Thanks for developing this good project, which provides high-coverage tests.
I'm doing dynamic analysis on npm packages, and your project is one of my samples.
Through our dynamic analysis by running the test suites, we find that one of the direct dependencies is installed, however, it is not used during test runtime, indicating that they are development dependencies. So we moved this dependency from dependencies to devDependencies in package.json.
Would you consider creating a modified version of the package.json, which can help reduce the corresponding maintenance costs and security risks in production?
Thanks for developing this good project, which provides high-coverage tests.
I'm doing dynamic analysis on npm packages, and your project is one of my samples.
Through our dynamic analysis by running the test suites, we find that one of the direct dependencies is installed, however, it is not used during test runtime, indicating that they are development dependencies. So we moved this dependency from
dependenciestodevDependenciesin package.json.Would you consider creating a modified version of the package.json, which can help reduce the corresponding maintenance costs and security risks in production?