Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rfc: npm audit fix provides overrides #356

Closed
wants to merge 4 commits into from
Closed

Conversation

iarna
Copy link
Contributor

@iarna iarna commented Mar 30, 2021

Allow npm audit fix to update overrides for non-semver compatible changes.

  • Edit: Not ALL semver incompatible changes. But as an optional kind of advice that says "this is semver incompatible but we assure you it will work anyway".

See RFC for detail.

References

Depends on: #129

@isaacs
Copy link
Contributor

isaacs commented Apr 18, 2021

Decided in 2021-04-14 meeting: ratify once overrides RFC is ratified (which is only pending final review)

@isaacs
Copy link
Contributor

isaacs commented Apr 20, 2021

I think that the endpoint return data suggested here is entirely appropriate. If we see an overrides in the batch advisory result, we can just apply it to the root package.json. (Or not and just suggest it, or apply if a flag is set, etc. UX tbd.)

Resolving questions and moving to accepted.

@isaacs isaacs closed this in 1c0f0d1 Apr 20, 2021
@darcyclarke darcyclarke removed the Agenda will be discussed at the Open RFC call label May 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants