Discovery: review libraries/dependencies and recommend upgrades

[meganhkelley]

Details

The purpose of this ticket is to investigate what software dependencies should be upgraded in frontend repos.

This should be done in vets-website, content-build, and vets-json-schema if applicable.

To Do:

• [x] Inventory the package.json files in vets-website and content-build
• [x] Document in a spreadsheet what version we are using and what is the latest version
• [x] Verify that the dependency is being used
• [ ] Upgrade one package to the latest version and run the commands associated with that package; document whether the command passes or fails

Next steps (will be separate tickets)

• Based on this info, decide what to upgrade and upgrade

[jhonnyoddball]

Tools to be used:

• npm list --depth=0t
• npm ls --production
• npm ls --development
• npm outdated
• yarn why [dependency]

[jhonnyoddball]

Inventory the package.json files in vets-website and content-build

The audit can be found in this spreadsheet

[jhonnyoddball]

Possible unused dependencies

Generate a report using depcheck

vets-website

Running: depcheck vets-website --ignores='eslint'

Unused dependencies

• blob-polyfill
• dotenv
• leaflet-control-geocoder
• react-dropzone

  Unused devDependencies

• @department-of-veterans-affairs/generator-vets-website
• babel-core
• babel-jest
• babel-plugin-react-transform
• cache-loader
• choma
• concurrently
• css-loader
• cypress-multi-reporters
• cypress-testrail-reporter
• docdash
• enhanced-resolve
• extract-text-webpack-plugin
• file-loader
• json2csv
• mocha-junit-reporter
• mocha-snapshots
• null-loader
• polyfill-function-prototype-bind
• postcss-loader
• quick_check
• react-test-renderer
• recursive-uncache
• sass-lint
• sass-loader
• selenium-server
• start-server-and-test
• style-loader
• stylelint-order
• stylelint-scss
• svg-url-loader
• text-loader
• uglify-js
• url-loader
• webpack-cli
• webpack-dev-server
• yeoman-generator

content-build

Running: depcheck content-build --ignores='eslint'

Unused dependencies

• blob-polyfill
• deep-diff
• dotenv
• jsonschema
• tar-fs

  Unused devDependencies

• ajv
• babel-core
• babel-jest
• babel-loader
• babel-plugin-react-transform
• choma
• cypress-multi-reporters
• eslint-plugin-deprecate
• fuzzy
• inquirer-autocomplete-prompt
• jsonschema
• mocha-junit-reporter
• mocha-snapshots
• nyc
• puppeteer
• sass-lint
• webpack
• webpack-dev-server
• yeoman-generator

[jhonnyoddball]

npm-check can also be used to find unused dependencies as well as its current versions.

[jhonnyoddball]

Recommendations

Now that the audit is complete, we can take in consideration the following actions:

Remove unused dependencies.

The audit contains a column called USED?. the ? represents that the dependency was not found. Those dependencies need to be verified and removed.

Minor upgrades

These upgrades usually don't affect the existing code and should be prioritized over the major upgrades.

Major upgrades

These should be the latest since they are the hardest, specially if jumping several versions up.

[jhonnyoddball]

After auditing our current dependencies, we will be removing the following unused dependencies:

vets-website

• [x] babel-core
• [x] babel-plugin-react-transform
• [x] concurrently
• [x] enhanced-resolve
• [x] extract-text-webpack-plugin
• [ ] history-v4 (unable to be removed)
• [x] json2csv
• [x] leaflet-control-geocoder
• [x] polyfill-function-prototype-bind
• [x] quick_check
• [x] react-dropzone
• [x] react-test-renderer
• [x] recursive-uncache
• [x] style-loader
• [x] text-loader
• [x] uglify-js

content-build

• [x] babel-core
• [x] babel-loader
• [x] babel-plugin-react-transform
• [x] deep-diff
• [x] fuzzy
• [x] inquirer-autocomplete-prompt
• [x] jsonschema
• [x] puppeteer
• [x] yeoman-generator

[jhonnyoddball]

Based on the recommendations above, these are the final decisions:

• Remove unused dependencies All unused dependencies have been removed. Please see above for the work done.

• Minor upgrades A new ticket (28952) was created to keep track of the upgrades

• Major upgrades A new ticket will be create to keep track of the upgrades