Closed scalvert closed 3 years ago
cc/ @jeffersonking - you don't seem to be added as a contributor to the repo yet.
@scalvert Re yarn vs npm, it sounds like release-it
will be the deciding factor. Will try to test it out sometime.
@jeffersonking correct. The current plugin operates on yarn workspaces, and hasn't been tested with npm. That said, we own that plugin and can update/adjust it to work with both.
@scalvert If all else is equal, the path with one less installation wins? So npm
?
Yep, we can certainly explore either making that plugin work for npm, or make a similar plugin for npm.
Looking at our plugin, I think it will work out-of-the-box, as it's not doing anything yarn specific. It likely could use a rename though...
OK I've updated to use npm
vs. yarn
. I also pinned tool dependencies with volta
. If you aren't familiar with it, it's a tool that manages your project's tool dependencies.
@scalvert Thanks! Not familiar with volta
, interested in trying it out.
I think the there's still the big question of if the sarif-builder
goes in it's own repo (and if anything ends up in this repo). But, signing off on this PR nevertheless.
Ya I think the question of 'what else goes here' is for sure up for debate, but I can imagine the following:
@types/sarif
to this repository, effectively making them first-party types vs. third-partyHappy to defer these discussions until they present themselves later.
@jeffersonking volta
is pretty great. It was developed at LinkedIn by folks from my team. It is gaining a lot of traction as a replacement to nvm, mainly due to speed since it's written in Rust.
Wahoo! Every GitHub open source journey starts with a single merge!
This PR adds initial repository setup, including
volta
to manage tool dependenciessarif-builder
packageAll infrastructure choices and naming conventions are open to feedback and changes.