Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Reign in Ganache-Core dependencies.
See original GitHub issueI just did npm install ganache-core and it brought in:
added 1642 packages from 1150 contributors and audited 46082 packages in 36.351s found 11 vulnerabilities (10 low, 1 high) run
npm audit fixto fix them, ornpm auditfor details
1642 dependencies is insanity and should be reigned in. While I understand this is a pretty big project, that is a crazy number of dependencies. Also, the more dependencies you have the more vulnerabilities there will be. Since this is a test library it isn’t that big of a deal except that it contributes to training users to ignore GitHub vulnerability warnings and can potentially obscure actual vulnerabilities due to having to mentally ignore all of the vulnerabilities from packages brought in by ganache-core.
Also, those 1642 dependencies account for ~166 MB of disk space and bandwidth to fetch, more if you count headers (bandwidth) and block sizes (disk space).
Surely, there is room to trim down some of this cruft?
Issue Analytics
- State:
- Created 3 years ago
- Reactions:2
- Comments:5 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
We plan on removing web3 from production in the future.
Fixed in next major release. Created new problem whilst fixing: https://github.com/trufflesuite/ganache-core/issues/744