Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add missing angle bracket #4088

Merged
merged 1 commit into from
Apr 28, 2024
Merged

Add missing angle bracket #4088

merged 1 commit into from
Apr 28, 2024

Conversation

skyf0l
Copy link
Contributor

@skyf0l skyf0l commented Apr 26, 2024

No description provided.

@lovell
Copy link
Owner

lovell commented Apr 27, 2024

Hello, thanks for the PR, given you've opened lots of similar requests I wonder if there's a better way to fix this problem as it is clearly very common.

I checked to see what npm does and it appears to already "clean" these values when publishing:

$ npm view sharp --json | grep -C1 Brodan
    "Ompal Singh <[email protected]>",
    "Brodan",
    "Ankur Parihar <[email protected]>",

It looks like npm silently makes such changes without emitting a warning:

https://github.com/npm/normalize-package-data/blob/c36710711edc5b69405b2b1c3b85d7100de9217f/lib/fixer.js#L398-L416

A popular eslint plugin for package.json files is eslint-plugin-package-json and that might also benefit from a new rule to validate the maintainers and contributors properties.

I've previously considered removing contributors' email addresses from the package.json file as these are considered personal data under law in some countries and I feel like that might be the better long-term solution for sharp.

@skyf0l
Copy link
Contributor Author

skyf0l commented Apr 27, 2024

Indeed, I accidentally saw this mistake on a big repo. Searching a bit on github, I realized it was quite common. So I decided to fix it on a few large repos.

Btw I agree with you that these e-mails are sensitive data. Although they're already in the Git history and the maintainers wrote them themselves. It's also possible that these emails are simply not currently being used by the authors. That's a question worth exploring.

eslint-plugin-package-json is a good catch, I'm going to dig it up and add a rule regarding the format of contributors' names/emails.

@lovell lovell merged commit 0fde71c into lovell:main Apr 28, 2024
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants