this post was submitted on 01 Mar 2024
18 points (95.0% liked)
JavaScript
1700 readers
6 users here now
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Good points. I never build libraries, only websites, so it didn't really occur to me that the dependency types we're mostly intended for that use case.
I use a pipeline to build and right now there's one stage that just installs everything, then I have separate build and test jobs. The two main issues I'm trying to correct are the fact that npm takes ages to install dependencies (even with npm ci) and that I'm subject to security scans and I don't want to be held up because of a vulnerability in my testing tools.