[Pkg-javascript-devel] Bug#1059829: node-html5-qrcode: Build using libraries downloaded from Internet during build
Yadd
yadd at debian.org
Tue Jan 2 07:32:33 GMT 2024
On 1/2/24 09:50, Yadd wrote:
> Package: node-html5-qrcode
> Version: 2.3.8+repack-3
> Severity: serious
> Justification: not-dfsg
> X-Debbugs-Cc: yadd at debian.org
>
> node-html5-qrcode is built using "npm install" which downloads libraries
> from Internet. This is totally out of DFSG.
For now, the --omit-dev avoid downloading anything until this package
will have dependencies but npm still access to Internet for "audit".
Easy to fix: use "pkgjs-run build" instead of npm (and drop build
dependency to npm)
second bug: package is unusable because not installed correctly (that's
probably why autopkgtest was disabled...), also third_party/ is missing
in install
A fixed version of this package is available at
https://salsa.debian.org/js-team/node-html5-qrcode
More information about the Pkg-javascript-devel
mailing list