You can think of the files property in package.json as an allowlist of all files that should be included in a npm release and .npmignore as a denylist of all files that should not be included.
As a rule of thumb, for my own projects I usually use:
fileswhen my project has lots of auxiliary files like build scripts, config files, etc., that do not need to be included in a npm release.npmignorewhen there are only a few such auxiliary files
Both options are useful in different scenarios in my mind.