context

after bundling a project with rollup, you're checking the output and see the code below.

the package.json file from axios is included in the final deliverable.

the problem is that the path to the axios configuration is exposed in the code, as shown below.

package.json from axios
, wn = {
  _where: "/Users/xxxxxx/workspace/zzzzzz"
}

• this isn't really a big deal, but it can be a big deal if you're using a duckjill username.

Cause

when package.json is bundled, it means it's referenced somewhere.

so I looked for the actual code in axios that corresponds to the final output.

here's some code from the final deliverable

finalDeliverable
      , bn = function(t, e) {

        var n = {}
          , r = ["url", "method", "data"]
          , o = ["headers", "auth", "proxy", "params"]
          , s = ["baseURL",
                 "transformRequest",
                 "transformResponse",
                 ...,
                 "responseEncoding"]
          , i = ["validateStatus"];
        ...
        return Xe.forEach(u, l),
        n
    } // 1. This is the equivalent of axios:/lib/core/mergeConfig.js

      // 2. this is package.json
      , wn = {
        _from: "axios@0.21.4",
        _id: "axios@0.21.4",
        _inBundle: !1,
        _integrity: "sha512-ut5vewkiu8jjGBdqpM44XxjuC....",
        _location: "/axios",
        ...,// omit
        typings: "./index.d.ts",
        unpkg: "dist/axios.min.js",
        version: "0.21.4"
    }
      , xn = {};

    // 3. here is axios:/lib/helpers/validator.js
    ["object", "boolean", "number", "function", "string", "symbol"].forEach((function(t, e) {
        xn[t] = function(n) {
            return typeof n === t || "a" + (e < 1 ? "n " : " ") + t
        }
    }

and when I opened the validator.js file, it was importing package.json as shown below.

/lib/helpers/validator.js
'use strict';

// 1. import it like this
var pkg = require('./../../package.json');

var validators = {};

['object', 'boolean', 'number', 'function', 'string', 'symbol'].forEach(...);

// 2. We're getting the version like this
var currentVerArr = pkg.version.split('.');

now that we've imported package.json as above, the final bundling continues to contain unnecessary code.

this bug was already reported last year and fixed in version 0.22.x

• Axios includes path to dist from 0.21.2
• fix/Avoid package.json import;