Open SgtPooki opened 2 years ago
@lidel Can we chat about what this story looks like by tying ourselves specifically to Kubo? e.g. Pulling out ipfs-http-client entirely from webui, and replacing with https://github.com/ipfs/js-kubo-rpc-client.
on the latest main:
> cat npm-install.log | sort | uniq | grep 'npm WARN deprecated' | wc -l
52
> npm i &> npm-install.log
> cat npm-install.log | perl -pe 's/npm WARN deprecated //g' | perl -pe 's/(^[^:]+)@[^:]+/$1/g' | sort | uniq | perl -ne 'print if /ipfs|cid|multi|ipld|libp2p/'
cids: This module has been superseded by the multiformats module
interface-ipld-format: This module has been superseded by the multiformats module
ipfs-block-service: This module has been merged into ipfs
ipld-dag-cbor: This module has been superseded by @ipld/dag-cbor and multiformats
ipld-dag-pb: This module has been superseded by @ipld/dag-pb and multiformats
ipld-ethereum: This module is no longer maintained
ipld-git: This module is no longer maintained
ipld-raw: This module has been superseded by the multiformats module
ipld: Please use the multiformats module instead
multibase: This module has been superseded by the multiformats module
multicodec: This module has been superseded by the multiformats module
multihashing-async: This module has been superseded by the multiformats module
All of these packages listed need to be removed/updated prior to us being able to safely&sanely keep up with new kubo feature development.
cat npm-install.log | perl -pe 's/npm WARN deprecated //g' | perl -pe 's/(^[^:]+)@[^:]+/$1/g' | sort | uniq | perl -ne 'print if /ipfs|cid|multi|ipld|libp2p/' | awk -F: '{ print $1 }' | xargs -tn1 npm explain &> npm-explain.log
Of those 52 deprecated packages, 12 are core packages. Of those 12 core packages, 7 require replacing fully with the multiformats package. Of those 12 core packages, 1 was merged into ipfs. Of those 12 core packages, 2 are no longer maintained Of those 12 core packages, 2 require replacing with a mixture of @ipld/pkg + multiformats.
This issue is intended to track & discuss any and all issues related to old dependencies:
Issues tracking dependency work
Core dependency updates needed (priority)
Other work
Nice to have but not required
Items blocked by outdated deps in one way or another
Issues blocking dependency updates
Investigating dependencies
npm outdated --all > npm-outdated.raw.log
gives us this: npm-outdated.raw.logThen we want to remove duplicates, because npm outdated doesn't do that for us for some reason (
echo "$(head -n 1 npm-outdated.raw.log && tail -n +2 npm-outdated.raw.log | sort | uniq -d)" > npm-outdated.uniq.log
): npm-outdated.uniq.log cat npm-outdated.raw.log | awk '{print $6}' | sort | uniq -c | sort > most-impactful-dependencies.logTo see which dependencies are mentioned the most in the depended by column, we can run
cat npm-outdated.uniq.log | awk '{print $6}' | sort | uniq -c | sort > most-impactful-dependencies.log
to get: most-impactful-dependencies.logand then to get the top 10 most impactful dependency updates,
tail -n 10 most-impactful-dependencies.log
:So which of those versions do we 'want'?
And why are they there?
tail -n 10 most-impactful-dependencies.log | awk '{print $2}' | xargs -n1 -I% sh -c 'npm explain %' > explain.txt
: explain.txtThat's super hard to understand, so let's aggregate again...
cat explain.txt | grep 'from the root project' | awk '{$1=$1};1' | sort | uniq -c | sort
:Breakdown of the above:
find the most-mentioned module from step5 that we depend on
So what does this mean?
Using react-scripts as an example: there are 754 listings of react-scripts being the ROOT CAUSE.
react-scripts
is the package we depend on, that is listed in the npm-explain output, when trying to determine why out-of-date modules are listed in our dependency graph.Why did you do all this?
I attempted to upgrade some (see https://github.com/ipfs/ipfs-webui/compare/main...SgtPooki:ipfs-webui:fix/node-14-windows) to resolve the build errors showing at https://github.com/SgtPooki/ipfs-webui/actions/runs/2605014389, (see #1961) and was consistently blocked by npm because of semver conflicts of wanted packages. In order to move forward.. since there is no npm-dependency-graph-resolver upgrade tool, I figured I would need all of this data.