New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Report only production packages #27
Comments
Not on any roadmap at the moment, but contributions welcome. Do you want to apply different rules for non-production dependencies, or disable entirely? |
For us, we generally only care about dependencies for production packages. I suppose it could be nice to have different rules for non-production dependencies, though, so that we could do things like this:
|
In our case, the development packages don't fall under any licensing restrictions and we can just ignore them entirely. This is a good point however:
|
I also ran into this need/restriction recently and have raised a PR #62 to add in a separate config field so that different rules can be applied for dev dependencies, as well as some logical changes to support it based on the npm audit plugin yarn already has (see here https://github.com/yarnpkg/berry/blob/master/packages/plugin-npm-cli/sources/npmAuditUtils.ts ) |
It appears that there is no option to do the checks only for non-development packages at the moment. Is this on the roadmap?
The text was updated successfully, but these errors were encountered: