Skip to content
This repository has been archived by the owner on Nov 4, 2024. It is now read-only.

Report only production packages #27

Open
JosXa opened this issue Jun 22, 2023 · 4 comments
Open

Report only production packages #27

JosXa opened this issue Jun 22, 2023 · 4 comments

Comments

@JosXa
Copy link

JosXa commented Jun 22, 2023

It appears that there is no option to do the checks only for non-development packages at the moment. Is this on the roadmap?

@JosXa JosXa changed the title Report only production plugins Report only production packages Jun 22, 2023
@noahnu
Copy link
Contributor

noahnu commented Jun 22, 2023

Not on any roadmap at the moment, but contributions welcome.

Do you want to apply different rules for non-production dependencies, or disable entirely?

@Eli-Black-Work
Copy link

For us, we generally only care about dependencies for production packages.

I suppose it could be nice to have different rules for non-production dependencies, though, so that we could do things like this:

  • Production dependencies: MIT license only
  • Non-production dependencies: MIT, GNU, etc., but no proprietary licenses that require use to pay to use the software.

@JosXa
Copy link
Author

JosXa commented Jul 19, 2023

Do you want to apply different rules for non-production dependencies, or disable entirely?

In our case, the development packages don't fall under any licensing restrictions and we can just ignore them entirely.

This is a good point however:

Non-production dependencies: MIT, GNU, etc., but no proprietary licenses that require use to pay to use the software.

@MLSTRM
Copy link

MLSTRM commented Mar 15, 2024

I also ran into this need/restriction recently and have raised a PR #62 to add in a separate config field so that different rules can be applied for dev dependencies, as well as some logical changes to support it based on the npm audit plugin yarn already has (see here https://github.com/yarnpkg/berry/blob/master/packages/plugin-npm-cli/sources/npmAuditUtils.ts )

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants