defensive-patterns helps agents write safer Bash for production automation, CI/CD, and system scripts with strict mode, traps, cleanup, quoting, and input validation.

Backend Development

Favorites 0GitHub 32.6k

python-configuration

by wshobson

python-configuration helps design Python app config with environment variables, typed settings, and fail-fast startup validation. Use it to structure backend settings, adopt pydantic-settings, manage secrets safely, and handle environment-specific behavior.

Backend Development

Favorites 0GitHub 32.6k

gitops-workflow

by wshobson

gitops-workflow helps you design Kubernetes GitOps with ArgoCD or Flux, covering install paths, repo structure, sync policies, and deployment-ready usage guidance.

Deployment

Favorites 0GitHub 32.6k

helm-chart-scaffolding

by wshobson

helm-chart-scaffolding helps scaffold and organize Helm charts for Kubernetes apps with templates, chart structure guidance, and validation steps for Deployment, Service, ingress, values, and Helm lint workflows.

Deployment

Favorites 0GitHub 32.6k

turborepo-caching

by wshobson

turborepo-caching helps configure Turborepo caching for faster monorepo builds, tests, and CI. Learn setup, remote caching, cache-safe outputs, env handling, and cache-miss debugging from the SKILL.md guidance.

Performance Optimization

Favorites 0GitHub 32.6k

vercel-cli-with-tokens

by vercel-labs

vercel-cli-with-tokens helps agents use the Vercel CLI with access tokens instead of interactive login. Follow its auth-first workflow to find a token, export VERCEL_TOKEN, and then handle deploy, link, or env management tasks in headless or CI-style environments.

Deployment

Favorites 0GitHub 24k

expo-deployment

by expo

expo-deployment helps ship Expo apps with EAS across iOS App Store, Google Play, web hosting, TestFlight, metadata, and CI/CD workflows.

Deployment

Favorites 0GitHub 1.6k

claimable-postgres

by neondatabase

claimable-postgres helps you provision a temporary Neon Postgres database fast with no signup. Use REST API, CLI, SDK, or Vite plugin to get a DATABASE_URL for local development, demos, tests, and short-lived review environments. Databases expire after 72 hours unless claimed.

Database Engineering

Favorites 0GitHub 43

github-actions-docs

by xixu-me

github-actions-docs helps agents answer GitHub Actions questions with official docs grounding. Use it to explain workflow YAML, triggers, runners, security, migrations, and docs-backed usage for developers and technical writing teams.

Technical Writing

Favorites 0GitHub 6

openclaw-secure-linux-cloud

by xixu-me

openclaw-secure-linux-cloud helps you install and use OpenClaw securely on a Linux cloud host with a private-first setup, loopback binding, SSH tunneling, Tailscale or reverse proxy tradeoffs, and tight defaults for Podman, token auth, pairing, sandboxing, and tool permissions.

Cloud Architecture

Favorites 0GitHub 6