react-native-vector-icons icon indicating copy to clipboard operation
react-native-vector-icons copied to clipboard

Published 20 hours ago verified publisher icon oblador

Why is yargs a dependency instead of devDependency?

Open t-ricci-enhancers opened this issue 5 years ago • 0 comments

Why is yargs a dependency instead of devDependency (or better yet, an optional peer dependency)?

It should not be shipped in an app build, it's used only to execute the scripts in the bin/ folder to generate assets (I think) and only be developers (not end-users of the app).

Can we move it out?

It bugs me out because other react-native packages requires the react-native-vector-icons library (different versions, which also give vulnerabilities reports with npm audit see #918 ) and it also resolves yargs as a dependency (whereas other packages that use yargs directly only have it as a devDependency).

Also could we make it a less restrictive version of devDependency?

I was thinking something like this:

"peerDependencies": {
    "yargs": ">= 0.8.2" // you tell me what's the minimum required version to make it work (not the minimum version without vulnerabilities)
}

t-ricci-enhancers avatar Nov 20 '19 11:11 t-ricci-enhancers