Skip to content

Reinstall packages for only development as dev-dependencies #327

New issue
New issue
Open
#328
Open
Reinstall packages for only development as dev-dependencies#327
#328
@tomoki-oke-LITALICO

Description

@tomoki-oke-LITALICO
tomoki-oke-LITALICO
opened on Jan 25, 2022

Describe the bug
Packages that are required only for development are specified as dependencies, not dev-dependencies.
Thereby, the users of this package are receiving false vulnerability alerts.

To Reproduce
Steps to reproduce the behavior:

  1. Install this package on your repository
  2. Enable depentabot on npm packages
  3. Receive vulnerability alert for some package ( like onchange )
    • In this repository,onchange is used for only development.
    • so actually this alert is no need to deal with

Expected behavior
Reinstall packages for only development as dev-dependencies.
There are 4 packages

  • prettier
  • eslint-config-prettier
  • eslint-plugin-prettier
  • onchange

Screenshots
No

Desktop (please complete the following information):
No

Smartphone (please complete the following information):
No

Additional context
No

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions