thepassle
commented
3 months ago sure thing, can you make a PR? Should be an easy enough fix :)
Open eddyloewen opened 3 months ago
thepassle
commented
3 months ago sure thing, can you make a PR? Should be an easy enough fix :)
eddyloewen
commented
3 months ago Yea sure! Which path should we take? The rename?
thepassle
commented
3 months ago probably exclude the fixtures, dont need that on install
eddyloewen
commented
3 months ago Sure! 👍
I'm using the @custom-elements-manifest/analyzer package but I can't currently install it in my CI because the team uses a JFrog Xray scan that detects a malicious package (@ext-scoped/with-export-map) inside.
https://socket.dev/npm/package/@ext-scoped/with-export-map
I'm not sure why it does that, because as far as I can see it is not a real dependecy in the project but rather just a string in the fixtures directory. But it is inside a package.json and therefore might seem legit.
I think there are two possible solutions to the problem. Rename the fake dependency to something different or exclude the fixtures directory from the bundle. Would any one of the solutions be possible to be implemented?