he/him 
If you have a dependency that exposes binaries with @npmjs then removing that dep is a semver major since it's breaking as npm puts... [1/2]
-
your library itself "leaks upward" too with flat deps. I don't see how that's different?
you don't know where binaries come from since they can be arbitrarily named, you can check package.json to see what modules...
-
-
you can access in your node_modules folder but theres no parallel for binaries besides manually opening the package.json of deps
-
You mean to see where the bins came from? It's easy on mac/linux `ls -l node_modules/.bin`– they're all symlinks.
End of conversation
New conversation -
-
-
Removing a bin could result in something else slotting in there, but removing a bin IS a breaking change regardless.
-
sure, for the transitive dep but my point is that transitive dep binaries are now a part of your own libraries API contract
- 1 more reply
New conversation -
-
-
If you depend on something that provides a bin, you're guaranteed its the thing providing it.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.