Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(core): add specifier type for * & latest #174

Closed
wtchnm opened this issue Nov 30, 2023 · 5 comments
Closed

feat(core): add specifier type for * & latest #174

wtchnm opened this issue Nov 30, 2023 · 5 comments
Labels
Status: Released Type: Feat

Comments

@wtchnm
Copy link
Contributor

wtchnm commented Nov 30, 2023
edited

Description

Hello, thank you for this great tool! I have a question about the usage of the * protocol. While it's nice for peerDependencies, I find it less ideal in devDependencies where I prefer to have an exact version.

Suggested Solution

I propose the following configuration to support banning a specific version of a package, serving as a potential security measure:

"versionGroups": [
  {
    "label": "Ban * protocol in devDependencies",
    "dependencyTypes": ["dev"],
    "pinVersion": "*",
    "isBanned": true
  }
]

This would allow us to explicitly disallow the use of the * protocol in devDependencies.

Help Needed

I am willing to create a PR if the suggested solution aligns with the project's goals.
@wtchnm wtchnm changed the title Ban the * protocol Feature request: ban the * protocol Nov 30, 2023
@JamieMason
Copy link
Owner

Thanks a lot @wtchnm, this sounds like it could be addressed by something myself and @moltar were discussing here – please take a look and see if you agree with that approach 👍

@wtchnm
Copy link
Contributor Author

wtchnm commented Nov 30, 2023

Sorry @JamieMason, I searched the repo for similar issues but totally missed that one. I agree with the solution you proposed!

@JamieMason
Copy link
Owner

No problem at all 👍

@JamieMason JamieMason changed the title Feature request: ban the * protocol feat(core): add specifier type for * & latest Dec 29, 2023
JamieMason added a commit that referenced this issue Dec 29, 2023
@JamieMason
feat(core): add specifier type for * & latest
23f8bde 
Closes #174
@JamieMason
Copy link
Owner

Released in 12.2.0.

👋 If anyone reading this finds syncpack useful, please tell people about it.

@wtchnm
Copy link
Contributor Author

wtchnm commented Jan 2, 2024
edited

Thanks @JamieMason, it worked great with specifierTypes:

"versionGroups": [
  {
    "label": "Ban * protocol in devDependencies",
    "dependencyTypes": ["dev"],
    "specifierTypes": ["latest"],
    "isBanned": true
  }
]

I made a PR to fix the examples in the documentation: #185.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Released Type: Feat
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JamieMason @wtchnm