search

andrewbranch / gatsby-remark-vscode

Gatsby plugin to provide VS Code’s syntax highlighting to Markdown code fences
MIT License
296 stars 27 forks source link

Remove Gatsby peer dependencies #181

Closed Rodrigo54 closed 2 years ago

Rodrigo54 commented 2 years ago

I am using this package in my blog made with nextjs framework I followed the example in readme.md and also did an additional configuration in my next.config.mjs file

import remarkVscode from 'gatsby-remark-vscode';
import nextConfigMDX from '@next/mdx';

const withMDX = nextConfigMDX({
  extension: /\.mdx?$/,
  options: {
    remarkPlugins: [
      [
        remarkVscode.remarkPlugin,
        {
          injectStyles: false,
          theme: {
            default: 'Dark+ (default dark)',
            parentSelector: {
              'body.dark': 'Dark+ (default dark)',
              'body.light': 'Light+ (default light)',
            },
          },
        },
      ],
    ],
  },
});

/** @type {import('next').NextConfig} */
const nextConfig = {
  pageExtensions: ['js', 'jsx', 'tsx', 'md', 'mdx'],
};

export default withMDX(nextConfig);

this has worked perfectly for me ❤️ ! the problem is that this package installs the gatsby package unnecessarily and with the gatsby package comes several other unnecessary packages causing my npm audit to fire with several vulnerabilities problems

image

a simple solution would be to remove peerDependencies field in package.json

"dependencies": {
    "decompress": "^4.2.0",
    "json5": "^2.1.1",
    "loglevel": "^1.6.4",
    "plist": "^3.0.1",
    "unist-util-visit": "^1.4.1",
    "vscode-oniguruma": "^1.4.0",
    "vscode-textmate": "^5.2.0"
},
- "peerDependencies": {
-   "gatsby": "^2.12.1 || ^3.1.1"
- },

I'm available to make a pull request if that makes sense to any of you.

andrewbranch commented 2 years ago

Yeah, that probably should have happened as soon as we added the ability to use the remark plugin by itself. I’d accept a PR for that!

dimitrisnl commented 2 years ago

I'm unsure about this tbh, as Gatsby needs the peer dependency to understand which version is supported.

andrewbranch commented 2 years ago

The better long-term solution would be to move the non-gatsby specific components of this package into its own package, and have the gatsby plugin consume it. In that world, the former would make no mention of gatsby and the latter could have the properly versioned peer dependency. For now, we’ll just have to deal with letting the supported gatsby version be represented in documentation.