pskevin commented on code in PR #17580:
URL: https://github.com/apache/beam/pull/17580#discussion_r872859172
##########
sdks/typescript/package.json:
##########
@@ -32,6 +32,7 @@
"chai": "^4.3.4",
"date-fns": "^2.28.0",
"fast-deep-equal": "^3.1.3",
+ "find-git-root": "^1.0.4",
Review Comment:
A few suggestions that don't need action:
- It is usually advisable to avoid using modules that are not actively
maintained and/or do something trivial because of the eventual [dependency
bloat](https://news.ycombinator.com/item?id=22830284). It also makes
identifying what packages are dev dependencies v/s ones that are actually
needed at runtime hard amongst a host of other issues.
- Eventually, we should [evaluate the
strictness](https://blog.softwaremill.com/it-depends-the-art-of-dependency-management-in-javascript-f1f9c3cde3f7)
of our [dependency
versioning](https://nodejs.dev/learn/semantic-versioning-using-npm). Having a
`package-lock.json` file solves the problem that arises from dependency
upgrades only if the upgrades are within our bounds of expectations.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
