Scan package-lock files - Githubissues

es-tooling / esperf

A command-line utility for detecting and fixing performance problems

MIT License

5 stars 3 forks source link

Scan package-lock files #14

Open 43081j opened 2 months ago

43081j commented 2 months ago

We could add functionality to also scan package-lock.json (and similar lock files from other runtimes, like pnpm).

When doing this, we could warn that you have a dependency which deeply depends on a target module.

Some basic requirements:

Off or warn-level by default (since there's no action we can do to resolve it)
Support pnpm
Support node
Support yarn
Behaves the same way as normal package.json scanning but with a more lenient warning since it may not be actionable