Comments (2)
Hi @boneskull - one way to address this might be to expand the dependencyTypesNot
condition in the not-to-dev-dep
with a condition so if it appears as an npm
(so prod) dependency as well it doesn't get flagged, like so:
{
"name": "not-to-dev-dep",
"severity": "error",
"comment": "In production code do not depend on external ('npm') modules not declared in your package.json's dependencies - otherwise a production only install (i.e. 'npm ci') will break. If this rule triggers on something that's only used during development, adapt the 'from' of the rule in the dependency-cruiser configuration.",
"from": {
"pathNot": ["^test/", "^tools/"]
},
"to": {
"dependencyTypes": ["npm-dev"],
"exoticallyRequired": false,
"dependencyTypesNot": [
"type-only", // already in LavaMoat/LavaMoat#820
"type-import", // not sure whether in use, but maybe good to prevent future false positives as well
"triple-slash-type-reference", // kind of obscure, but these types of deps will also disappear at runtime
"npm-peer", // already in LavaMoat/LavaMoat#820
"npm" // added to prevent deps that are both prod and dev
],
"pathNot": ["node_modules/@types/"]
}
},
Would this work in the LavaMoat setup?
I bet that in
packages/floof
the import (or require) tofoo
is resolving topackages/floof/node_modules/foo/somethingsomething
, using entry in thepackages/floof/package.json
. A good future improvement for dependency-cruiser would be to get that precise as well.
from dependency-cruiser.
@sverweij Thank you for your help. It looks like what I needed was the npm
in dependencyTypesNot
. Now, if I remove ses
from e.g., packages/webpack/package.json
, the rule fails, which is what I want.
I still don't quite understand what npm
implies here, but it looks like it works for my purposes.
from dependency-cruiser.
Related Issues (20)
- Question: can I force dep-cruiser to resolve `.browser.js` files over regular `.js` files? HOT 12
- Question: How to configure for tsconfig path mapping in yarn monorepo? HOT 3
- Issue: Allowed rule to force use of aliased-tsconfig import HOT 26
- dependency-cruiser doesn't love yargs HOT 8
- Issue: dependency-cruise --init generates wrong regexes HOT 5
- Feature request: Consider TS `imports` with all `type` the same as `type-only`. HOT 4
- Unexpected Error: Unusual baseDir passed to package reading function HOT 4
- How to get `exit(1)` when errors occurred by running `depcruise -p src` in pre-commit hook? HOT 1
- Persistent error on npx depcruise --init HOT 2
- Issue: numberOfDependentsLessThan does not calculate dependents properly when index.ts is used inbetween HOT 5
- Feature request: Allow to have rules checking Typescript types but also rules that ignore Typescript types HOT 2
- Issue: false positive for couldNotResolve for type only package HOT 5
- Question: A dependency view of each "TYPE" or "INTERFACE" HOT 3
- Error: No "exports" main defined in <project_name>/node_modules/dependency-cruiser/package.json HOT 3
- What am I missing about rcdot? "'rcdot' is not a valid output type" HOT 2
- Issue: not-to-unresolvable return error when using typescript alias in module project HOT 2
- Why doesn't dependency-cruiser "ignore" my private-registry package like it does with node-modules? HOT 6
- Q: Dep Graph for each file HOT 3
- Feature request: consider symlinked workspaces HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependency-cruiser.