You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is it possible to add a feature to whitelist only certain versions of a package?
Whitelisting only the package name doesn't really help when the license is changed by the package owner (especially when it's not reflected in the package.json of that package). I can only verify (manually) the current version in use and whitelist that if it has a "green license". But if the owner later decides to change the license, I still have the package excluded...
Ideally the packageAllowList would allow entries like "[email protected]" to lock a version.
The text was updated successfully, but these errors were encountered:
Is it possible to add a feature to whitelist only certain versions of a package?
Whitelisting only the package name doesn't really help when the license is changed by the package owner (especially when it's not reflected in the package.json of that package). I can only verify (manually) the current version in use and whitelist that if it has a "green license". But if the owner later decides to change the license, I still have the package excluded...
Ideally the packageAllowList would allow entries like "[email protected]" to lock a version.
The text was updated successfully, but these errors were encountered: