noahnu
commented
1 year ago Not on any roadmap at the moment, but contributions welcome.
Do you want to apply different rules for non-production dependencies, or disable entirely?
Open JosXa opened 1 year ago
noahnu
commented
1 year ago Not on any roadmap at the moment, but contributions welcome.
Do you want to apply different rules for non-production dependencies, or disable entirely?
Eli-Black-Work
commented
1 year ago For us, we generally only care about dependencies for production packages.
I suppose it could be nice to have different rules for non-production dependencies, though, so that we could do things like this:
JosXa
commented
1 year ago Do you want to apply different rules for non-production dependencies, or disable entirely?
In our case, the development packages don't fall under any licensing restrictions and we can just ignore them entirely.
This is a good point however:
Non-production dependencies: MIT, GNU, etc., but no proprietary licenses that require use to pay to use the software.
MLSTRM
commented
7 months ago I also ran into this need/restriction recently and have raised a PR #62 to add in a separate config field so that different rules can be applied for dev dependencies, as well as some logical changes to support it based on the npm audit plugin yarn already has (see here https://github.com/yarnpkg/berry/blob/master/packages/plugin-npm-cli/sources/npmAuditUtils.ts )
It appears that there is no option to do the checks only for non-development packages at the moment. Is this on the roadmap?