We have a monorepo with a bunch of local packages.
We're using workspace:^ as our version dependency line for these local packages.
Problem
danger-plugin-yarn reports an error Could not get info from npm on […] for all of these local dependencies
Expected Behavior
Local dependencies shouldn't be reported
Ideas
A. Skip them: by providing a config option for regexes to exclude packages. eg. excludePackages: [/^@MyRepo\/*]
B. Skip them: Recognize the workspace: version-selector-prefix (I think this is a yarn-specific pattern, but then this plugin is also yarn-specific). And the catalog: semver prefix from pnpm https://pnpm.io/catalogs. And the .workspace suffix from npm https://docs.npmjs.com/cli/v9/using-npm/dependency-selectors#dependency-type-selectors
C. Specially report them: Identify local packages, and instead use their README/package.json skipping other NPMJS-based features
D. Something else?
Note:
There is a workaround: post-process the DangerJS messages, looking for the relevant error messages, and omit them before they get published to your code-platform. Obviously, this is less ideal, both because it's painful to write the workaround, but also because you're still generating network traffic to npm about packages that you know will never exist
We have a monorepo with a bunch of local packages.
We're using
workspace:^as our version dependency line for these local packages.Problem
danger-plugin-yarnreports an errorCould not get info from npm on […]for all of these local dependenciesExpected Behavior
Local dependencies shouldn't be reported
Ideas
A. Skip them: by providing a config option for regexes to exclude packages. eg.excludePackages: [/^@MyRepo\/*]B. Skip them: Recognize the
workspace:version-selector-prefix (I think this is a yarn-specific pattern, but then this plugin is also yarn-specific). And thecatalog:semver prefix from pnpm https://pnpm.io/catalogs. And the.workspacesuffix from npm https://docs.npmjs.com/cli/v9/using-npm/dependency-selectors#dependency-type-selectorsC. Specially report them: Identify local packages, and instead use their README/package.json skipping other NPMJS-based featuresD. Something else?
Note:
There is a workaround: post-process the DangerJS messages, looking for the relevant error messages, and omit them before they get published to your code-platform. Obviously, this is less ideal, both because it's painful to write the workaround, but also because you're still generating network traffic to npm about packages that you know will never exist