I just found out by chance that @octokit/auth-oauth-app was using universal-user-agent without having it listed as dependency. That caused a problem with loading the package from https://cdn.skypack.dev/@octokit/[email protected].
I did a quick research and found dependency-check, which can check for that. It can also check if a dependency is listed in package.json that is not used in the code
It needs to be run against the build version of the package, but making sure that the package builds is a good idea anyway. So I think we should add these to steps to .github/workflows/test.yml's test job
run: npm run build
run: npx dependency-check ./pkg/package.json --no-dev --ignore-module @octokit/types --ignore-module @octokit/openapi-types --ignore-module "@types/*"
One thing that's tricky: when we use only types from a package, it's not used in the code, but the package still needs to be a production dependency to make sure all required types are present when installing a package
I just found out by chance that
@octokit/auth-oauth-appwas usinguniversal-user-agentwithout having it listed as dependency. That caused a problem with loading the package from https://cdn.skypack.dev/@octokit/[email protected].I did a quick research and found
dependency-check, which can check for that. It can also check if a dependency is listed inpackage.jsonthat is not used in the codeIt needs to be run against the build version of the package, but making sure that the package builds is a good idea anyway. So I think we should add these to steps to
.github/workflows/test.yml'stestjobOne thing that's tricky: when we use only types from a package, it's not used in the code, but the package still needs to be a production dependency to make sure all required types are present when installing a package