You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It appears to be due to yargs performing some validation on the allowlist structure. I'll take a closer look when I get a chance, but maybe you have an idea on what to do here @quinnturner?
The text was updated successfully, but these errors were encountered:
From what I can tell, it seems that Yargs does not support object arrays. In retrospect, I can imagine it is difficult to pass an array of objects through the CLI, so it may not be implemented.
I am not sure yet how I'd like to proceed. I firmly push toward using configuration files because the allowlist makes this a helpful library nowadays. From what I recall, most package managers now natively support audit levels. Yarn 3.3.0 or 3.3.1 ish will support allowlisting using the NPM identifier (which is less valuable than the GitHub identifier).
With that in mind, one option is to migrate towards another config-focused library and entirely remove CLI argument support. I wouldn't say that is ideal as it's a breaking change especially since a considerable population of open-source projects use it for solely auditing levels and not the allowlisting.
I dug a bit deeper and it seems like yargs doesn't like the output of the object array when parsed with jju. It does accept the one from JSON.parse.
Interestingly, if we pass the null_prototype: false option into jju's parse function, then it starts working. I tested this on my project and it works. I "think" this should be safe?
Getting this error
It appears to be due to yargs performing some validation on the allowlist structure. I'll take a closer look when I get a chance, but maybe you have an idea on what to do here @quinnturner?
The text was updated successfully, but these errors were encountered: