Currently when importing/requiring cve-core in another project, you need to make a copy of the entire cve-core/config directory in the project. This means that the downstream project needs to make sure that defaults.jsonc and custom-environment-variables is identical to the specific version of cve-core they are using, and updating cve-core to a newer version may require changes to their local copies of those files.
A better approach is to use the configuration files in node_modules/cve-core/config, which will always have the proper version for each release. Then in the downstream project's config directory, only put overrides. This will minimize the coupling between the projects.
Currently when importing/requiring cve-core in another project, you need to make a copy of the entire
cve-core/configdirectory in the project. This means that the downstream project needs to make sure thatdefaults.jsoncandcustom-environment-variablesis identical to the specific version of cve-core they are using, and updating cve-core to a newer version may require changes to their local copies of those files.A better approach is to use the configuration files in
node_modules/cve-core/config, which will always have the proper version for each release. Then in the downstream project'sconfigdirectory, only put overrides. This will minimize the coupling between the projects.