Read the statement by Michael Teeuw here.
NPM Vulnerabilities Alert.
-
@sdetweil Is there a way to tell what libraries, dependencies, files, whatever, that a given module is using?
-
@ankonaskiff17 well, only the top level… look in the node_helper.js for require(…)
but you would then have to check every one of those dependencies, and those, and those and …
and somewhere in there may be a change that causes a particular lib to break …
cause breaking changes are allowed and common now -
@sdetweil That MMM-MoonPhase module just seems hugely bloated compared to the rest of the modules. It’s like writer used some pre-built package to write module and most of it is not being used.
Was wondering how to remove some of that, I know how to comment out a line of code. Is there a way to do same but at the directory level?
It runs so probably not worth the effort. -
@ankonaskiff17 The module has loads of dev dependencies. You should probably only install prod.
{ "name": "MMM-MoonPhase", "version": "1.0.1", "description": "Todo: Insert description here!", "main": "MMM-MoonPhase.js", "author": "Nolan Kingdon", "license": "MIT", "devDependencies": { "grunt": "latest", "grunt-eslint": "latest", "grunt-jsonlint": "latest", "grunt-markdownlint": "^1.0.13", "grunt-stylelint": "latest", "grunt-yamllint": "latest", "stylelint-config-standard": "latest", "time-grunt": "latest" } } -
@mumblebaj via
npm install --only=prod --omit=devthe 1st (–only=prod) is the old way
migrating to the new way (–omit=dev)both are accepted
-
@sdetweil Can I do that retroactively or delete module then reinstall with
npm install --omit=devand that will get rid of unused directories/files?I should be able to just delete module & no need to mess with
config.jsorcustom.cssif that is route to take? -
@ankonaskiff17 yes just delete the node modules folder in the module folder and redo the npm install
no guarantee it will change the results
best just to ignore the messages
