Open jfmengels opened 8 years ago
Agreed.
Seems like using "contains only files which match npm's default whitelist plus whatever's in package.json main
" as an heuristic would cover avoiding false positives for the individual lodash modules and anything like them
Yes, that sounds pretty good to me.
The real problem will be with packages that have files
or npmignore
but that include unused files :D
When listing the packages, I see that quite a few faulty ones (examples, all the
lodash.XXX
) do not have any extraneous dependencies files, yet nofiles
setting or.npmignore
.Example: the content of
node_modules/lodash.find
is:I suggest not reporting those as faulty by default, and to add an option to report those.
Thanks for the tool :)