search

lirantal / lockfile-lint

Lint an npm or yarn lockfile to analyze and detect security issues
Apache License 2.0
781 stars 35 forks source link

readme: add link to debug package #35

Closed glensc closed 4 years ago

glensc commented 4 years ago

Currently there's nothing documented how to tune verbose output.

Reading source code, seems the DEBUG variable comes from debug node package.

So at least add link to that package.

codecov-io commented 4 years ago

Codecov Report

Merging #35 into master will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master      #35   +/-   ##
=======================================
  Coverage   97.81%   97.81%           
=======================================
  Files          11       11           
  Lines         183      183           
  Branches       26       26           
=======================================
  Hits          179      179           
  Misses          4        4

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update acbdc9a...9994b39. Read the comment docs.

lirantal commented 4 years ago

thanks @glensc for chiming in and sending this PR ❤️ what value do you see in specifying the debug package in the README? why would someone care which package is being used?

glensc commented 4 years ago

well, there's no information what I can customize in the debugging, so at least linking to the package I can get info on how to drive the DEBUG variable.

altho I'd prefer if the debugging could be controlled via command line argument, it's more standard and convenient to use than envirohment variables.

and the tool should print more info by default, having no output can be confusing, like, did the program even run?

lirantal commented 4 years ago

I would like to avoid naming dependencies because that is an implementation detail. Initially you said this:

Currently there's nothing documented how to tune verbose output.

How did you end up tuning it? As in, what did you do that was different than the original DEBUG=* recommendation specified in the current README?

With regards to the second part of your last comment:

altho I'd prefer if the debugging could be controlled via command line argument, it's more standard and convenient to use than envirohment variables. and the tool should print more info by default, having no output can be confusing, like, did the program even run?

These sound like good ideas for a PR so I'm happy to receive and merge one if you wanted to work on it. Specifically on the last one, not sure what you'd like to see as "print more info by default" but I'm happy to discuss.

lirantal commented 4 years ago

Will close for now but happy to re-open if there's more to it.