Use "--omit=dev" internally on newer npm version

[ericcornelissen]

Closes #81

Update the behaviour when the --production flag is used on the CLI of this project to, instead of just using --production when invoking npm audit, do:

1. get the version of npm being used,
2. check the version against a version range¹²
3. use '--production' for older npm version, or
4. use '--omit=dev' for newer npm version.

Note that this change is not a breaking change for this project.

While I updated the tests, the tests as they are now are not good. The current test suite assumes you're running them with a newer version of npm. It would be better if the tests are somehow run with a controlled version of npm instead, or better yet, with various versions of npm.

Footnotes

1. The version range is probably incorrect as is. I based it on the GitHub issue with the idea to either let it evolve over time as reports come in, or adjust it after this commit if it's preferred that the range is (likely) correct before this is released. ↩

2. To perform the version range check I added a new runtime dependency, namely "semver". See: https://www.npmjs.com/package/semver ↩

[ericcornelissen]

@jeemok, I'm not sure what to make of the failing Node.js CI / build jobs - running the npm run audit command locally I'm getting the same error on the master branch (at c7cdc15) as I'm seeing in the CI job logs.

[jeemok]

thank you @ericcornelissen! I'm sorry I couldn't merge this in as your repo is in an archived state. I've made your changes and added you to the contributors list. Thank you again for your contribution!

[ericcornelissen]

I'm sorry I couldn't merge this in as your repo is in an archived state. I've made your changes and added you to the contributors list. Thank you again for your contribution!

No problem, I didn't know that was the case (good to know!). Glad to see these changes landing as well as the activity on the project 😃

[jeemok]

No problem, I didn't know that was the case (good to know!). Glad to see these changes landing as well as the activity on the project 😃

Hey Eric, no worries at all, and I'm really happy to see your changes land in the project!

By the way, I noticed you've been pretty active and engaged in Github — would you be interested in becoming a collaborator for this project? I’m a bit short on time these days and could definitely use some extra hands to keep things moving.

If you’re up for it, I’d love to have you on board. Let me know what you think!

[ericcornelissen]

By the way, I noticed you've been pretty active and engaged in Github — would you be interested in becoming a collaborator for this project? I’m a bit short on time these days and could definitely use some extra hands to keep things moving.

If you’re up for it, I’d love to have you on board. Let me know what you think!

I'll have a look at a reviewing some issues and PRs, and possibly making some contributions, for a while and I'll let you know how I feel then.

[jeemok]

I'll have a look at a reviewing some issues and PRs, and possibly making some contributions, for a while and I'll let you know how I feel then.

Sounds perfect, Eric! Take your time, and no pressure at all. Just let me know whenever you're ready. Thanks again for all your contributions—really appreciate it!