-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Large dependency graph #221
Comments
We could accept a PR swapping this dependency for a lighter alternative. I'm not sure what that alternative would be though. |
@Andarist I will open a PR with some replacements - some obvious candidates that jump out to me looking at the dependency graph https://npmgraph.js.org/?q=%40manypkg%2Fcli
|
Please just make sure that you don't change the required node version in the process. |
Current node version requirement seems to be 14.18.0. Is this the version that should be targeted? It went EoL in the beginning of 2023, but if that's the minimum requirement, I'll maintain it. |
I think it's preferred to maintain it within the current major line. It would be a braking change to change it. We can consider releasing a new major too but I don't quite have time to focus on it so it would be better to just keep the status quo for the time being. |
Hey @Andarist, do you prefer one big PR that removes/replaces all packages, or separate PRs per package? |
Separate |
There is also js-yaml who is big for find-root package. |
Found also |
π folks! Iβve just tried
manypkg
instead ofcheck-dependency-version-consistency
β looks great!There is a minor internal issue I would like to bring up. Installing
@manypkg/[email protected]
adds quite a lot of transient dependencies some of which are quite dated. An example would be[email protected]
that has not been updated for six years.Because of that, the lock file gets quite polluted. Here is my diff after swapping
check-dependency-version-consistency
with@manypkg/cli
(quite a lot of new stuff):Because the new dependency graph is quite big and parts of it are dated, there is a risk of bumping into security advisories that will be hard to address. Itβd be great if the number of deps could be made smaller and libraries like
spawndamnit
could be replaced with something else, if possible.Despite this small concern, great tool folks! I really like the simplicity of the DX youβve created!
The text was updated successfully, but these errors were encountered: