Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Eslint 8.21.0 introduced a few new dependencies, can we review these? #16188

Closed
1 task
romainmenke opened this issue Aug 7, 2022 · 3 comments
Closed
1 task

Eslint 8.21.0 introduced a few new dependencies, can we review these? #16188

romainmenke opened this issue Aug 7, 2022 · 3 comments
Labels
archived due to age This issue has been archived; please open a new issue for any further discussion core Relates to ESLint's core APIs and features enhancement This change enhances an existing feature of ESLint triage An ESLint team member will look at this issue soon
Projects
Triage

Comments

@romainmenke
Copy link

ESLint version

8.21.0

What problem do you want to solve?

Each dependencies is a potential attack vector and slows down npm install, ....

see :

Were these dependencies sufficiently reviewed?

What do you think is the correct solution?

Confirm that these dependencies are the right choice for the project or remove them.

Participation

  • I am willing to submit a pull request for this change.

Additional comments

No response
@romainmenke romainmenke added core Relates to ESLint's core APIs and features enhancement This change enhances an existing feature of ESLint triage An ESLint team member will look at this issue soon labels Aug 7, 2022
@eslint-github-bot eslint-github-bot bot added this to Needs Triage in Triage Aug 7, 2022
@nzakas
Copy link
Member

nzakas commented Aug 10, 2022

Is there a particular package you are concerned about?

@nzakas nzakas moved this from Needs Triage to Triaging in Triage Aug 10, 2022
@romainmenke
Copy link
Author

As long as each package is really needed and the maintainer is trusted by you there is no concern. I couldn't find any discussion in a relevant pull request about the added dependencies : #16149

Just caught my attention to see the number of installed packages go up by a non-trivial amount.

@nzakas
Copy link
Member

nzakas commented Aug 10, 2022

Yeah, that's because we implemented the new config system, which required a bunch of new dependencies. If you have any specific concerns, please feel free to open another issue.

@nzakas nzakas closed this as not planned Won't fix, can't repro, duplicate, stale Aug 10, 2022
Triage automation moved this from Triaging to Complete Aug 10, 2022
@eslint-github-bot eslint-github-bot bot locked and limited conversation to collaborators Feb 7, 2023
@eslint-github-bot eslint-github-bot bot added the archived due to age This issue has been archived; please open a new issue for any further discussion label Feb 7, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
archived due to age This issue has been archived; please open a new issue for any further discussion core Relates to ESLint's core APIs and features enhancement This change enhances an existing feature of ESLint triage An ESLint team member will look at this issue soon
Projects
Triage
Archived in project
Triage
Complete
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nzakas @romainmenke