Development dependency included as project dependency
Piemontez opened this issue · 2 comments
https://github.com/emotion-js/emotion/blob/main/packages/babel-plugin/package.json
Development dependency included as project dependency:
The "@babel/helper-module-imports" library was included in the @emotion/babel-plugin module as a dependency instead of "devDependencies"
This incorrect dependency adds another buggy library (debug lib) to the final project.
Please move this dependency to the correct location "devDependencies".As long as it is incorrect, security analysis tools have marked this lib as a security flaw.
It is an actual dependency, see here:
The fact that @emotion/react
depends on @emotion/babel-plugin
is a little bit questionable but changing that could be considered a breaking change right now.
This incorrect dependency adds another buggy library (debug lib) to the final project.
This is a really popular library, an industry standard of sorts. If there is an issue with it, I feel like it should be raised in that project.
Perhaps it is the case that the adjustment will be made in the @babel/traverse library or @babel/helper-module-imports.
Makes more sense.
Thanks Andarist!