Tierney Cyren
Tierney Cyren
created a Gist of my package.json, package-lock.json, and log file: https://gist.github.com/bnb/f05ed6601c7997c0453d062ac7c23a64 I've nuked node_modules and run `npm install` and then `npm ci --only=production` again, get the same error output. I've...
Updated this a bit. You can run it with `node . audit --audit-type=license --json" to get JSON output. I've got user configuration working (based on `audit` in `package.json` - I'm...
> Perhaps it's worth considering spdx_identifers or similar, to indicate it shouldn't be free-form. no other property used by npm uses an underscore - I don't think this is a...
You can publish freeform text in that field, yes. If not, it'd prevent things like BlueOak's license from being used which is IMO a very bad thing for open source...
> Free form text, but not non-strings? AFAIK you can still do an object (the npmjs.com site renders it correctly despite it being deprecated) but you really shouldn't.
Small update on this: After pairing with @izs it seems like the best approach is to update [Arborist](https://github.com/npm/arborist) (specifically, updating [AuditResolver](https://github.com/npm/arborist/blob/main/lib/audit-report.js#L20) to support licenses in addition to vulnerabilities), since without...
It looks like https://hub.docker.com/u/nodejs exists but is not in use in any way. Do we have ownership of this? Happy to help set it up if so :)
ah, judging by it having its location set to `Tiwan` my guess is that this isn't in our control. Who would be correct to reach out to Docker Hub?
just following up on this: @nodejs/docker do we own https://hub.docker.com/u/nodejs? If not, I can work with the Foundation to reach out to Docker's support to get it.
I'll begin to work with Brian on it then. Given that nothing's published there, it shouldn't be impactful even if it is ours.