Closed sathibabu closed 4 years ago
Using ^
for every dependency is ideal. I'm not sure why the licensing team would raise concerns every time; every version of react-is is MIT licensed.
Okay. Agree with you. when ever there is new version, licensing team has to run some validations from their side. As react-is is getting released very often. So, approval process for this package is getting delayed.
Many packages get updated very often; that’s not a reason to avoid dependencies.
As for your licensing team, licensing validations are programmatic and can be done instantly - check out https://npmjs.com/licensee - so I’m not sure why they’d be using a less efficient, less reliable process.
Is it possible to change react-is dependency from ^16.9.0 to 16.9.0 in package.json. In our Continuous integration builds new version of react-is is getting downloaded very often and our licensing team is rising concerns every time. This change would help us a lot.