You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
deplist looks at yarn.lock and package-lock.json files to determine the dependencies of a package. While these dependencies might be used at runtime(or during testing) by the component, they are not "bundled" within the source code base. Usually bundled dependencies in NPM projects are under the ./node_modules directory and they have their own package.json file there, listing the properties of the dependency.
By using yarn.lock and package-lock.json files to determine dependencies without any way to differentiate between bundled dependencies and other types, we can generate too many false positives.
The text was updated successfully, but these errors were encountered:
deplist looks at yarn.lock and package-lock.json files to determine the dependencies of a package. While these dependencies might be used at runtime(or during testing) by the component, they are not "bundled" within the source code base. Usually bundled dependencies in NPM projects are under the ./node_modules directory and they have their own package.json file there, listing the properties of the dependency.
By using yarn.lock and package-lock.json files to determine dependencies without any way to differentiate between bundled dependencies and other types, we can generate too many false positives.
The text was updated successfully, but these errors were encountered: