On your build pipeline, you could write a custom script that can extract necessary information from package.json and add it to new JSON file e.g. versionInfo.json.
Have the same file checked-in for local dev usage.
You can securely copy this and use this.
Correct, there are security implications when importing the whole package.json.
Another option is to add node to your types property in tsconfig. Then you can use require like the following:
version = require('path/to/package.json').versionBut this also exposes
package.jsonto dist, right?On your build pipeline, you could write a custom script that can extract necessary information from
package.jsonand add it to new JSON file e.g.versionInfo.json.Have the same file checked-in for local dev usage.
You can securely copy this and use this.
Excuse me, but copy what? Did you paste a code snippet I can't see?