naugtur
commented
4 years ago I'm considering ignoring dev dependencies by default...
Incomplete yarn support makes this issue lean towards just having a way to pass flags down
Closed joebowbeer closed 4 years ago
naugtur
commented
4 years ago I'm considering ignoring dev dependencies by default...
Incomplete yarn support makes this issue lean towards just having a way to pass flags down
naugtur
commented
4 years ago @joebowbeer @pdusen Thanks for your contributions!
Recent versions of npm audit can ignore devDependencies using the
--productionflag.I'd like check-audit to be at least as capable as npm audit. A simple list of pass-through options may suffice.
Regarding yarn support for devDependencies in particular, it looks like they are not checked consistently: https://github.com/yarnpkg/yarn/issues/7047