search

dillonkearns / elm-typescript-interop

Generate TypeScript declaration files for your elm ports!
BSD 3-Clause "New" or "Revised" License
165 stars 13 forks source link

Circular dependency causing elm-typescript-interop to depend on Elm 0.18.0? #32

Open stenehall opened 4 years ago

stenehall commented 4 years ago

Installing the latest version of elm-typescript-interop results in a package-lock.json file containing the the following. I've tried to edit out the unimportant parts to better show what's happening. elm-typescript-interop is dependent on elm: 0.18.0 and as a result of that also tar: 2.2.1.

When it comes to Elm this isn't much of a problem since the latest version of elm will precide the old version and only 0.19 will be installed. However it also results in tar 2.2.1 being installed and that causes our npm audit to complain 

"elm-typescript-interop": {
      "version": "0.0.17",
      "resolved": "https://registry.npmjs.org/elm-typescript-interop/-/elm-typescript-interop-0.0.17.tgz",
      "requires": {
        "elm": "^0.18.0",
        "glob": "^7.1.3"
      },
      "dependencies": {
...
"elm": {
          "version": "0.18.0",
          "resolved": "https://registry.npmjs.org/elm/-/elm-0.18.0.tgz",
          "requires": {
            "mkdirp": "0.5.1",
            "tar": "2.2.1"
          }
        },
...

My guess for why this is happening is the seemingly circulare dependency of itself here: https://github.com/dillonkearns/elm-typescript-interop/blob/master/package.json#L25