Installing the latest version of elm-typescript-interop results in a package-lock.json file containing the the following. I've tried to edit out the unimportant parts to better show what's happening. elm-typescript-interop is dependent on elm: 0.18.0 and as a result of that also tar: 2.2.1.
When it comes to Elm this isn't much of a problem since the latest version of elm will precide the old version and only 0.19 will be installed. However it also results in tar 2.2.1 being installed and that causes our npm audit to complain
Installing the latest version of
elm-typescript-interop
results in apackage-lock.json
file containing the the following. I've tried to edit out the unimportant parts to better show what's happening.elm-typescript-interop
is dependent onelm: 0.18.0
and as a result of that alsotar: 2.2.1
.When it comes to Elm this isn't much of a problem since the latest version of elm will precide the old version and only
0.19
will be installed. However it also results in tar2.2.1
being installed and that causes ournpm audit
to complainMy guess for why this is happening is the seemingly circulare dependency of itself here: https://github.com/dillonkearns/elm-typescript-interop/blob/master/package.json#L25