Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Test folder in npm #203

Closed
SethDavenport opened this issue Feb 7, 2019 · 3 comments
Closed

Test folder in npm #203

SethDavenport opened this issue Feb 7, 2019 · 3 comments

Comments

@SethDavenport
Copy link
Contributor

SethDavenport commented Feb 7, 2019

I've just added madge to a project; I'm using it for its ability to detect circular import dependencies - works like a charm! Thanks for this tool, they're maddening to track down without it.

However since we also have retirejs checking for package vulnerabilities, I'm getting a warning from a copy of JQuery you have in your test folder:

/Users/sdavenport/code/wealthsimple/micro-app/node_modules/madge/test/amd/requirejs/vendor/jquery-2.0.3.js
 ↳ jquery 2.0.3 has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/201

Doesn't look like this is used at runtime based on the fact that it's in your test folder, so no big deal, I'll work around it for now.

However I'm wondering if test even belongs in the npm repository to begin with. Would you consider adding it to a .npmignore so that only things needed for consumers at runtime are shipped to the npm registry when you publish?

@SethDavenport SethDavenport changed the title test folder in npm Test folder in npm Feb 7, 2019
@SethDavenport
Copy link
Contributor Author

I'm happy to make a PR if this makes sense.

@pahen
Copy link
Owner

pahen commented Feb 8, 2019

Yes, no need for the test folder to be in NPM. PR accepted 😊

@SethDavenport
Copy link
Contributor Author

Cool. As promised: #205

@pahen pahen closed this as completed in cb02e7b Feb 12, 2019
nmeylan pushed a commit to nmeylan/madge that referenced this issue Jan 7, 2020
…lder-from-npm)

[Fixes pahen#203] Exclude test folder from npm registry
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants