snyk added a dependency rather than a devDependency #31
Labels
Comments
|
Hi! Thank you for pointing me to this, you are probably right, I need to dig into this a bit deeper. I've only accepted a PR generated by Snyk web app, and I have no idea what's the magic is behind, so I need to read some mans and test it before changing. |
|
I suppose snyk is safely added to an app/end-product as a dependency, in that case you're not expecting others to npm install it. But perhaps different story if adding to a library. Anyway, just wanted to give you heads up. Cheers! |
|
Ok, thank you, I'll take a look as soon as I'll have a free minute. |
YuriGor
added a commit
that referenced
this issue
Sep 1, 2019
|
Done in v4.2.14 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for enabling synk to protect your deps, but I'm guessing it should rather be added as a devDependency, i.e. since it's never used at runtime all your package consumers shouldn't be forced to download it into their
node_modules.https://github.com/YuriGor/deepdash/blob/master/package.json#L85
The text was updated successfully, but these errors were encountered: