Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added a depsDir option which allows for checking nested dependencies #8

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Added a depsDir option which allows for checking nested dependencies #8

wants to merge 3 commits into from

Conversation

jneurock
Copy link

I need the ability to check nested dependencies, e.g., a Bower package's dependencies that are critically important but aren't specified in my project's own bower.json file.

I added depsDir so I could create a configuration that read my dependency's bower.json file but checked my project's bower_components directory. If depsDir is falsey, packageDir is used instead (which is what is used now).

I also updated README to include a blurb about depsDir and another blurb about checkGitUrls, which I found very useful but was missing from the list of options.

@mgol
Copy link
Owner

mgol commented Feb 27, 2015

Thanks for noticing the checkGitUrls option was undocumented, I can't believe I've missed it! I've landed that change & released 0.9.2.

As for the depsDir feature, it seems to me to be a little cumbersome. To use it as you described you basically need to create a separate configuration for each dependency that has sub-dependencies to be able, right? That requires a large number of invocations of check-dependencies to check everything.

That said, this will become a problem when npm@3 gets released anyway as it will dedupe dependencies by default so I'll need to tackle it somehow. And if you wanted to write a module that would use check-dependencies to check everything recursively, you'd need check-dependencies to support the option you proposed here. :) So this might not be a bad idea.

Could you say how exactly would you use this feature? Would you write a wrapper module that would perform recursive checks or just do everything manually?

(BTW, I was thinking that if we allowed to pass custom depsDir, packageJsonName & depsJsonName this module would be general enough that people could use it even for officially unsupported package managers like component.)

I may be mostly unavailable for the next 1.5 weeks so don't get discouraged by my potential silence in the next days. I just don't want to rush it. :)

@jneurock
Copy link
Author

Thanks for the quick reply. My use case is probably uncommon but I
absolutely need the functionality. I have a Bower package that extends
another (if you want to think of it that way). The base package has the
dependencies I want to check. Either way, check-dependencies doesn't do a
recursive check (I completely understand why) and I really need to make
sure those dependencies are good.

The way I'm using this is by calling check-dependencies three times: once
for npm, once for Bower and once for this particular Bower package. In the
3rd case, I used the packageDir option to have check-dependencies read my
Bower manifest from the package folder and depsDir to tell it to look for
those dependencies in the root folder. By default, check-dependencies is
looking in packageDir.

I wrapped all those calls with Q.all() so I got one promise back to work
with and it fully satisfies my use case.

I need to be able to do this; however, if my pull request doesn't line up
with where you want to go with the module, no worries. I can just use my
fork for this project.

Thanks!
Rocky

On Fri, Feb 27, 2015 at 11:11 AM, Michał Gołębiowski <
[email protected]> wrote:

Thanks for noticing the checkGitUrls option was undocumented, I can't
believe I've missed it! I've landed that change & released 0.9.2.

As for the depsDir feature, it seems to me to be a little cumbersome. To
use it as you described you basically need to create a separate
configuration for each dependency that has sub-dependencies to be able,
right? That requires a large number of invocations of check-dependencies
to check everything.

That said, this will become a problem when npm@3 gets released anyway as
it will dedupe dependencies by default so I'll need to tackle it somehow.
And if you wanted to write a module that would use check-dependencies to
check everything recursively, you'd need check-dependencies to support
the option you proposed here. :) So this might not be a bad idea.

Could you say how exactly would you use this feature? Would you write a
wrapper module that would perform recursive checks or just do everything
manually?

(BTW, I was thinking that if we allowed to pass custom depsDir,
packageJsonName & depsJsonName this module would be general enough that
people could use it even for officially unsupported package managers like
component.)

I may be mostly unavailable for the next 1.5 weeks so don't get
discouraged by my potential silence in the next days. I just don't want to
rush it. :)


Reply to this email directly or view it on GitHub
#8 (comment)
.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jneurock @mgol