zachleat
commented
4 years ago I think this is a fair point of discussion and I like it. A lot of overlap with https://github.com/11ty/eleventy/issues/1103 too!
Closed Krinkle closed 2 years ago
zachleat
commented
4 years ago I think this is a fair point of discussion and I like it. A lot of overlap with https://github.com/11ty/eleventy/issues/1103 too!
Krinkle
commented
4 years ago Package is-buffer is no longer needed, used via condense-newlines ⇨ kind-of:
kind-of@5.condense-newlines ⇨ kind-of in https://github.com/jonschlinkert/condense-newlines/pull/3.Package yargs, is-buffer and uglify-js no longer needed, used via pug:
pug ⇨ pug-filters@3.1 ⇨ uglifyjs@2 ⇨ yargs ⇨ cliui ⇨ kind-of. yargs subtree commander in https://github.com/mishoo/UglifyJS/commit/ec443e422c220619fe671166e467d3d8838b0cab, and subsequently phased out all need for external dependencies, removing source-maps (https://github.com/mishoo/UglifyJS/pull/3754), and commander (https://github.com/mishoo/UglifyJS/pull/3961).uglify-js alltogether in https://github.com/pugjs/pug/commit/a941dec45fcf7c97f2de28f8490f51Package mkdirp no longer needed, used via js-beautify:
Subtree of chokidar is quite large, used via nunjucks:
zachleat
commented
4 years ago https://github.com/11ty/eleventy/issues/1394 pertains to this, will ship with 1.0
Krinkle
commented
3 years ago on 22 Aug 2020:
- Eleventy 0.9.0 had 555 dependencies.
- Eleventy 0.11.0 currently has 372 dependencies. This includes well-known, disciplined, and standalone packages that solve core problems such as mustache and liquid, but also many many others. […]
Today:
boehs
commented
2 years ago Our of curiosity, what would happen if all the supported file formats were replaced with an opt in basis? Most 11ty users probably only use md,JS,liquid,njk,html
@zachleat opinions on trying this?
pdehaan
commented
2 years ago Our of curiosity, what would happen if all the supported file formats were replaced with an opt in basis? Most 11ty users probably only use md,JS,liquid,njk,html
I think that's being tracked in https://github.com/11ty/eleventy/issues/1103
zachleat
commented
2 years ago Just an update here, v2.0.0 is currently sitting at 192 modules:
zachleat
commented
2 years ago zachleat
commented
2 years ago This is a continuous improvement ticket, and we’ll keep the work alive—but I think with https://github.com/11ty/eleventy/issues/1305 complete and #1103 tracked separately we can go ahead and move this into the 2.0 milestone and close for now! Very open to more granular tasks on this specific topic filed as new issues! Thanks!
Is your feature request related to a problem? Yes, I'd like Eleventy to be easier to audit and trust as an executable that one would let produce HTML to serve in production to end-users. For those who care, this is not the only part that matters of course. You'd probably want to do some spot-checking on the output and have CSP in place. But I don't think treating the generator as an inherently untrustable/unreviewed black box is reasonable.
I believe the Eleventy code base and community itself is great, fairly auditable, and as a group of maintainers I think the GitHub and npm organisations of Eleventy can also be trusted to oversee itself and not be easily compromised in a way that wouldn't be quickly noticed. However, I don't think I as a user can say the same about all transitive dependencies.
Describe the solution you'd like For Eleventy to drastically reduce the number of dependencies and publishers required to be trusted for non-dev installations of the
@11ty/eleventypackage. And ideally for the handful of dependencies that remain (10? 20?) to have been audited by the maintainers of Eleventy, and to have been determined to be responsible, disciplined, well-maintained, and responsive. Perhaps we could even adopt a set of principles around this, such as how Puppeteer (link) and QUnit (link) have done.This would likely be a long-term effort and include collaborating with maintainers of upstream dependencies. I've done this before and would love to help.
Describe alternatives you've considered Jekyll 4.1.1 currently has 26 dependencies. Most of which are in turn are dependency-free and well-known standalone packages that solve core problems.
Eleventy 0.9.0 had 555 dependencies. Eleventy 0.11.0 currently has 372 dependencies. This includes well-known, disciplined, and standalone packages that solve core problems such as mustache and liquid, but also many many others.
This seems to be heading in a good direction, almost a 50% reduction compared to two years ago. If this was part of an existing effort with a tracking issue, feel free to close/merge, I'd love to help out there instead. (I did search but found none.)
Additional context
I'm probably a boring grumpy person, but I care and want to see Eleventy become even more awesome!