eslint-plugin-node icon indicating copy to clipboard operation
eslint-plugin-node copied to clipboard

Published 20 hours ago verified publisher icon mysticatea

`no-unpublished-*` doesn't hit if module isn't in `devDependencies`

Open manuth opened this issue 3 years ago • 1 comments

Hello I noticed that no-unpublished-require and no-unpublished-import doesn't hit if the module isn't present in devDependencies.

As the dependency tree is being flattened during npm install, nested dependencies can end up in ./node_modules where they can be required even though they're not in package.jsons devDependencies.

In this case - as seen on line 57 - the dependency is considered public. https://github.com/mysticatea/eslint-plugin-node/blob/62212ac8ba4d375ba8a61558211f87cc0f5fb976/lib/util/check-publish.js#L55-L59

Thanks for your awesome job ✨

manuth avatar Jun 21 '21 21:06 manuth

Looks like eslint-plugin-import/no-extraneous-dependencies in combination with these rules suits my needs.

Leaving this open in case you want to make some changes anyways

manuth avatar Jun 23 '21 15:06 manuth