-
Notifications
You must be signed in to change notification settings - Fork 7
Report only production packages #27
Comments
Not on any roadmap at the moment, but contributions welcome. Do you want to apply different rules for non-production dependencies, or disable entirely? |
For us, we generally only care about dependencies for production packages. I suppose it could be nice to have different rules for non-production dependencies, though, so that we could do things like this:
|
In our case, the development packages don't fall under any licensing restrictions and we can just ignore them entirely. This is a good point however:
|
I also ran into this need/restriction recently and have raised a PR #62 to add in a separate config field so that different rules can be applied for dev dependencies, as well as some logical changes to support it based on the npm audit plugin yarn already has (see here https://github.com/yarnpkg/berry/blob/master/packages/plugin-npm-cli/sources/npmAuditUtils.ts ) |
It appears that there is no option to do the checks only for non-development packages at the moment. Is this on the roadmap?
The text was updated successfully, but these errors were encountered: