On 1/2/24 09:50, Yadd wrote:
Package: node-html5-qrcode
Version: 2.3.8+repack-3
Severity: serious
Justification: not-dfsg
X-Debbugs-Cc: y...@debian.org
node-html5-qrcode is built using "npm install" which downloads libraries
from Internet. This is totally out of DFSG.
For now, the --omit-dev avoid downloading anything until this package
will have dependencies but npm still access to Internet for "audit".
Easy to fix: use "pkgjs-run build" instead of npm (and drop build
dependency to npm)
second bug: package is unusable because not installed correctly (that's
probably why autopkgtest was disabled...), also third_party/ is missing
in install
A fixed version of this package is available at
https://salsa.debian.org/js-team/node-html5-qrcode
