Nt 2008: Publishing#120
Conversation
Wiz Scan Summary
To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension. |
David Nalchevanidze (nalchevanidze)
force-pushed
the
NT-2008
branch
from
4a47256 to
25fa9bd
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
David Nalchevanidze (nalchevanidze)
temporarily deployed
to
npm-registry
GitHub Actions
Inactive
David Nalchevanidze (nalchevanidze)
temporarily deployed
to
publish-registry
GitHub Actions
Inactive
David Nalchevanidze (nalchevanidze)
temporarily deployed
to
npm-registry
GitHub Actions
Inactive
David Nalchevanidze (nalchevanidze)
temporarily deployed
to
npm-registry
GitHub Actions
Inactive
| registry-url: 'https://registry.npmjs.org' | ||
|
|
||
| - name: Setup pnpm | ||
| uses: pnpm/action-setup@v4 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
David Nalchevanidze (nalchevanidze)
had a problem deploying
to
npm-registry
GitHub Actions
Failure
David Nalchevanidze (nalchevanidze)
had a problem deploying
to
npm-registry
GitHub Actions
Failure
David Nalchevanidze (nalchevanidze)
had a problem deploying
to
npm-registry
GitHub Actions
Failure
David Nalchevanidze (nalchevanidze)
had a problem deploying
to
npm-registry
GitHub Actions
Failure
David Nalchevanidze (nalchevanidze)
had a problem deploying
to
npm-registry
GitHub Actions
Failure
David Nalchevanidze (nalchevanidze)
had a problem deploying
to
npm-registry
GitHub Actions
Failure
David Nalchevanidze (nalchevanidze)
had a problem deploying
to
npm-registry
GitHub Actions
Failure
David Nalchevanidze (nalchevanidze)
had a problem deploying
to
npm-registry
GitHub Actions
Failure
David Nalchevanidze (nalchevanidze)
force-pushed
the
NT-2008
branch
from
e18b9f9 to
f13db53
Compare
David Nalchevanidze (nalchevanidze)
had a problem deploying
to
npm-registry
GitHub Actions
Failure
David Nalchevanidze (nalchevanidze)
had a problem deploying
to
npm-registry
GitHub Actions
Failure
David Nalchevanidze (nalchevanidze)
had a problem deploying
to
npm-registry
GitHub Actions
Failure
David Nalchevanidze (nalchevanidze)
had a problem deploying
to
npm-registry
GitHub Actions
Failure
| "paths": { | ||
| "logger": ["../../lib/logger/src/index.ts"] | ||
| } |
There was a problem hiding this comment.
This shouldn't be necessary on web-vanilla because it doesn't use the packages in this way, as that's pre-built.
There was a problem hiding this comment.
Let's not generate files to manage versions... we should keep that out of the codebase. If this is intended to only happen in the build, we also need to make sure it never gets checked in.
A better alternative would be to use an environment variable that can be resolved to a string at build-time. It would then be fully transient and will not have any concrete side-effects outside the build artifacts.
There was a problem hiding this comment.
I'd imagine this library would also need the tsup.config.ts and also the changes to the tsconfig.* files.
There was a problem hiding this comment.
Please do not change the build scripts for Web or React Native. They are already bundled and should not use tsup.
| "react-test-renderer": "18.3.1", | ||
| "rimraf": "catalog:", | ||
| "tslib": "catalog:", | ||
| "tsup": "catalog:", |
There was a problem hiding this comment.
This is not necessary for this package.
| "compilerOptions": { | ||
| "paths": { | ||
| "logger": ["../../lib/logger/src/index.ts"], | ||
| "mocks": ["../../lib/mocks/src/index.ts"] | ||
| } | ||
| }, |
There was a problem hiding this comment.
Is this necessary to add to every tsconfig.json file, when these packages are already registered in tsconfig.base.json?
| "logger": ["./lib/logger/src/index.ts"], | ||
| "mocks": ["./lib/mocks/src/index.ts"] |
There was a problem hiding this comment.
Is it necessary to add these entries, if we're going to add them as devDependencies to the other projects, and the packages were building fine without these entries before? Is it necessary for tsup or something?
| "logger": "workspace:*", | ||
| "p-retry": "catalog:", | ||
| "zod": "catalog:" | ||
| }, | ||
| "devDependencies": { | ||
| "@vitest/coverage-v8": "catalog:", | ||
| "mocks": "workspace:*", |
There was a problem hiding this comment.
Let's not remove either of these; just move logger to devDependencies as discussed.
There was a problem hiding this comment.
I'm a bit concerned these config files have been created and the other config files have been removed. TS settings need to be set differently for each module style. Can you verify whether tsup handles this internally, and isn't merely generating similar code twice?
David Nalchevanidze (nalchevanidze)
had a problem deploying
to
npm-registry
GitHub Actions
Error
3 participants
No description provided.