Closed mcmire closed 9 months ago
socket-security[bot]
commented
9 months ago New dependencies detected. Learn more about Socket for GitHub ↗︎
| Packages | Version | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|---|
| dependency-graph | 0.11.0 | None | +0 |
38.6 kB | jriecken |
mcmire
commented
9 months ago Yeah, good point. I think that a lack of maintenance could be an issue if the package had dependencies, because if those dependencies had security vulnerabilities and there were no updates in 3 years, then the likelihood of those vulnerabilities being patched would be low. In this case dependency-graph doesn't have any dependencies, though, and there aren't any bugs as far as I can tell, so I don't feel like it's a problem. But we should keep an eye on it for sure.
This commit adds code which will be used to run rules against a particular project. This first involves looking at the dependencies between the rules to determine the priority and order in which they should be run, then representing the hierarchy as a tree structure. After that, the tree is merely traversed.
Fixes #35.
See this file for more context on how this will be used: https://github.com/MetaMask/module-lint/blob/add-initial-code/src/lint-project.ts. And see here for an example rule: https://github.com/MetaMask/module-lint/blob/add-initial-code/src/rules/require-source-directory.ts