Removal of dependency on node-jq #3230
ThisIsMissEm
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Currently the node-jq dependency pulls in some dependencies with audit issues. I've had a look at the usage of node-jq in the lerna codebase, and it looks like you could just require
jq
be installed by developers if they need to run the full build script, and otherwise, on github actions,jq
comes pre-installed as an executable.As you're only invoking via command line / shell script, the change is relatively small and saves you the need for that dependency entirely (though does become a "developer must install this first" type dependency)
There are checks you can do for "is this program installed" and if not, exit with a nice error message, e.g.,
You actually already do such a check in the update_dependency script: https://github.com/lerna/lerna/blob/main/scripts/update_dependency.sh#L12
Would you like a PR to make this change?
Beta Was this translation helpful? Give feedback.
All reactions