chore: remove licensee as a devDependency #7380
Conversation
|
I would strongly suggest keeping licensee; especially with its community corrections overrides, it's going to be more robust than a homegrown script. |
wraithgar
force-pushed
the
lk/license-script
branch
from
f23f0a1
to
1f11d95
Compare
wraithgar
changed the title
|
This is much better, but will still break whenever v11 comes out - what's the benefit of hiding the dependency information by not listing it explicitly? Listing it explicitly means tooling is aware of it. |
|
It uses a lot of the same subdependencies as npm, but it uses older versions of them. There is quite a bit of cognitive load trying to manage them in the tree and disregard them as not something to update. |
|
when you say "manage them in the tree", do you mean in the lockfile? or do you mean that npm vendors dev deps as well as runtime deps? (perhaps only runtime deps should be vendored, if so) |
|
We update deps in npm every release, it is a very mentally intensive process because of the nature of npm, every update is done individually and checked. Checking for outdated deps is also done every time and these only make the process more exhausting. This is a quality of life improvement for the folks who maintain npm. Arguments coming from the perspective of ideals or the purity of architecture are not going to carry any weight here. |
|
If But currently |
|
Alrighty. Seems like a motivation to change the workflow so npm maintainers' quality of life isn't dramatically worse than everyone else's :-) but obv its up to yall |
|
The best future here would be But that will take substantially longer than replacing |
It is only used during CI and we can call it with npx
wraithgar
force-pushed
the
lk/license-script
branch
from
1f11d95
to
68c95dd
Compare
It is only used during CI and we can call it with
npx