✨(packaged) Replace keepNodeModules with flexible keep patterns

[dubzzz]

Description

Replaces the keepNodeModules boolean option with a more flexible keep array option that accepts glob patterns. This allows users to preserve any files or directories matching specified patterns, not just node_modules.

Changes

• API: Changed removeNonPublishedFiles() option from keepNodeModules: boolean to keep: string[] (glob patterns)
• CLI: Updated --keep-node-modules flag to --keep <glob> (can be specified multiple times)
• Implementation: Updated pattern matching logic to use glob-based filtering instead of a hardcoded path check
• Tests: Refactored test cases to cover glob pattern matching with multiple scenarios (node_modules, tsconfig files, multiple patterns)
• Documentation: Updated README and type definitions to reflect the new API

Motivation

The new approach is more flexible and allows users to preserve any files or directories matching glob patterns (e.g., tsconfig*, src, etc.) rather than being limited to just node_modules.

Checklist

• I have a full understanding of every line in this PR
• I flagged the impact of my change (minor / patch / major) either by running pnpm run bump or by following the instructions from the changeset bot
• I kept this PR focused on a single concern and did not bundle unrelated changes
• I followed the gitmoji specification for the name of the PR
• I added relevant tests and they would have failed without my PR

https://claude.ai/code/session_01Sf6CnWKuP1jHUcFiLJ97u3

[changeset-bot]

🦋 Changeset detected

Latest commit: 8afc253

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@fast-check/packaged	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[pkg-pr-new]

• @fast-check/examples

@fast-check/ava

npm i https://pkg.pr.new/@fast-check/ava@6713

fast-check

npm i https://pkg.pr.new/fast-check@6713

@fast-check/jest

npm i https://pkg.pr.new/@fast-check/jest@6713

@fast-check/packaged

npm i https://pkg.pr.new/@fast-check/packaged@6713

@fast-check/poisoning

npm i https://pkg.pr.new/@fast-check/poisoning@6713

@fast-check/vitest

npm i https://pkg.pr.new/@fast-check/vitest@6713

@fast-check/worker

npm i https://pkg.pr.new/@fast-check/worker@6713

commit: 8afc253

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.52%. Comparing base (2503bde) to head (8afc253).
⚠️ Report is 50 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6713      +/-   ##
==========================================
- Coverage   94.54%   94.52%   -0.02%     
==========================================
  Files         210      210              
  Lines        5686     5685       -1     
  Branches     1499     1499              
==========================================
- Hits         5376     5374       -2     
- Misses        297      298       +1     
  Partials       13       13              

Flag	Coverage Δ
tests	94.52% <ø> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	esm@​3.2.25
	react@​19.2.4
	typescript@​5.9.3
	react-dom@​19.2.4

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → npm/entities@4.5.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@4.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → npm/entities@6.0.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@6.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report