Check package dependencies before installing it
Now if your package.json
or transitive dependency packages will have dependency from public git repository on GitHub it will be correctly calculated.
This now works as expected.
"dependencies": {
"eslint": "github:eslint/eslint#v5.3.0",
"webpack": "git+ssh://[email protected]/webpack/webpack.git"
},
Known issues:
github:eslint/eslint#v5.3.0
If you need this fixed please submit a new issue here
Now you can use npm-consider
with private registries via associating a scope with a registry
npm login --registry=http://reg.example.com --scope=@myco
or
npm config set @myco:registry http://reg.example.com
Thanks Fabian for this contribution!
Currently, npm-consider
supports only packages hosted on registry.npmjs.org. Dependencies defined via git or http URLs will be skipped.
Now you can call npm-consider install
and get stats for a local package in the current directory.
Additionally you can provide limits in your package.json
"config": {
"maxPackagesNumber": 100,
"maxSizeBites": 840400,
"allowedLicenseTypes": [
"permissive",
"publicDomain",
"uncategorized"
]
}
and call npm-consider install --test
in your automation scripts. If all limits are satisfied command will exit with code=0
; otherwise code=1
.
Now, when analysing dependencies in local package.json
with npm-consider install
you can provide --production
option to skip devDependencies
Now you can type $ npm-consider install
and see stats for local package
Now, if project contains yarn.lock
file, then npm-consider
will do yarn add
with corresponding options.
To make tool consistent with categories from https://medium.com/@vovabilonenko/licenses-of-npm-dependencies-bacaa00c8c65