Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reinstall packages for only development as dev-dependencies #327

Open
tomoki-oke-LITALICO opened this issue Jan 25, 2022 · 0 comments · May be fixed by #328
Open

Reinstall packages for only development as dev-dependencies #327

tomoki-oke-LITALICO opened this issue Jan 25, 2022 · 0 comments · May be fixed by #328

Comments

@tomoki-oke-LITALICO
Copy link

tomoki-oke-LITALICO commented Jan 25, 2022
edited
Loading

Describe the bug
Packages that are required only for development are specified as dependencies, not dev-dependencies.
Thereby, the users of this package are receiving false vulnerability alerts.

To Reproduce
Steps to reproduce the behavior:

  1. Install this package on your repository
  2. Enable depentabot on npm packages
  3. Receive vulnerability alert for some package ( like onchange )
    • In this repository,onchange is used for only development.
    • so actually this alert is no need to deal with

Expected behavior
Reinstall packages for only development as dev-dependencies.
There are 4 packages

  • prettier
  • eslint-config-prettier
  • eslint-plugin-prettier
  • onchange

Screenshots
No

Desktop (please complete the following information):
No

Smartphone (please complete the following information):
No

Additional context
No
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@tomoki-oke-LITALICO