On 12/14/2017 03:30 AM, Thorsten Alteholz wrote: > > Hi, > > one of our trainess looked at you package and found: > * no code included, just a 10 lines json file > * no description, just a verbatim copy out of the readme > > Please reconsider whether such a package is needed.
This module is a dependency of postcss-merge-rules. I will embed it instead then. But this also means, if more modules depend on it, then it has to embedded in all of them. Since this is just data and not security sensitive code, it'd be okay from a security perspective, but it will require updating multiple packages in case vendors needs updating. > Thanks! > Thorsten > > > > === > > Please feel free to respond to this email if you don't understand why > your files were rejected, or if you upload new files which address our > concerns. > >
Description: OpenPGP digital signature