New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Root has devDependencies" #114
Comments
I agree with this. The "Root has devDependencies" is too opiniated. |
Also the main reason "The root package.json of a monorepo is not published" is incorrect. There are many uses in having root dependencies or not, in prod or dev. Examples:
Hence my need for "devDependencies" and not "dependencies". |
I second this, but would prefer to see this as an option, defaulting to the current behaviour. This would then necessitate another rule for those of us who use Bolt: Ensure that any dependency in a sub-package that's in My use case: I'm Dockerizing a Next.js app in the monorepo and I want to exclude |
I would like to raise a concern about this rule mostly due to the problem with
npm audit
and the general expectation of some underlaying tools that only dependencies should be scanned for vulnerabilities.Still creates a huge room for some uncertainly of decision which dep should do where, but I would like to have this rule configurable.
The text was updated successfully, but these errors were encountered: