Closed schuetza closed 3 years ago
Hi there, @schuetza! 👋
Could you share more details about how this is impacting load performance through the generated chunks? The @carbon/telemetry
package is not included in any bundled code so it should not be impacting that metric. Specifically, the package itself cannot be brought in through require
or import
because it has no entry point set in package.json
. The intent for the package is to run in CI only but if something is going on with the setup we'd love to dig in further to find out what's going on.
Thanks @joshblack for the quick answer.
re. how this is impacting load performance
The chunk-vendors.js is loaded as part of the app. Therefore, to boot up our app, the browser needs to load 37Mb instead of 16Mb. Additionally, browser needs to handle this large js file.
re. package is not included in any bundled code
Base on my limited understanding an how NPM works, if I look into the package.json of @carbon/telemetry, that is not true:
"dependencies": {
"@babel/parser": "^7.12.5",
"@babel/traverse": "^7.12.5",
"ci-info": "^2.0.0",
"configstore": "^5.0.1",
"fast-glob": "^3.2.4",
"fs-extra": "^9.0.1",
"got": "^11.8.0",
"semver": "^7.3.2",
"winston": "^3.3.3",
"yargs": "^16.1.1"
},
Since all the dependencies are declared as "dependencies" and not as "devDependencies", these must be packaged into production code.
After updating to carbon/vue to 2.37.1 and running npm install to update the package-lock.json, we can observe that many of the development libs are changed to production dependencies, like the following
@@ -8,7 +8,6 @@
"version": "7.12.13",
"resolved": "https://.../@babel/code-frame/-/code-frame-7.12.13.tgz",
"integrity": "sha1-3PyCa+72XnXFDiHTg319lXmN1lg=",
- "dev": true,
"requires": {
"@babel/highlight": "^7.12.13"
}
This is also proven by the npm ls command output I attached above.
Beside that I can only report what I see: 1) package-lock has now many more production dependencies listed. (where the "dev":true property was removed) 2) our distribution package grew a lot 3) the wicked tool reports many new production dependencies 4) npm lists many more production dependencies
@schuetza
The most helpful tool for figuring this out will be the output of something like webpack-bundle-analyzer
or source-map-explorer
. These tools can be used to see what modules are bundled as part of the output of a webpack build (or similar bundlers).
This may give us a hint as to whether @carbon/telemetry
is being included, or if there is something else in play here.
Since all the dependencies are declared as "dependencies" and not as "devDependencies", these must be packaged into production code.
This will depend on how the application is bundled, I think. Items in the dependencies
field aren't necessarily brought into the resulting bundle unless it is included in the entry point provided to the bundler (in the case of tools like webpack) or there is some other configuration at play.
Here's a quick flow using @vue/cli
that brings in @carbon/telemetry
as an example. At the end of the video, you can see that adding in the dependency does not change the resulting bundle.
https://user-images.githubusercontent.com/3901764/122796442-00733b80-d284-11eb-9719-d4af7e929f3b.mov
This doesn't mean that you aren't experiencing this problem, just that it may be dependant on project configuration or setup in order to re-create what you're running into 👍 I think figuring out what's in the bundles will be a great next step to figure out where the size increase comes from in the chunks that you mentioned.
Thanks for the instructions. Re. the size it looks like I blamed the wrong component. The source-map-explorer is showing that 2.38.2 is pulling in a new carbon version, an that pulls icons/vue in, and that makes the size of carbon to grow. So in fact, there are two issues:
Do you want me to split this defect up into two?
For the size issue, I'll provide a Box folder to you so that you can inspect our changes (carbon/vue uplevel from 2.37.0 to 2.38.2) including the resulting package-lock, and the out put from the source-map-explorer. Let me know if you have issues to access that files.
@schuetza sounds good! Thanks for clarifying.
For the telemetry note, unfortunately there is no way for us to list it as a devDependency
and have it run on postinstall
😞 . This is why the package currently lists it as a dependency to make sure it gets included and the postinstall step can run.
For @carbon/icons-vue
, most likely something is going on with tree-shaking that is causing the bundle to de-opt. Could you share more about how you're bringing in the icons?
Re. the carbon/icons-vue:
In our vue.config.js
file, this is pulled in via transpileDependencies
const webpack = require("webpack");
const fs = require("fs");
const CopyWebpackPlugin = require("copy-webpack-plugin");
module.exports = {
transpileDependencies: ["@carbon/vue", "@carbon/icons-vue", "@carbon/icon-helpers"],
configureWebpack: (config) => {
...
Re. telemetry:
I don't understand that and can't accept. We have other dev.dependencies, that run post-install steps, see extract of our pod build below. As you can see in the npm ls
output above, they keep the production dependency tree clean.
23:15:27 > core-js@3.12.1 postinstall /home/bpmbuild/workspace/DBAoC-UI_Personal/bundles/com.ibm.automation.cloud.instance.ui.bpm/node_modules/core-js
23:15:27 > node -e "try{require('./postinstall')}catch(e){}"
23:15:27 > node-sass@5.0.0 install /home/bpmbuild/workspace/DBAoC-UI_Personal/bundles/com.ibm.automation.cloud.instance.ui.bpm/node_modules/node-sass
23:15:27 > node scripts/install.js
Maybe there is a misunderstanding.For us it is OK to have the @carbon/telemetry added, but it should not add it's development dependencies to the tree.
@schuetza the @carbon/telemetry
package is listed as a dependency on packages like carbon-components
, carbon-components-react
, and @carbon/vue
so that the postinstall
step will work as expected for packages using it. If it was listed as a dev dependency then unfortunately it wouldn't be installed when the package itself was installed.
The @carbon/telemetry
package itself will list dependencies that it needs, I don't believe it's specifying a development dependency in its package.json
.
Since we didn't get any solution or acceptance here, and we are not willing to use such a missused package tree (packaging dependencies on a web library), we started to work around this by locally overriding the telemetry package with a dummy package w/o any dependencies. However, we are happy if we can get a clean solution from carbon in the (near) future. So if you like, you can close this issue with 'won't fix' or keep it open if you think this is a valid issue.
Just to reiterate what was shared above, this package is following a typical structure for a CLI package. It does not have a main
, module
, exports
, etc. entrypoint and lists a bin
entrypoint for the CLI. The dependencies listed by the package are necessary for the CLI to function.
None of the code for the CLI, or dependencies for the CLI, should be included in any bundle shipped to a user. If there is evidence of this happening, please provide steps for us to reproduce and we can investigate. It most likely is a specific bundler that is being impacted versus a general problem.
It seems that, in this case, the specific issue is that @carbon/telemetry
is considered a production dependency instead of a development dependency. As a result, when installing production dependencies it will be included in a node_modules
folder if you have carbon-components
, carbon-components-react
, etc listed under dependencies
.
On our end, the only direction we can take is to list out dependencies under devDependencies
and publish the package as a pre-built file that includes the dependencies. We'll definitely investigate this path and see how feasible it is 👍
I'll go ahead and mark this as closed. If folks are running into a bundle size issue that's being delivered to an end-user, please make an issue with steps to reproduce and we will 100% look into it.
What package(s) are you using?
carbon-components
carbon-components-vue
Detailed description
With v10.27.0 @carbon/telemetry was added, and has really bad impact on our product. For our application, we are using @carbon/vue, which picked telemetry with 2.37.1.
After updating to the new version, we found
We already tried to address that, see https://ibm-cloud.slack.com/archives/CAM5P6NR1/p1612864854039900 https://github.com/carbon-design-system/carbon-components-vue/issues/1142
but the only answer was that we can opt out by using CARBON_TELEMETRY_DISABLED. But setting CARBON_TELEMETRY_DISABLED doesn't prevent any of the issues we have:
1) The raised footprint of the generated chunk-vendors.js layer slows down our performance. 2) We must ship components/code we never use, which need to be maintained and monitored for vulnerabilities, security flaws etc. 3) We need to get open-source clearance for all these newly added packages, for components that we don't require at all
Such a utility module must not impact the product's code in such heavy manner.
Expecting
Happend:
1) The raised footprint of the generated chunk-vendors.js layer slows down our performance. 2) We must ship components/code we never use, which need to be maintained and monitored for vulnerabilities, security flaws etc. 3) We need to get open-source clearance for all these newly added packages, for components that we don't require at all
What needs to change:
Telemetry code running only as node installation hook during development phase must not contribute to the app's production package. Therefore redesign telemetry copmonent to be a development package or drop it.
Steps to reproduce the issue
1.Have an app built on carbo/vue 2.37.0
node ls --prod
Additional information
For comparison, here are some examples of our app, before and after moving to version @carbon/vue 2.38.2, and therefore before and after added telemetry. Especially check the changed size of the chunk-vendors layer: 16Mb before, 37Mb afterwards and the quite small dependencies tree before and the very large one aftrwerwards:
Before update:
$ cat package.json { "name": "com.ibm.automation.cloud.instance.ui.dbaoc", "dependencies": { "@carbon/vue": "2.37.0", "core-js": "3.12.1", "lodash": "4.17.21", "vue": "2.6.12", "vue-i18n": "8.24.4", "vue-router": "3.5.1" }, ... }
$ du -h dist 68K dist/img 604K dist/css 25M dist/js 300K dist/vendor/jquery-ui/i18n 300K dist/vendor/jquery-ui 636K dist/vendor 26M dist
$ du -ha dist/js/* 468K dist/js/admin-access-management.ec4b79d1.js 3.3M dist/js/admin-reports.8a3b9a58.js 724K dist/js/admin-system-operations.9059c77c.js 3.9M dist/js/app.283180c5.js 16M dist/js/chunk-vendors.27d0cff5.js
After update (no other changes):
package.json { "name": "com.ibm.automation.cloud.instance.ui.dbaoc" "dependencies": { "@carbon/vue": "2.38.2", "core-js": "3.12.1", "lodash": "4.17.21", "vue": "2.6.12", "vue-i18n": "8.24.4", "vue-router": "3.5.1" }, ... }
$ du -h dist 68K dist/img 604K dist/css 45M dist/js 300K dist/vendor/jquery-ui/i18n 300K dist/vendor/jquery-ui 636K dist/vendor 47M dist
$ du -ha dist/js/* 468K dist/js/admin-access-management.8b5d2bd7.js 3.3M dist/js/admin-reports.874e1cb5.js 724K dist/js/admin-system-operations.b017aac0.js 3.9M dist/js/app.c226d3a2.js 37M dist/js/chunk-vendors.49f119cd.js