Don't add markdownlint config to NPM package

[jorrit]

Perhaps a "files" key in package.json is a better idea than expanding the "ignore" list again. But I'll leave that to the maintainer.

[codecov]

Codecov Report

Merging #3413 (2cae464) into master (22c569b) will not change coverage.
The diff coverage is n/a.

@@ Coverage Diff @@ ## master #3413 +/- ## ======================================= Coverage 97.58% 97.58% ======================================= Files 123 123 Lines 8957 8957 Branches 3271 3271 ======================================= Hits 8741 8741 Misses 216 216 

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[ljharb]

The files key is dangerous and should never be used; expanding the ignore list is proper.

[jorrit]

Alright, I didn't know that. Do you have some reference where I can read more about the dangers?

[ljharb]

No - it's just the way it behaves. If you forget to add a file to "npmignore", the worst consequence is "a file nothing cares about ends up in the package" - iow, harmless, and at worst inconvenient. If you forget to add a file to "files", the worst consequence is "downstream users are broken", which can easily cause millions of dollars of person-hours of work.

(Since credentials should never be stored in an in-repo file anyways, "credentials could be leaked" shouldn't ever be a concern)