@zachleat@zachleat.com@… the best idea I have right now (and it’s not good) might be a script to help manage package.json overrides at the app code level.
(also I agree with your take. I’d also accept a dep with an extra CLI that uses Node’s arg parser)
@ripienaar@devco.socialI really just want a few CLI utilities that essentially present what Puppet resources does as a command.
$ thing package ensure zsh —version 1.2.3
It should have exit code API and json output.
Nothing more, just: package, user, service, exec
Ideally with no dependencies like Ruby
Seems like a lot to ask alas.
@aral@mastodon.ar.alNode.js devs, so picture this: you run `npm install` and you get a bunch of packages with audit errors.
The only thing I want to know at that point is what’s the root package that these dependencies belong to? (Running npm audit fix is a last resort as I don’t like it fiddling around with the dependencies of nested packages.)
It’s also not a straightforward thing to do, but it’s nothing jq and a bit of piping can’t fix:
```bash
npm audit --json | jq -r '.vulnerabil…