On 12/14/2017 03:30 AM, Thorsten Alteholz wrote:
> Hi,
> one of our trainess looked at you package and found:
>  * no code included, just a 10 lines json file
>  * no description, just a verbatim copy out of the readme
> Please reconsider whether such a package is needed.

This module is a dependency of postcss-merge-rules. I will embed it
instead then. But this also means, if more modules depend on it, then it
has to embedded in all of them. Since this is just data and not security
sensitive code, it'd be okay from a security perspective, but it will
require updating multiple packages in case vendors needs updating.

> Thanks!
>  Thorsten
> ===
> Please feel free to respond to this email if you don't understand why
> your files were rejected, or if you upload new files which address our
> concerns.

Attachment: signature.asc
Description: OpenPGP digital signature

Pkg-javascript-devel mailing list

Reply via email to