Skip to content

Latest commit

 

History

History
22 lines (16 loc) · 1.95 KB

DEV_README.md

File metadata and controls

22 lines (16 loc) · 1.95 KB

This page and similar pages are mostly intended for internal consumption by IDseq engineers.

Structure

  • Look for more README.md files at subdirectory levels for more specific content per component, e.g. db/README.md.
  • It is also encouraged to have detailed file/class-level comments to keep relevant documentation close to the code.

Helpful links

Check out the pages in the GitHub wiki, especially these two starting links:

We also have a collection of docs in the CZI One Confluence wiki.

package.json

Notes on understanding dependency advisories

  • You can find Dependabot alerts in the Security tab and additional advisories from npm audit.
  • Identify if the warning is for a package in devDependencies or production dependencies (generally more impactful). Run npm audit --production to see only production deps.
  • More notes from Snyk (direct vs indirect deps, dep paths vs. unique deps): https://snyk.io/blog/whats-an-npm-dependency/
  • Unfortunately, many warnings are just low signal and not relevant for how the packages are actually being used. Look carefully at what the CVE is saying would be vulernable input. See npm audit: Broken by Design and this related example.