Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Drop request dependency

See original GitHub issue

Packages depend on node-pre-gyp as a deep dependency, not as a top level dependency. Deep dependencies should be lightweight and shouldn’t include bloatware. While the request library has a lot of offer, it ships a shitton of bloatware on install, Node provides http.request and https.request we should be using that

Issue Analytics

State:
Created 8 years ago
Reactions:8
Comments:14 (4 by maintainers)

Top GitHub Comments

1reaction

springmeyercommented, Oct 24, 2016

I would be open to using got. We maintain two series of node-pre-gyp to make this non-breaking:

0.6.x series keeps using request, supports node v0.10x
1.x series moves to got and only supports node >4

Anyone interested in providing a PR against master that moves to got? I would also be open to reviewing PRs that remove other heavy dependencies. Space savings is a concern.

0reactions

dantmancommented, May 5, 2018

Adding to the reasons. request requires a lot of dependencies, these dependencies are the type that commonly have security vulnerabilities that get reported and patched. However the majority of these dependencies aren’t even used by node-pre-gyp. And node-pre-gyp is used all over the place.

In short, when you use security vulnerability checkers like snyk you continually get security vulnerability warnings introduced through node-pre-gyp for irrelevant security vulnerabilities, and request is the cause of many of these.

Top Results From Across the Web

Texas A&M University Q-Drop Request Form

By signing this form, I certify my understanding that hours for Q-dropped courses WILL NOT BE USED TO DETERMINE ENROLLMENT STATUS.

Current Quarter Drop - Office of the University Registrar

The Current Quarter Drop process allows students to drop classes using the Adviser-Assisted Drop Request Form during the Late Course Drop Period.

Drop mock dependency by GallowayJ · Pull Request #6723

Dropped mock as a dependency to resolve issue #6665 by changing imports of mock to unittest.mock and removing mock from requirements.txt.

Merge request dependencies - GitLab Docs

Dependent merge requests display information about the total number of dependencies set, such as (status-warning) Depends on 1 merge request being merged.

Reduced Course Load - Study in the States - Homeland Security

Once the DSO submits the information to SEVIS, the RCL is approved and the student may drop the requested courses.