Giter Site home page Giter Site logo

Comments (2)

sverweij avatar sverweij commented on June 2, 2024

Hi @boneskull - one way to address this might be to expand the dependencyTypesNot condition in the not-to-dev-dep with a condition so if it appears as an npm (so prod) dependency as well it doesn't get flagged, like so:

    {
      "name": "not-to-dev-dep",
      "severity": "error",
      "comment": "In production code do not depend on external ('npm') modules not declared in your package.json's dependencies - otherwise a production only install (i.e. 'npm ci') will break. If this rule triggers on something that's only used during development, adapt the 'from' of the rule in the dependency-cruiser configuration.",
      "from": {
        "pathNot": ["^test/", "^tools/"]
      },
      "to": {
        "dependencyTypes": ["npm-dev"],
        "exoticallyRequired": false,
        "dependencyTypesNot": [
          "type-only",                    // already in LavaMoat/LavaMoat#820 
          "type-import",                  // not sure whether in use, but maybe good to prevent future false positives as well
          "triple-slash-type-reference",  // kind of obscure, but these types of deps will also disappear at runtime
          "npm-peer",                     // already in LavaMoat/LavaMoat#820 
          "npm"                           // added to prevent deps that are both prod and dev
        ],
        "pathNot": ["node_modules/@types/"]
      }
    },

Would this work in the LavaMoat setup?

I bet that in packages/floof the import (or require) to foo is resolving to packages/floof/node_modules/foo/somethingsomething, using entry in the packages/floof/package.json. A good future improvement for dependency-cruiser would be to get that precise as well.

from dependency-cruiser.

boneskull avatar boneskull commented on June 2, 2024

@sverweij Thank you for your help. It looks like what I needed was the npm in dependencyTypesNot. Now, if I remove ses from e.g., packages/webpack/package.json, the rule fails, which is what I want.

I still don't quite understand what npm implies here, but it looks like it works for my purposes.

from dependency-cruiser.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.