Andarist
commented
2 months ago We could accept a PR swapping this dependency for a lighter alternative. I'm not sure what that alternative would be though.
Open kachkaev opened 2 months ago
Andarist
commented
2 months ago We could accept a PR swapping this dependency for a lighter alternative. I'm not sure what that alternative would be though.
VanTanev
commented
3 weeks ago @Andarist I will open a PR with some replacements - some obvious candidates that jump out to me looking at the dependency graph https://npmgraph.js.org/?q=%40manypkg%2Fcli
Andarist
commented
3 weeks ago Please just make sure that you don't change the required node version in the process.
VanTanev
commented
3 weeks ago Current node version requirement seems to be 14.18.0. Is this the version that should be targeted? It went EoL in the beginning of 2023, but if that's the minimum requirement, I'll maintain it.
Andarist
commented
3 weeks ago I think it's preferred to maintain it within the current major line. It would be a braking change to change it. We can consider releasing a new major too but I don't quite have time to focus on it so it would be better to just keep the status quo for the time being.
VanTanev
commented
3 weeks ago Hey @Andarist, do you prefer one big PR that removes/replaces all packages, or separate PRs per package?
Andarist
commented
3 weeks ago Separate
riderx
commented
3 weeks ago There is also js-yaml who is big for find-root package.
riderx
commented
3 weeks ago Found also fs/promises who is not required i think in nodejs 14
:wave: folks! I’ve just tried
manypkginstead ofcheck-dependency-version-consistency– looks great!There is a minor internal issue I would like to bring up. Installing
@manypkg/cli@0.21.4adds quite a lot of transient dependencies some of which are quite dated. An example would bespawndamnit@2.0.0that has not been updated for six years.Because of that, the lock file gets quite polluted. Here is my diff after swapping
check-dependency-version-consistencywith@manypkg/cli(quite a lot of new stuff):Because the new dependency graph is quite big and parts of it are dated, there is a risk of bumping into security advisories that will be hard to address. It’d be great if the number of deps could be made smaller and libraries like
spawndamnitcould be replaced with something else, if possible.Despite this small concern, great tool folks! I really like the simplicity of the DX you’ve created!