Prevent publishing packages with unused dependencies

[jfmengels]

Quick Summary: Some packages are published with unused dependencies.

A dependency can create lock-in of another dependency' version, and therefore unused dependencies can unnecessarily prevent two packages from being used together.

Example:

• Package A requires package C version 1.0.0 <= v < 2.0.0, but doesn't use C
• Package B requires package C version 2.0.0 <= v < 3.0.0

In this situation, package A is actively preventing package B from being added to a project.

I believe it would be beneficial if the compiler prevented the publication of packages with these issues.

SSCCE

Take any existing package and make it depend on a new dependency, then try to publish it.

Additional Details

There's an elm-review rule to detect unused dependencies on a package (and application).

A few months ago, @MartinSStewart created a bot to create pull requests to fix this issue, and summarized his work in this Discourse post

[github-actions[bot]]

Thanks for reporting this! To set expectations:

• Issues are reviewed in batches, so it can take some time to get a response.
• Ask questions in a community forum. You will get an answer quicker that way!
• If you experience something similar, open a new issue. We like duplicates.

Finally, please be patient with the core team. They are trying their best with limited resources.