elm-typescript-interop icon indicating copy to clipboard operation
elm-typescript-interop copied to clipboard

Published 20 hours ago verified publisher icon dillonkearns

Circular dependency causing elm-typescript-interop to depend on Elm 0.18.0?

Open stenehall opened this issue 4 years ago • 0 comments

Installing the latest version of elm-typescript-interop results in a package-lock.json file containing the the following. I've tried to edit out the unimportant parts to better show what's happening. elm-typescript-interop is dependent on elm: 0.18.0 and as a result of that also tar: 2.2.1.

When it comes to Elm this isn't much of a problem since the latest version of elm will precide the old version and only 0.19 will be installed. However it also results in tar 2.2.1 being installed and that causes our npm audit to complain

"elm-typescript-interop": {
      "version": "0.0.17",
      "resolved": "https://registry.npmjs.org/elm-typescript-interop/-/elm-typescript-interop-0.0.17.tgz",
      "requires": {
        "elm": "^0.18.0",
        "glob": "^7.1.3"
      },
      "dependencies": {
...
"elm": {
          "version": "0.18.0",
          "resolved": "https://registry.npmjs.org/elm/-/elm-0.18.0.tgz",
          "requires": {
            "mkdirp": "0.5.1",
            "tar": "2.2.1"
          }
        },
...

My guess for why this is happening is the seemingly circulare dependency of itself here: https://github.com/dillonkearns/elm-typescript-interop/blob/master/package.json#L25

stenehall avatar Jun 11 '20 13:06 stenehall