Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Would a PR to make azure stuff peerDependenciesMeta and maybe decrease some of the dependencies be acceptable?
See original GitHub issueHi there.
I was wondering if PR that would make some of the larger dependencies be inside peerDependenciesMeta instead of part of the dependency list would be accepted or rejected due to breaking changes?
Cause right now the dependency list for tedious is really really… big and most of it comes from integration with azure services:
D:\NFP\temp> npm list
D:\NFP\temp
`-- tedious@11.0.9
+-- @azure/identity@1.3.0
| +-- @azure/core-http@1.2.5
| | +-- @azure/abort-controller@1.0.4
| | | `-- tslib@2.2.0 deduped
| | +-- @azure/core-asynciterator-polyfill@1.0.0
| | +-- @azure/core-auth@1.3.0
| | | +-- @azure/abort-controller@1.0.4 deduped
| | | `-- tslib@2.2.0 deduped
| | +-- @azure/core-tracing@1.0.0-preview.11 deduped
| | +-- @azure/logger@1.0.2 deduped
| | +-- @types/node-fetch@2.5.10
| | | +-- @types/node@15.12.0 deduped
| | | `-- form-data@3.0.1 deduped
| | +-- @types/tunnel@0.0.1
| | | `-- @types/node@15.12.0 deduped
| | +-- form-data@3.0.1
| | | +-- asynckit@0.4.0
| | | +-- combined-stream@1.0.8
| | | | `-- delayed-stream@1.0.0
| | | `-- mime-types@2.1.31
| | | `-- mime-db@1.48.0
| | +-- node-fetch@2.6.1
| | +-- process@0.11.10
| | +-- tough-cookie@4.0.0
| | | +-- psl@1.8.0
| | | +-- punycode@2.1.1 deduped
| | | `-- universalify@0.1.2
| | +-- tslib@2.2.0 deduped
| | +-- tunnel@0.0.6
| | +-- uuid@8.3.2 deduped
| | `-- xml2js@0.4.23
| | +-- sax@1.2.4
| | `-- xmlbuilder@11.0.1
| +-- @azure/core-tracing@1.0.0-preview.11
| | +-- @opencensus/web-types@0.0.7
| | +-- @opentelemetry/api@1.0.0-rc.0
| | `-- tslib@2.2.0 deduped
| +-- @azure/logger@1.0.2
| | `-- tslib@2.2.0 deduped
| +-- @azure/msal-node@1.0.0-beta.6
| | +-- @azure/msal-common@4.3.0
| | | `-- debug@4.3.1
| | | `-- ms@2.1.2 deduped
| | +-- axios@0.21.1 deduped
| | +-- jsonwebtoken@8.5.1
| | | +-- jws@3.2.2 extraneous
| | | +-- lodash.includes@4.3.0
| | | +-- lodash.isboolean@3.0.3
| | | +-- lodash.isinteger@4.0.4
| | | +-- lodash.isnumber@3.0.3
| | | +-- lodash.isplainobject@4.0.6
| | | +-- lodash.isstring@4.0.1
| | | +-- lodash.once@4.1.1
| | | +-- ms@2.1.2
| | | `-- semver@5.7.1
| | `-- uuid@8.3.2 deduped
| +-- @types/stoppable@1.1.1
| | `-- @types/node@15.12.0
| +-- axios@0.21.1
| | `-- follow-redirects@1.14.1
| +-- events@3.3.0
| +-- jws@4.0.0
| | +-- jwa@2.0.0 extraneous
| | `-- safe-buffer@5.2.1
| +-- keytar@7.7.0
| | +-- node-addon-api@3.2.1
| | `-- prebuild-install@6.1.3
| | +-- detect-libc@1.0.3
| | +-- expand-template@2.0.3
| | +-- github-from-package@0.0.0
| | +-- minimist@1.2.5
| | +-- mkdirp-classic@0.5.3
| | +-- napi-build-utils@1.0.2
| | +-- node-abi@2.30.0
| | | `-- semver@5.7.1 deduped
| | +-- npmlog@4.1.2
| | | +-- are-we-there-yet@1.1.5
| | | | +-- delegates@1.0.0
| | | | `-- readable-stream@2.3.7 extraneous
| | | +-- console-control-strings@1.1.0
| | | +-- gauge@2.7.4
| | | | +-- aproba@1.2.0
| | | | +-- console-control-strings@1.1.0 deduped
| | | | +-- has-unicode@2.0.1
| | | | +-- object-assign@4.1.1
| | | | +-- signal-exit@3.0.3
| | | | +-- string-width@1.0.2
| | | | | +-- code-point-at@1.1.0
| | | | | +-- is-fullwidth-code-point@1.0.0
| | | | | | `-- number-is-nan@1.0.1
| | | | | `-- strip-ansi@3.0.1 deduped
| | | | +-- strip-ansi@3.0.1
| | | | | `-- ansi-regex@2.1.1
| | | | `-- wide-align@1.1.3
| | | | `-- string-width@1.0.2 deduped
| | | `-- set-blocking@2.0.0
| | +-- pump@3.0.0
| | | +-- end-of-stream@1.4.4
| | | | `-- once@1.4.0 deduped
| | | `-- once@1.4.0
| | | `-- wrappy@1.0.2
| | +-- rc@1.2.8
| | | +-- deep-extend@0.6.0
| | | +-- ini@1.3.8
| | | +-- minimist@1.2.5 deduped
| | | `-- strip-json-comments@2.0.1
| | +-- simple-get@3.1.0
| | | +-- decompress-response@4.2.1
| | | | `-- mimic-response@2.1.0
| | | +-- once@1.4.0 deduped
| | | `-- simple-concat@1.0.1
| | +-- tar-fs@2.1.1
| | | +-- chownr@1.1.4
| | | +-- mkdirp-classic@0.5.3 deduped
| | | +-- pump@3.0.0 deduped
| | | `-- tar-stream@2.2.0
| | | +-- bl@4.1.0 deduped
| | | +-- end-of-stream@1.4.4 deduped
| | | +-- fs-constants@1.0.0
| | | +-- inherits@2.0.4 deduped
| | | `-- readable-stream@3.6.0 deduped
| | `-- tunnel-agent@0.6.0
| | `-- safe-buffer@5.2.1 deduped
| +-- msal@1.4.11
| | `-- tslib@1.14.1 extraneous
| +-- open@7.4.2
| | +-- is-docker@2.2.1
| | `-- is-wsl@2.2.0
| | `-- is-docker@2.2.1 deduped
| +-- qs@6.10.1
| | `-- side-channel@1.0.4
| | +-- call-bind@1.0.2
| | | +-- function-bind@1.1.1
| | | `-- get-intrinsic@1.1.1 deduped
| | +-- get-intrinsic@1.1.1
| | | +-- function-bind@1.1.1 deduped
| | | +-- has@1.0.3
| | | | `-- function-bind@1.1.1 deduped
| | | `-- has-symbols@1.0.2
| | `-- object-inspect@1.10.3
| +-- stoppable@1.1.0
| +-- tslib@2.2.0
| `-- uuid@8.3.2
+-- @azure/keyvault-keys@4.1.0
| +-- @azure/core-http@1.2.5 deduped
| +-- @azure/core-lro@1.0.5
| | +-- @azure/abort-controller@1.0.4 deduped
| | +-- @azure/core-http@1.2.5 deduped
| | +-- @azure/core-tracing@1.0.0-preview.11 deduped
| | +-- events@3.3.0 deduped
| | `-- tslib@2.2.0 deduped
| +-- @azure/core-paging@1.1.3
| | `-- @azure/core-asynciterator-polyfill@1.0.0 deduped
| +-- @azure/core-tracing@1.0.0-preview.9 extraneous
| +-- @azure/logger@1.0.2 deduped
| +-- @opentelemetry/api@0.10.2 extraneous
| `-- tslib@2.2.0 deduped
+-- @azure/ms-rest-nodeauth@3.0.10
| +-- @azure/ms-rest-azure-env@2.0.0
| +-- @azure/ms-rest-js@2.5.0
| | +-- @azure/core-auth@1.3.0 deduped
| | +-- abort-controller@3.0.0
| | | `-- event-target-shim@5.0.1
| | +-- form-data@2.5.1 extraneous
| | +-- node-fetch@2.6.1 deduped
| | +-- tough-cookie@3.0.1 extraneous
| | +-- tslib@1.14.1 extraneous
| | +-- tunnel@0.0.6 deduped
| | +-- uuid@3.4.0 extraneous
| | `-- xml2js@0.4.23 deduped
| `-- adal-node@0.2.2 deduped
+-- adal-node@0.2.2
| +-- @types/node@8.10.66 extraneous
| +-- async@2.6.3
| | `-- lodash@4.17.21
| +-- axios@0.21.1 deduped
| +-- date-utils@1.2.21
| +-- jws@3.2.2 extraneous
| +-- underscore@1.13.1
| +-- uuid@3.4.0 extraneous
| +-- xmldom@0.6.0
| `-- xpath.js@1.1.0
I was wondering if a PR that refactored some of the internal mechanics made those peerDependenciesMeta optional like knex does with its drivers would be acceptable to this community? Cause not everyone is gonna be using azure and right now:
That’s over five thousand files of code installed and 32MB just to talk with a database. And personally I find that a tad bit too much for a single dependency in production environment.
If such a thing is acceptable, I would get started on making that PR to… reduce the size and increase the nimbleness of tedious if that’s okay. If not then feel free to close this issue 😃
Issue Analytics
- State:
- Created 2 years ago
- Reactions:6
- Comments:15 (1 by maintainers)
Top Results From Across the Web
Resiliency and dependencies - Microsoft Azure Well ...
In this article. Key points; Build resiliency with failure mode analysis; Understand the impact of dependencies; Next step; Related links.
Read more >Should I duplicate "peerDependencies" in "dependencies ...
So if you add typescript to your "devDependencies": {} section in package.json and do an npm install , NPM will install both dependencies...
Read more >package.json - npm Docs
This flow will occur if your git dependency uses workspaces , or if any of the following scripts are present: build; prepare; prepack;...
Read more >Frequently Asked Questions (FAQ) - Renovate Docs
Find and process all package files (e.g. package.json , composer.json , Dockerfile , etc) in each repository; Use separate branches/PR for each dependency;...
Read more >Peer Dependencies | Node.js
In particular, it handles sub-dependencies very well: if my package ... <script> s you would drop into your page that would attach things...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Worse - it appears that this patch release adds a dependency on @azure/identity 1.3.0, which has a transitive dependency on something called ‘keytar’, that requires a download and compile of some C code that wasn’t there earlier. Our build systems cannot download files from AWS, so this part of the install fails our builds.
Is there a need to download this C code?
@arthurschreiber optional dependencies are very common and used in many projects. There is absolutely no problem with them and using them is exactly the reason they exist! To cut down the optional dependencies.
A good example of optional dependencies is https://github.com/knex/knex where they use optional dependencies for each database driver, as you usually need just one driver and not all supported.
Same should be with Tedious - just add the authentication methods you want - and not all possible.
Knex actually use Tedious as well because of its early light dependencies, but now with all those tons of unnecessary dependencies it is getting harder to justify. Specially on production environments.