mjkkirschner
commented
2 years ago @pinzart90 it doesn't look like this package.json is split into dev and prod dependencies, what does this command do differently in this context?
Closed pinzart90 closed 2 years ago
mjkkirschner
commented
2 years ago @pinzart90 it doesn't look like this package.json is split into dev and prod dependencies, what does this command do differently in this context?
pinzart90
commented
2 years ago Yes it is (maybe not 100%), but I can work on that
"devDependencies": {
"react-scripts": "^4.0.3"
},
"dependencies": {ahh, missed that sorry.
pinzart90
commented
2 years ago we scan the node_modules folder for security issues. If we only install prod, then we will skip the dev ones from being scanned
mjkkirschner
commented
2 years ago @pinzart90 I see - there is a dev or stg env I think, but I believe it's manually deployed - does that change anything ?- @zeusongit should know more/ where the docs are.
pinzart90
commented
2 years ago @pinzart90 I see - there is a dev or stg env I think, but I believe it's manually deployed - does that change anything ?- @zeusongit should know more/ where the docs are.
I see a deploy step in the pipeline.yml. My changes should not affect the deployment stage (automatic or manual) I am only trimming the 3d party dependencies in the node_modules as part of the build step
Build only for production seeing that we do not have any tests yet When we will add tests ...we will need to have a separate prod + dev for testing and only prod for deployment and scanning