I'd like to use this library to prevent incorrectly publishing packages,

• do what it does today, but read from a folder
• assume all files to be published are already built
• these should give a reasonable representation of what the "published version" will look like once npm pack is ran
  • checks package.json#files
  • checks .npmignore, if it exists, but package.json#files is better

I’m not going to reimplement npm pack, but I’m open to a mode that runs npm pack for you, with a (skippable with -y) confirmation prompt that says npm pack is about to run, and deletes the tarball after the analysis. The reason I didn’t want this by default is the potential of prepack or postpack scripts that would run without it being obvious to the user that that was going to happen. Several people have suggested this in a short period of time though, so I’m happy to include it. I’d use it myself, honestly. I think this is what happens when you run attw with no arguments or point it to a directory containing a package.json file (attw .).