Should `snyk` be kept as a devDependency in eslint-config-adjunct's package.json?
Closed this issue · 1 comments
sumitpore commented
Hi David,
This is a great package that simplifies eslint configuration. Thank you so much for putting an effort into building this one.
I have one query.. Should snyk package be kept as a devDependency? npm audit threw an error which is shown below. So I guess the actual solution would be to update the snyk package for now, however, from a future perspective if end users don't need this package in their projects, then perhaps it can be kept as a devDependency. This way, snyk won't get installed for end users.
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ netmask npm package vulnerable to octal input data │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ netmask │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=2.0.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ eslint-config-adjunct [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ eslint-config-adjunct > snyk > proxy-agent > pac-proxy-agent │
│ │ > pac-resolver > netmask │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1658 │Thank you once again for this great package. Have a nice day ahead.
davidjbradshaw commented
Yep I think your right, would you like to make a PR?