Run dependency-check in Test Action Workflow #107
Description
I just found out by chance that @octokit/auth-oauth-app was using universal-user-agent without having it listed as dependency. That caused a problem with loading the package from https://cdn.skypack.dev/@octokit/auth-oauth-user@1.2.3.
I did a quick research and found dependency-check, which can check for that. It can also check if a dependency is listed in package.json that is not used in the code
It needs to be run against the build version of the package, but making sure that the package builds is a good idea anyway. So I think we should add these to steps to .github/workflows/test.yml's test job
run: npm run build
run: npx dependency-check ./pkg/package.json --no-dev --ignore-module @octokit/types --ignore-module @octokit/openapi-types --ignore-module "@types/*"
One thing that's tricky: when we use only types from a package, it's not used in the code, but the package still needs to be a production dependency to make sure all required types are present when installing a package