[rush] browser-approved-packages.json is not updated when dependencies are removed
Closed this issue · 2 comments
Summary
When you add a new dependency, browser-approved-packages.json is updated correctly. If I were then to remove that dependency, browser-approved-packages.json is not updated.
Repro steps
- Add new dependency
rush update- Delete dependency added in step 1
rush update
Expected result:
The dependency should be added and then removed from browser-approved-packages.json.
Actual result:
The dependency is added and remains in browser-approved-packages.json.
Standard questions
Please answer these questions to help us investigate your issue more quickly:
| Question | Answer |
|---|---|
@microsoft/rush globally installed version? |
v18.17.1 |
rushVersion from rush.json? |
5.109.1 |
useWorkspaces from rush.json? |
|
| Operating system? | Mac |
| Would you consider contributing a PR? | No |
Node.js version (node -v)? |
v18.17.1 |
This is by design. The idea is that a package remains "approved" even if it's no longer used once it was accepted into one of those files by the team that owns the repo.
However, adding a configuration option to auto-trim those files would probably be a useful feature. We'd probably accept that feature if someone put it together. That would be pretty easy, if you're interested in writing it.
For now, closing this as by-design.
The idea is that a package remains "approved" even if it's no longer used once it was accepted into one of those files by the team that owns the repo.
Agreed -- in many cases the process for "approving" a package may require nontrivial effort (filling out a form, having a discussion, reaching consensus). So it could be disadvantageous for the approval result to be revoked merely because no project was using that dependency (yet).
However, adding a configuration option to auto-trim those files would probably be a useful feature.
Another idea would be a Rush command to manually report/prune unused approvals.