Ignore peer dependencies

NullVoxPopuli / dependency-maintainers

How much power do the maintainers of your dependencies have? Allows folks to audit who has access to publishing.

GNU General Public License v3.0

33 stars 0 forks source link

Ignore peer dependencies #8

Open KurtGokhan opened 4 months ago

KurtGokhan commented 4 months ago

Thanks for the tool. Very helpful.

The tool seems to also include peer dependencies. As peer dependencies aren't installed, I think they should be excluded from the analysis.

NullVoxPopuli commented 4 months ago

Peer dependencies must be installed for a package to work tho, so it makes sense to include them in the analysis

This is important for folks with auto-install-peers environments, where their parkage.jsons do not tell the whole truth

KurtGokhan commented 4 months ago

Peer dependencies can be optional tho.

Maybe there can be a CLI option to ignore them?

NullVoxPopuli commented 4 months ago

I think we could safely always ignore optional peers, tbh -- would accept a PR for this.

reasoning being, if you're using optional peers, auto-install-peers behavior would require you to declare the optional peer in your package.json, in which case, this tool would pull in the data from that package.json.

seems safe 🎉 good thinkin'!