Use package.json for third-party libraries that are used in prod. #7061
Labels
enhancement
Label to indicate an issue is a feature/improvement
Impact: Low -- DO NOT WORK ON THIS YET
Postponing for now, since it doesn't affect users much.
Work: Medium
The means to find the solution is clear, but it isn't at good-first-issue level yet.
(This suggestion was originally from @vojtechjelinek.)
We currently use a custom manifest.json file to manage our third-party production dependencies. However, in light of #7051 (thanks @kevinlee12!) it might be better to move these into package.json, so that we can get automated vulnerability alerts from running
npm audit
.The aim of this issue is to investigate what would be needed to use package.json for our production dependencies, and develop an implementation strategy for doing this.
/cc @NishealJ @kevinlee12
The text was updated successfully, but these errors were encountered: