Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove @storybook/html peer dependency from root package.json and re-enable audit for prod #1322

Merged
merged 2 commits into from
Jun 23, 2023
Merged

Remove @storybook/html peer dependency from root package.json and re-enable audit for prod #1322

merged 2 commits into from
Jun 23, 2023

Conversation

jattasNI
Copy link
Contributor

@jattasNI jattasNI commented Jun 23, 2023
edited
Loading

Pull Request

🤨 Rationale

Fixes #1317.

The npm audit of production dependencies was failing because of deps that Storybook brought in. But Storybook should really be a dev dependency.

Storybook is listed as a production dependency because it's in peerDependencies in the root package.json. We added it there in this commit of the PR that migrated us to Storybook 7. I believe the rationale was that it was necessary to apply a patch to the package. (I'd like to remove that patch but I think it's not possible until storybookjs/storybook#22384 is available. Currently it's only released in an alpha branch)

👩‍💻 Implementation

  1. Remove @storybook/html from peerDependencies in the root package.json
  2. git clean -fdx
  3. npm install to regenerate package-lock.json
  4. Re-enable audit for all severity levels for prod dependencies

🧪 Testing

I locally verified that the patch was still applied to the file inside node_modules. If it isn't applied, I believe we'd see a build error.

I locally verified that npm audit --only=prod succeeds now.

Otherwise relying on the PR build.

✅ Checklist

  • I have updated the project documentation to reflect my changes or determined no changes are needed.

jattasNI
jattasNI commented Jun 23, 2023
View reviewed changes
@jattasNI jattasNI marked this pull request as ready for review June 23, 2023 18:43
@jattasNI jattasNI requested a review from rajsite as a code owner June 23, 2023 18:43
@jattasNI jattasNI merged commit b574fdf into main Jun 23, 2023
@jattasNI jattasNI deleted the remove-storybook-peerdep branch June 23, 2023 22:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rajsite rajsite rajsite approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Revert loosening of npm audit strictness
2 participants
@jattasNI @rajsite