search

biancadanforth / tracking-protection-shield-study

A Shield study to determine the optimal messaging, if any, for Tracking Protection in Firefox.
0 stars 3 forks source link

Audit potentially unused dependencies #56

Closed pdehaan closed 6 years ago

pdehaan commented 6 years ago

Some of these results will be a bit bogus (ie: addons-linter may be called from package.json, eslint-{config,plugin}-*, and moustache may be called in non-require() ways):

$ npx depcheck

Unused devDependencies
* addons-linter
* ajv
* clipboardy
* doctoc
* eslint-config-airbnb-base
* eslint-plugin-import
* eslint-plugin-json
* eslint-plugin-mozilla
* eslint-plugin-no-unsanitized
* get-firefox
* jshint
* moustache
* path
* shield-studies-addon-utils

Best guess:

diff --git a/package.json b/package.json
index 764f950..e539a59 100644
--- a/package.json
+++ b/package.json
@@ -22,11 +22,7 @@
   },
   "devDependencies": {
     "addons-linter": "^0.28.2",
-    "ajv": "^5.1.1",
-    "clipboardy": "^1.1.4",
-    "doctoc": "^1.3.0",
-    "eslint": "^4.7.2",
-    "eslint-config-airbnb-base": "^11.2.0",
+    "eslint": "^4.16.0",
     "eslint-plugin-import": "^2.5.0",
     "eslint-plugin-json": "^1.2.0",
     "eslint-plugin-mozilla": "^0.4.4",
@@ -35,14 +31,12 @@
     "fx-runner": "^1.0.6",
     "geckodriver": "^1.7.1",
     "get-firefox": "^2.0.0",
-    "jshint": "^2.9.5",
     "minimist": "^1.2.0",
     "mocha": "^3.4.2",
-    "moustache": "0.0.2",
+    "moustache": "^0.0.2",
     "npm-run-all": "^4.1.1",
     "nsp": "^2.8.1",
     "onchange": "^3.2.1",
-    "path": "^0.12.7",
     "selenium-webdriver": "^3.5.0",
     "shield-studies-addon-utils": "^4.1.0"
   },

Best workaround:

$ npx depcheck --ignores=eslint-plugin-*,addons-linter,get-firefox,moustache,shield-studies-addon-utils
pdehaan commented 6 years ago

Not sure if we want to replace moustache with the upstream mustache.

gregglind commented 6 years ago

Possible source cause: shield-studies-addon-utils is listed as a DevDependency, because @gregglind doesn't really understand node5 package.json semantics. See #78.

pdehaan commented 6 years ago

Yeah, I don't know the answer re: shield-studies-addon-utils. Looks like it's manually cped from node_modules during npm run build, per https://github.com/biancadanforth/tracking-protection-shield-study/blob/6c9cfd8b5a188cc001789448463047dc05cbf832/package.json#L72

But I'm not quite sure how or when or whom is building the XPI.