From 1ec63156691776c13d005f3e19b58771b718b164 Mon Sep 17 00:00:00 2001 From: rory Date: Thu, 22 Feb 2024 10:25:42 -0800 Subject: [PATCH 1/2] Clarify threshold to add new lib --- .github/ISSUE_TEMPLATE/NewLibraryRequest.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/NewLibraryRequest.md b/.github/ISSUE_TEMPLATE/NewLibraryRequest.md index 83397d812780..e1068fb6a683 100644 --- a/.github/ISSUE_TEMPLATE/NewLibraryRequest.md +++ b/.github/ISSUE_TEMPLATE/NewLibraryRequest.md @@ -5,6 +5,8 @@ labels: Weekly, AutoAssignerAppLibraryReview --- In order to properly evaluate if a new library can be added to `package.json`, please fill out this request form. It will be automatically assigned someone from our review team that will go through and vet the library. +*In order to add any new production dependency, it must receive a :+1: from at least 51% of the app deployers.* + Note: This is only for production dependencies. While we don't want people to add packages to dev-dependencies willy-nilly, we recognize that there isn't as great of a need there to secure them. # Name of library: From 99c9cdaa9f9d174eea1c60397d98ec61345b293b Mon Sep 17 00:00:00 2001 From: rory Date: Sun, 25 Feb 2024 08:54:32 -0800 Subject: [PATCH 2/2] Apply suggestion to clarify instructions for new libs --- .github/ISSUE_TEMPLATE/NewLibraryRequest.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/NewLibraryRequest.md b/.github/ISSUE_TEMPLATE/NewLibraryRequest.md index e1068fb6a683..bd370970420e 100644 --- a/.github/ISSUE_TEMPLATE/NewLibraryRequest.md +++ b/.github/ISSUE_TEMPLATE/NewLibraryRequest.md @@ -5,7 +5,7 @@ labels: Weekly, AutoAssignerAppLibraryReview --- In order to properly evaluate if a new library can be added to `package.json`, please fill out this request form. It will be automatically assigned someone from our review team that will go through and vet the library. -*In order to add any new production dependency, it must receive a :+1: from at least 51% of the app deployers.* +*In order to add any new production dependency, it must be approved by the App Deployer team. They will evaluate the library and decide if it's something we want to move forward with or if other alternatives should be explored.* Note: This is only for production dependencies. While we don't want people to add packages to dev-dependencies willy-nilly, we recognize that there isn't as great of a need there to secure them.