Comments (7)
Installing the generator-license
package will install only the application runtime code and the templates. No development dependencies are installed.
![Screenshot 2023-09-25 at 11 00 05](https://private-user-images.githubusercontent.com/287778/270286931-7e9d3f56-cdde-4877-bf71-192f852a3f60.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTM4MDcyMDMsIm5iZiI6MTcxMzgwNjkwMywicGF0aCI6Ii8yODc3NzgvMjcwMjg2OTMxLTdlOWQzZjU2LWNkZGUtNDg3Ny1iZjcxLTE5MmY4NTJhM2Y2MC5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNDIyJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDQyMlQxNzI4MjNaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT1iYzQxNDRhYjUyZWZjYjBmZjY0ZWI0NDBmZTE1Mjk2MWY1ZTE4ZmJkNmY2OTI2YTlkOGEyODRiMGRkNDY5ZTIwJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.Knb7tOe1OpItQlpeAgFjQVzKNWLe2TC6_0lJCJNw3mI)
from generator-license.
I read that this was indeed the case but was never able to actually make it work.
Here is my repro case:
mkdir p
cd p/
npm init --yes
npm install yeoman-generator@5
added 318 packages, and audited 319 packages in 9s
40 packages are looking for funding
runnpm fund
for detailsfound 0 vulnerabilities
npm install generator-license
added 582 packages, and audited 901 packages in 20s
75 packages are looking for funding
runnpm fund
for details11 vulnerabilities (3 moderate, 3 high, 5 critical)
To address all issues, run:
npm audit fixRun
npm audit
for details.
This does not happen after applying my suggested PR.
Can you point me what Iām doing wrong ?
from generator-license.
This is standard behaviour of npm. Use the --production
flag when installing to exclude the dev dependencies.
from generator-license.
This is standard behaviour of npm. Use the
--production
flag when installing to exclude the dev dependencies.
This also happens, unfortunately, when using --production
or --omit=dev
flags.
from generator-license.
I think the correct way is to update the vulnerable dependencies and not to hide the fact that particular package was built or is using old packages.
from generator-license.
Please try v5.6.0 package.
from generator-license.
Please try v5.6.0 package.
Thank you that works.
from generator-license.
Related Issues (20)
- Issue migrating to TypeScript HOT 10
- Move to GitHub Actions
- Move to Node.js v14 LTS HOT 1
- Audit packages HOT 1
- Configure coveralls
- Getting the selected license as a return parameter? HOT 13
- Additional LICENSEs HOT 3
- Year rendered as `NaN` when entering a range (e.g. 2013-2015)
- ESLint for the project HOT 2
- Coveralls.io integration for test coverage tracking HOT 3
- Tests always fail locally
- Configuration for users HOT 1
- Add Support For No Email & Website HOT 3
- Remove redundant git-config dep
- Options not honored when using composeWith() HOT 1
- Deleting license field when value is UNLICENSED seems to be incorrect HOT 1
- Vulnerable dependency - hapijs/hoek package HOT 1
- Update build configuration
- Failed build - Client request error: getaddrinfo ENOTFOUND api.nodesecurity.io HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ššš
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ā¤ļø Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from generator-license.