search

oculus42 / short-uuid

Translate standard UUIDs into shorter formats and back.
MIT License
450 stars 13 forks source link

Snyk should not be in dependencies #4

Closed renchap closed 7 years ago

renchap commented 7 years ago

The snyk dependency adds ~90 deps when installing short-uuid:

$ yarn add short-uuid
yarn add v0.24.4
[1/4] 🔍  Resolving packages...
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
[4/4] 📃  Building fresh packages...
success Saved lockfile.
success Saved 93 new dependencies.
├─ abbrev@1.1.0
├─ ansi-escapes@1.4.0
├─ ansicolors@0.3.2
├─ any-base@1.0.1
├─ archy@1.0.0
├─ boxen@0.3.1
├─ brace-expansion@1.1.7
├─ capture-stack-trace@1.0.0
├─ chalk@1.1.3
├─ cli-cursor@1.0.2
├─ cli-width@2.1.0
├─ clite@0.3.0
├─ configstore@1.4.0
├─ create-error-class@3.0.2
├─ dot-prop@3.0.0
├─ duplexer2@0.1.4
├─ duplexify@3.5.0
├─ end-of-stream@1.0.0
├─ exit-hook@1.1.1
├─ figures@1.7.0
├─ filled-array@1.1.0
├─ got@3.3.1
├─ hasbin@1.2.3
├─ imurmurhash@0.1.4
├─ infinity-agent@2.0.3
├─ ini@1.3.4
├─ inquirer@1.0.3
├─ is-npm@1.0.0
├─ is-obj@1.0.1
├─ is-promise@2.1.0
├─ is-redirect@1.0.0
├─ is-retry-allowed@1.1.0
├─ is-stream@1.1.0
├─ js-yaml@3.8.4
├─ latest-version@1.0.1
├─ lodash.assign@4.2.0
├─ lodash.clonedeep@4.5.0
├─ lodash.defaults@4.2.0
├─ lodash.defaultsdeep@4.6.0
├─ lodash.mergewith@4.6.0
├─ lodash@4.17.4
├─ lowercase-keys@1.0.0
├─ lru-cache@4.0.2
├─ minimist@1.2.0
├─ mute-stream@0.0.6
├─ nconf@0.7.2
├─ nested-error-stacks@1.0.2
├─ node-status-codes@1.0.0
├─ onetime@1.1.0
├─ open@0.0.5
├─ os-name@1.0.3
├─ osenv@0.1.4
├─ osx-release@1.1.0
├─ package-json@1.2.0
├─ parse-json@2.2.0
├─ prepend-http@1.0.4
├─ promise@7.1.1
├─ rc@1.2.1
├─ read-all-stream@3.1.0
├─ readable-stream@2.2.9
├─ registry-auth-token@3.3.1
├─ registry-url@3.1.0
├─ request@2.81.0
├─ restore-cursor@1.0.1
├─ run-async@2.3.0
├─ rx@4.1.0
├─ semver-diff@2.1.0
├─ semver@5.3.0
├─ short-uuid@2.2.0
├─ slide@1.1.6
├─ snyk-config@1.0.1
├─ snyk-module@1.8.1
├─ snyk-policy@1.7.1
├─ snyk-recursive-readdir@2.0.0
├─ snyk-resolve-deps@1.7.0
├─ snyk-resolve@1.0.0
├─ snyk-tree@1.0.0
├─ snyk-try-require@1.2.0
├─ snyk@1.30.0
├─ stream-shift@1.0.0
├─ string-length@1.0.1
├─ tempfile@1.1.1
├─ then-fs@2.0.0
├─ through@2.3.8
├─ timed-out@2.0.0
├─ undefsafe@0.0.3
├─ unzip-response@1.0.2
├─ update-notifier@0.5.0
├─ url-parse-lax@1.0.0
├─ widest-line@1.0.0
├─ win-release@1.1.1
├─ write-file-atomic@1.3.4
└─ xdg-basedir@2.0.0

Version 2.1.2 on NPM also lists Snyk as a dep, but this is not consistent with the repository. Version 2.1.1 correctly only installs 3 packages.

oculus42 commented 7 years ago

Thanks for pointing it out. I will be putting out 2.3 ASAP with Snyk as a dev dependency, and then will see about the 2.1.2 misalignment in NPM.

oculus42 commented 7 years ago

2.3.0 is released and published without Snyk in dependencies. I plan to publish 2.1.3 and unpublish 2.1.2 to support anyone who might be using ~2.1.

oculus42 commented 7 years ago

Bah, have to deprecate, not unpublish. 2.1.3 is published with the incorrect terminology.
2.1.4 will correct the terminology for 2.1.x.
2.3.1 will merge the revision history of 2.1.x updates.

oculus42 commented 7 years ago

2.1.4 and 2.3.1 are updated with the fix and corrected documentation. 2.1.2 and 2.2.0 are deprecated on npm. I considered releasing 2.2.1 rather than 2.3.0, but it is a change in the production dependencies, so I went with a minor release.

If you have additional concerns, please let me know.

Thanks.

renchap commented 7 years ago

Works fine, thanks a lot! 👍