You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Originally posted on Slack but moved here so it can be referenced in PRs and it's a bit less of an ephemeral discussion.
Original message:
helloo! has there at any point been a discussion about limiting the number of dependencies that blitz has? some reasons below:
long-term maintainability — I’ve worked with js/node for a long time and one of the things that projects almost always suffer from is to keeping packages up-to-date - new versions have breaking changes, not respecting semver versions, deps’ sub-deps having conflicting versions, and yada yada. it’s often a black hole of time to keep dependencies up-to-date and it’s very unpredictable when you will have problems with it. npm is fantastic but it’s also tempting to just throw a package at any problem which isn’t always a good thing to do.
dev familiarity — if the code is generally using built-in node/browser-functionality, it’s usually a low barrier of entry; even if libs improves the DX on top, one still needs to become familiar to that lib in.
security — i’m not a sec expert by any means, but it’s not hard to do a targeted attack by getting control/buying a sub-sub dependency and releasing a malicious version to npm. the more deps the bigger the attack vector
As @flybayer pointed out on Slack it would also reduce install time.
I've just poked around a bit without any particular smart method and noticed a few deps that are only used in 1 or 2 places, and will do a few PRs referring to this issue just to see how removing them is received. The ones I've seen don't have any great impact but it's baby steps.
One thing I'd like to get is a good method of is to easily figure out which dependencies have the largest impact on their overall size versus how used they are in the blitz codebase. Ideally, I think I'd like to get something like this out:
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Originally posted on Slack but moved here so it can be referenced in PRs and it's a bit less of an ephemeral discussion.
Original message:
As @flybayer pointed out on Slack it would also reduce install time.
I've just poked around a bit without any particular smart method and noticed a few deps that are only used in 1 or 2 places, and will do a few PRs referring to this issue just to see how removing them is received. The ones I've seen don't have any great impact but it's baby steps.
One thing I'd like to get is a good method of is to easily figure out which dependencies have the largest impact on their overall size versus how used they are in the blitz codebase. Ideally, I think I'd like to get something like this out:
Update:
I did a little script using depcheck that just lists the number of dependencies' occurrences.
There's a lot of those that could be ignored but probably quite a few with few occurrences that could get removed.
Script: https://github.com/KATT/blitz/blob/feature/list-deps/depcheck.js
Output
Update 2: Some more detailed results on a per-package basis:
Beta Was this translation helpful? Give feedback.
All reactions