Comments (7)
jozefizso
commented on June 14, 2024
Installing the generator-license package will install only the application runtime code and the templates. No development dependencies are installed.
from generator-license.
springcomp
commented on June 14, 2024
I read that this was indeed the case but was never able to actually make it work.
Here is my repro case:
mkdir p
cd p/
npm init --yes
npm install yeoman-generator@5added 318 packages, and audited 319 packages in 9s
40 packages are looking for funding
runnpm fundfor detailsfound 0 vulnerabilities
npm install generator-licenseadded 582 packages, and audited 901 packages in 20s
75 packages are looking for funding
runnpm fundfor details11 vulnerabilities (3 moderate, 3 high, 5 critical)
To address all issues, run:
npm audit fixRun
npm auditfor details.
This does not happen after applying my suggested PR.
Can you point me what Iām doing wrong ?
from generator-license.
jozefizso
commented on June 14, 2024
This is standard behaviour of npm. Use the --production flag when installing to exclude the dev dependencies.
from generator-license.
springcomp
commented on June 14, 2024
This is standard behaviour of npm. Use the
--productionflag when installing to exclude the dev dependencies.
This also happens, unfortunately, when using --production or --omit=dev flags.
from generator-license.
jozefizso
commented on June 14, 2024
I think the correct way is to update the vulnerable dependencies and not to hide the fact that particular package was built or is using old packages.
from generator-license.
jozefizso
commented on June 14, 2024
Please try v5.6.0 package.
from generator-license.
springcomp
commented on June 14, 2024
Please try v5.6.0 package.
Thank you that works.
from generator-license.
Related Issues (20)
- Issue migrating to TypeScript HOT 10
- Move to GitHub Actions
- Move to Node.js v14 LTS HOT 1
- Audit packages HOT 1
- Configure coveralls
- Getting the selected license as a return parameter? HOT 13
- Additional LICENSEs HOT 3
- Year rendered as `NaN` when entering a range (e.g. 2013-2015)
- ESLint for the project HOT 2
- Coveralls.io integration for test coverage tracking HOT 3
- Tests always fail locally
- Configuration for users HOT 1
- Add Support For No Email & Website HOT 3
- Remove redundant git-config dep
- Options not honored when using composeWith() HOT 1
- Deleting license field when value is UNLICENSED seems to be incorrect HOT 1
- Vulnerable dependency - hapijs/hoek package HOT 1
- Update build configuration
- Failed build - Client request error: getaddrinfo ENOTFOUND api.nodesecurity.io HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ššš
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ā¤ļø Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from generator-license.