aliyun-oss-sdk file size 360kb parsed. Make it tree shakable

[ricky11]

• Browser Version or Node Version: All Versions
• ali-oss Version: @latest

The parsed size for the front-end java script library 'aliyun-oss-sdk' is about 340.62KB , it is our biggest node module library and is very heavy to download on mobile devices devices with poor internet access even in CHINA & INDIA.

Suggestion : Modularize the package simialr to S3 Javascript SDK, make it is tree shakable. Allow us to import only the part that we need like 'upload' 'multi-part-upload' etc. Remove un-needed code to speed up loading time.

Thank you

R

[Ari1c]

@ricky11 Thanks for your suggestion.if we have schedule,we will give you feedback as soon as possible.

[zhouhuiquan]

真的太大了, 一个UI库都没这么大, 我现在项目中最大的一个依赖了, 想想可笑就用了一个功能,连删除都没用到

[ricky11]

Hello, @zhouhuiquan . Sorry since i cannot read Chinese, i translate to english. Do you also agree the library 300+ kb is too large? Do you agree that it should be tree shaking? that mean if we only want to import the put or multipartupload we should import as : import 'ali-oss-delete' from ('ali-oss/delete') something like that yes?

[ricky11]

@Ari1c hi, do you think the backend team will help with all the javascript developers? the module is more than 300kb, it is very large, and even if we only use one part we need to import 300kb client side. it is quite heavy to download, any suggestions to make it modular and tree shakable?

[PeterRao]

@ricky11 Yes, The browser's lib is too large, because some npm package is based on node package. so the browser sdk has many redundant codes. We will reduce lib size later.

1. use shim module remove redundant code.
2. make the it tree shakable.

[ricky11]

Thank you peter, yes pls push this issue, we are using aws s3 as comparison, they also introduce tree shakable modules which we can require only what we need. Our customers based in China / India do not have such powerful phones/computers and internet speed to download 300kb of un-needed code.

Hope we can start a development plan to require only what we need.

Thanks

[ricky11]

Hello

I also found many of the dependencies are out of date by major version which means their is high chance of vulnerabilities in this sdk. See here : https://david-dm.org/ali-sdk/ali-oss

There are so many unneeded dependency like 'co', and 'sdk-base' . Now 90% of browser support promises, we dont need these old dependencies that are making the sdk so huge.

Please help to reduce the size and upgrade all remove the dependency of update them.

Thanks Ricky

[ricky11]

Hi, would this issue be getting attention. their are many security vulnerabilities and out of date dependencies in this sdk.

1) Update all dependencies

2) Make ali-oss tree shakable so the package is much smaller in size. If we want to import sts only why do we need to import the full 300kb library for one use case.

3) remove old code.

[ricky11]

The dependency are very out of date and node issues so many security warnings, please update this package and remove redundant code.

[F5F5]

Yes! It's too big. In the browser, we've only used a few APIs.

[PeterRao]

The dependency are very out of date and node issues so many security warnings, please update this package and remove redundant code.

Sorry， We are busy with other projects. After developed muliti-version api , we will support tree shakable for some API. But reducing the size is limited, because sdk use some big third-party libraries, like xml parse and so on. Update other package must be very cautious , it has caused some problems such as https://github.com/jhiesey/stream-http/issues/57 and so on.

[ricky11]

Hi Peter

I see, i look forward to tree shaking, because for our browser we only need multipartupload api, we dont need 99% of other api's. but we still need to import 300kb library for 1 api in the browser.

For mobile its too large, even for desktop its too large for most users to download, and cause the bundle size to be huge.. I understand that you cannot reduce the size, but tree shakable will be very good! Thanks.

[eugle]

@ricky11 I have the same requirement with you. This library has reached 560KB now, and you have been tracking it for two years. Now it is 2021

[eugle]

现在有什么办法解决吗，我只需要multipartupload这一个api，没有必要引入一个560kb的库吧，超过了所有使用的库的大小，包括antd，react，无法想象，这竟然是阿里云的官方库，竟然是对接阿里云OSS，号称一流的云主机提供商，

官方也太不给力了，不可想象

[eugle]

丢脸丢到国外了，简直是开发界的耻辱

[ricky11]

I think the hard work is done by 1 or 2 developers for ali-oss (it is official sdk) but have you tried pop-core ? https://www.npmjs.com/package/@alicloud/pop-core

i believe pop-core is also official sdk and also have api to use oss directly, but i have not tried.

I often talk to the developer of ali-oss they are very good and very reliable, but they are really quite busy. You are correct aliyun need to support NODEJS/JS more and provide more engineer to update their SDK. I think more time and preference is given to python and other languages.

I think soon you will see version 7, you can download that branch and test it. this is the code for version 7.

https://github.com/ali-sdk/ali-oss/blob/ts/ts-guide.md

[eugle]

可笑的是2年前说要优化，现在好了，从360kb直接堆到560kb？

作为一个商业软件，由此可见一斑，不可能用忙来推脱了事，看来是要切换其他云了，

这世界不止阿里云，还有腾讯云，七牛云，百度云，华为云，

这不是开源软件，不要把工作推给开发者，用户使用你的接口开发已经很费精力了，还要给你改bug吗？

从2019年说增强，优化，现在已经是2021年了？ 这个库不行就重建一个吧，

堆成屎山不是解决问题之道，我们开发者已经很累了，你再忙拿着高薪好意思吗？

技术不行就让贤吧，丢脸丢到国外，这就是阿里云的形象？打脸不？

[fyeeme]

https://www.npmjs.com/package/@alicloud/pop-core

version 7 is still not availabe.

[ricky11]

which one do you use for oss? ali-oss https://github.com/ali-sdk/ali-oss

or pop-core? actually i still dont know what is the major difference?

by the way version 7 is available just not official released : https://github.com/ali-sdk/ali-oss/tree/7.x

[fyeeme]

@ricky11
Seems that pop-core does not contain oss (maybe I missed something), and i use put,get ,multipartUploadand cancel api.

Agagin, seems v7 is stil long time for using

[fyeeme]

@ricky11 Yes , I found v7, but as it's not published to npm, so a little trouble to use, may offical can publish alpha or beta version for have a try.

[ricky11]

what is the problem you have with v6? for me the only problem is that it is 400kb module, but i dont see any other problem with it. (also has some very old dependency which is major security risk)

[fyeeme]

@ricky11 The size is too biiiiiiiiiiiiiiig!, and for security reason, my project set private read,and all the client have to use ali-oss, the size is a big problem!

[Nathanstefanqian]

hello @ricky11 What is the final solution to this problem for your project? We are wondering if it is necessary to integrate the ali-oss to the backend to decrease the unnecessary size loaded in the frontend