You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When installing the @app-config/main@2 package, you might notice some warnings and a substantial number of dependencies being added:
❯ npm install @app-config/main@2
npm WARN deprecated [email protected]: Please switch to @apidevtools/json-schema-ref-parser
npm WARN deprecated @types/[email protected]: This is a stub types definition. BSON provides its own type definitions, so you do not need this installed.
added 239 packages, and audited 240 packages in 18s
19 packages are looking for funding
run `npm fund`for details
6 high severity vulnerabilities
To address all issues, run:
npm audit fix
Run `npm audit`for details.
While the app-config library is fantastic, it might seem excessive if you simply want to load and validate configuration files for your Node.js backend. The surplus dependencies can introduce supply chain risks and increases the container image, and the presence of high-severity vulnerabilities in deprecated packages can be concerning.
This issue is particularly relevant for Node.js backend servers, where you don't need the CLI or other unnecessary dependencies on your production server. Instead, these should be declared as devDependencies.
I'd like to inquire if there are any plans to introduce a more lightweight solution tailored for Node.js. This would greatly benefit users who want a simpler, streamlined approach to config loading and validation for their backend servers.
The text was updated successfully, but these errors were encountered:
When installing the
@app-config/main@2
package, you might notice some warnings and a substantial number of dependencies being added:While the
app-config
library is fantastic, it might seem excessive if you simply want to load and validate configuration files for your Node.js backend. The surplus dependencies can introduce supply chain risks and increases the container image, and the presence of high-severity vulnerabilities in deprecated packages can be concerning.This issue is particularly relevant for Node.js backend servers, where you don't need the CLI or other unnecessary dependencies on your production server. Instead, these should be declared as
devDependencies
.I'd like to inquire if there are any plans to introduce a more lightweight solution tailored for Node.js. This would greatly benefit users who want a simpler, streamlined approach to config loading and validation for their backend servers.
The text was updated successfully, but these errors were encountered: