jkowalleck
commented
7 hours ago @AugustusKling ,
I will work on this. I remember there was a thing for that in yarn package manifest, something to override and modify transitive dependencies.
Open jkowalleck opened 7 hours ago
jkowalleck
commented
7 hours ago @AugustusKling ,
I will work on this. I remember there was a thing for that in yarn package manifest, something to override and modify transitive dependencies.
AugustusKling
commented
7 hours ago In case you are thinking about https://yarnpkg.com/configuration/yarnrc#packageExtensions, this won't help you as it can only add missing dependencies but not remove existing ones. There's also https://yarnpkg.com/configuration/manifest#resolutions which to my knowledge also does not support removal.
jkowalleck
commented
7 hours ago i am not planning on removing them, but overriding their "version" (resolution) to target a local package that is installable, and simply throws an error as soon as it is loaded. 😁 This way, we also have a proper smoke-test whether these optional deps are loaded/used unintentionally.
some transitive dependnecies are optional, the underlying features are not used; this project's tree shaking mechanismswere optimized to not include traces of them in the final build result. this means: it is safe to ignore them on installation.
this is especially needed, in cases where the install fails. see https://github.com/CycloneDX/cyclonedx-node-yarn/pull/193#issuecomment-2463069881 ff
see also: https://github.com/CycloneDX/cyclonedx-javascript-library?tab=readme-ov-file#optional-dependencies
goal: do not install the following transitive optional dependencies:
libxmljs2ajv,ajv-formats,ajv-formats-draft2019