Closed pmuellr closed 6 years ago
bnb
commented
6 years ago Is it ideal to have thousands of modules printed into your CI?
Genuinely don't have significant experience with CI, but in a discussion with @nw earlier today he was suggesting that you generally don't want to have a ton of excess content going into your CI 🤔
bnb
commented
6 years ago This could also be a case for different levels of output like npm has with an install – for example:
--fail outputs a 1 or a 0 exit code--vulns outputs only vulns--compliance outputs only compliance failures --verbose outputs all failures--silly outputs everything
pmuellr
commented
6 years ago Is it ideal to have thousands of modules printed into your CI?
Good point. I keep thinking about this tool as a general CLI tool, not just CI tool, so perhaps I'm pushing too far on that.
It's entirely possible that we may want to see everything for support reasons though, hence making it optional. A --verbose option or such ...
juliangruber
commented
6 years ago May I refer you to the rule of silence ➡️ http://www.linfo.org/rule_of_silence.html
As you noted, this is a CI tool, not for CLI in general (which is also being worked on), where all the module info in general isn't useful.
Adding an option to print everything, for debugging etc, is a good idea! I'll add it.
juliangruber
commented
6 years ago Adding an option to print everything, for debugging etc, is a good idea! I'll add it.
I take that back, it's not a good support story to request customers to copy/paste from their CI output. And if they do, why would they want to include passing module information?
I'm closing this in favour of implementing this in the more general purpose CLI tool.
I think I want to see ALL the packages, maybe not by default but via an option of some kind?
Relatedly, the command shows the number of packages that have been whitelisted, but not WHICH packages are whitelisted. I think I want to see that also.