tslib dependency is polluting the global object

[allbto-mck]

After upgrading from 2.11.0 to 2.12.4 my test library (@hapi/lab) is giving me the following error:

The following leaks were detected:__extends, __assign, __rest, __decorate, __param, __metadata, __awaiter, __generator, __exportStar, __createBinding, __values, __read, __spread, __spreadArrays, __spreadArray, __await, __asyncGenerator, __asyncDelegator, __asyncValues, __makeTemplateObject, __importStar, __importDefault, __classPrivateFieldGet, __classPrivateFieldSet

After a bit of investigation it seems that tslib is adding values directly to the window object https://github.com/microsoft/tslib/issues/32 which in turn makes @hapi/lab uneasy.

I looked into the compiled code of graphql-tag and saw that tslib was only used in 1 place (if not counting the tests.ts file)

import { __assign } from "tslib";
...
function processFragments(ast) {
  ...
  return __assign(__assign({}, ast), { definitions: definitions });
}

I wonder if you would consider removing the dependency to tslib (at least until they fix this), as in this case TypeScript would not create duplicate __assign functions throughout the code (which is the main reason to use tslib) as it is only used once.

For now I have to stay on 2.11.0 to avoid this error.

[benjamn]

@allan-barbato Thanks for bringing this to our attention, and sorry for the wait!

While I agree this was a dubious implementation choice for the tslib package, it appears to happen only in the CommonJS implementation (not the the ESM implementation). Do you have the ability to use the ESM version, or does @hapi/lab support only CommonJS modules?

Alternatively, you might be able to use patch-package to patch the tslib/tslib.js module manually. After you record your patches, patch-package which will run after any npm install in your project directory, reapplying the patches, so other people working on the project don't have to think about it (in most cases). See their README.md for more details.