On your build pipeline, you could write a custom script that can extract necessary information from package.json and add it to new JSON file e.g. versionInfo.json.
Have the same file checked-in for local dev usage.
You can securely copy this and use this.
Correct, there are security implications when importing the whole package.json.
Another option is to add node to your types property in tsconfig. Then you can use require like the following:
version = require('path/to/package.json').version
But this also exposes
package.json
to dist, right?On your build pipeline, you could write a custom script that can extract necessary information from
package.json
and add it to new JSON file e.g.versionInfo.json
.Have the same file checked-in for local dev usage.
You can securely copy this and use this.
Excuse me, but copy what? Did you paste a code snippet I can't see?