Option to run transitively

[benmccann]

I'd rather avoid adding libraries to my projects that transitively pull in huge dependency chains because they rely on libraries like deep-equal or be alerted to libraries that depend on unmaintained libraries so that I can help them address it.

It would also be nice to have an option to apply this only to dependencies or to both dependencies plus devDependencies. I'd most likely to avoid these issues in dependencies so that I don't inadvertently propagate them. But if I can limit them everywhere in at least some of my smaller more important projects that would be quite nice as well.

[43081j]

i wonder if this should live in some kind of CLI that sources from the same module-replacements repo

it'd be quite far from a lint rule anymore since it is effectively linting the tree at that point rather than an individual file (which is what eslint is for)

someone mentioned in the discord a while back something similar, as not all projects have eslint setup. a tool to detect these dependencies in general could be helpful

[benmccann]

A tool would make sense. I'd probably want to set it up on our CI, but we can do that whether it's a CLI or lint rule