search

SocketCluster / socketcluster

Highly scalable realtime pub/sub and RPC framework
https://socketcluster.io
MIT License
6.15k stars 314 forks source link

Unused dependencies #577

Closed MegaGM closed 1 year ago

MegaGM commented 1 year ago

minimist is now required and used by @maartennnn/cli-builder
connect is unused. Trails from Asyngular@1.0.4
install I'm not sure what it even does, but I'm slightly suspicious of any modules which recursively walk directories and have functions called like fileEvaluate :smiling_imp:
Especially when a module has ~500k downloads each week for many years yet has only ~50 Github stars. Someone definitely would love to exploit such a nifty package name install Well, at least source file install.js on Github has the same length as install.js from actually installed install npm package. So, perhaps the package bears no ill intentions after all.

MegaGM commented 1 year ago

Packages with names npm and install, were introduced in v16.0.2 https://github.com/SocketCluster/socketcluster/commit/06150056ed688de2ea59ceb2acc6875280dba7f4 Package npm was removed in v16.1.0 https://github.com/SocketCluster/socketcluster/commit/2e841a83be822e021e087ca2449eb5bf65fc152b