paularmstrong/onerepo

Public packages should not be able to have production level private dependencies

Closed this issue · 0 comments

paularmstrong commented

What version of oneRepo are you using?

1.1.0

Environment info

n/a

Command

one graph verify

What did you expect to happen?

Using the following two packages, @acme/foo and @acme/bar with the given package.json files:

{
  "name": "@acme/foo",
  "private": true
}
{
  "name": "@acme/bar",
  "version": "1.0.0",
  "dependencies": {
    "@acme/foo": "workspace:*"
  }
}

one graph verify should fail, because the private dependency @acme/foo cannot be published.

What actually happened?

No problems are reported

Participation

  • I am willing to submit a pull request for this issue.