Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
please move snyk from dependencies to devDependencies
See original GitHub issueIs snyk required to use quagga2? If not, it’ll be amazing if it wasn’t part of npm install @ericblade/quagga2. I ask because snyk is a pretty large dependency, weighting in at minimum 50 MB, up to 120 MB extra - depending how many of the peers of snyk you already have.
Issue Analytics
- State:
- Created 2 years ago
- Reactions:1
- Comments:13 (7 by maintainers)
Top Results From Across the Web
why Snyk isn't only in dev dependencies ? · Issue #146 - GitHub
Hi Snyk teams, Is there a reason why Snyk is automatically added in package.json { dependencies: … } and not in { devDependencies:...
Read more >How do I move projects between organizations? - Snyk Support
You can move your projects to a different organization using the Snyk API Feature availabilityThis feature is available with Business...
Read more >CLI returns the error: 'Failed to get Vulns' - Snyk Support
It is recommended to move react-scripts into the devDependencies section of a project. There is a work around for larger projects, prune the...
Read more >dependency-order - npm Package Health Analysis - Snyk
Generates a dependency list of packages in a monorepo. Explicitly lists all monorepo (dev)dependencies in order, chunking into "stages" of ...
Read more >Project import errors – Support Portal | Snyk
The manifest file is missing, has been moved or renamed. If this is intentional, please deactivate or delete this project in settings.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
just went ahead and removed it in https://github.com/ericblade/quagga2/commit/c966812ee968ad8a00d85b66d59741149adf0270
also updated all the other safe to update devDeps
I appreciate the additional analysis. The situation has quite probably changed quite a bit from when I forked initially.
Good news? i’ve got a long weekend from work right now, perhaps between time spent catching up on house repairs and mandatory computer upgrades, I’ll grab some time to take a look at this. It might well be possible that just relying on dependabot would be fine… the landscape for this sort of stuff has changed drastically in the last couple of years. Maybe i’ll get the automated release/patch notes things working correctly too 😃