linux-foundation-easycla[bot]
commented
2 years ago 
The committers are authorized under a signed CLA.
- :white_check_mark: Alexandre Alapetite (8f83e65191dd4af1aa7ceec44f8ef34619e4ba52)
Closed Alkarex closed 2 years ago
linux-foundation-easycla[bot]
commented
2 years ago
The committers are authorized under a signed CLA.
sammachin
commented
2 years ago Just to clarify its not a total reversion of https://github.com/node-red/node-red-dev-cli/commit/629790abf4628aa35bda7ed96d13069e13105c93 as that was meant to change test D03 and stop checking devDependencies for out of date versions. But it did inadvertently comment out the config that is used by D02 which prevented npmls from checking for incompatible packages in the whole depenency tree
Alkarex
commented
2 years ago Indeed @sammachin , sorry for my hasty wording...
sammachin
commented
2 years ago @Alkarex no worries it took me until my 2nd coffee to figure out that there were 2 places we were looking at dependencies!
Alkarex
commented
2 years ago Will the check be re-run on existing packages? For instance, my package is still reported as containing an invalid dependency: https://flows.nodered.org/node/node-red-contrib-postgresql/scorecard
knolleary
commented
2 years ago We currently only run when packages are updated. We don't have the bandwidth to rerun it against every node whenever there is an update to the tool
Hello, This PR (edit: partially) reverts https://github.com/node-red/node-red-dev-cli/commit/629790abf4628aa35bda7ed96d13069e13105c93 which did the opposite of what it claimed, and produced a regression in https://github.com/node-red/node-red-dev-cli/pull/3
Currently, Scorecard is wrongly flagging bad packages, even when they are a dev dependency... Example: https://flows.nodered.org/node/node-red-contrib-postgresql/scorecard
This (my) node has no dependency to
agent-base, which is though a sub-sub dev dependency of https://www.npmjs.com/package/mustache