Closed jedrichards closed 5 years ago
Hi! Thank you for pointing me to this, you are probably right, I need to dig into this a bit deeper.
I've only accepted a PR generated by Snyk web app, and I have no idea what's the magic is behind, so I need to read some mans and test it before changing.
I suppose snyk is safely added to an app/end-product as a dependency, in that case you're not expecting others to npm install it. But perhaps different story if adding to a library. Anyway, just wanted to give you heads up. Cheers!
Ok, thank you, I'll take a look as soon as I'll have a free minute.
Done in v4.2.14
Thanks for enabling synk to protect your deps, but I'm guessing it should rather be added as a devDependency, i.e. since it's never used at runtime all your package consumers shouldn't be forced to download it into their
node_modules
.https://github.com/YuriGor/deepdash/blob/master/package.json#L85