Question around dummy packages in monorepo test

Question

Question around dummy packages in monorepo test

plygrnd opened this issue 2 years ago · 3 comments

Hi folks,

We came across @my-scope/package-a and @my-scope/package-b when reviewing Resolve for internal use at my employer. Does the Browserify team own the @my-scope scope on NPM? I ask because we want to rule out the possibilty of dependency confusion within Resolve's test suite.

Answer 1 · 2022-09-29T15:03:41.000Z

Nope - their package.json has private:true, so their names don’t matter.

Answer 2 · 2022-09-29T17:00:45.000Z

@ljharb Thanks, thought as much but I wanted to check. Someone owns @my-scope on NPM, is why I asked; there were some concerns internally about someone publishing package-[a|b] on NPM and causing problems with Resolve, but I think that's highly unlikely.

Answer 3 · 2022-09-29T17:33:20.000Z

Those concerns are incorrect; nothing with private:true can be published, and a package.json in a test fixture isn't part of npm install so there's zero chance of pulling a same-named package from a registry.