search

openapistack / openapicmd

The CLI for all things OpenAPI and Swagger
https://openapistack.co
MIT License
52 stars 9 forks source link

Huge install size #60

Open GauBen opened 2 weeks ago

GauBen commented 2 weeks ago

Hey folks! I'm very glad that this tool exists, but it took me while to install it and it made me curious to see why.

It turns out this tool has 829 dependencies, totaling 126MB in size.

Many of these dependencies are outdated or unnecessary (e.g. polyfills for dead versions of node).

Installation warnings ``` npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported npm warn deprecated har-validator@5.1.5: this library is no longer supported npm warn deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm warn deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 npm warn deprecated @oclif/screen@1.0.4: Deprecated in favor of @oclif/core npm warn deprecated @oclif/help@1.0.15: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. npm warn deprecated @oclif/parser@3.8.17: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. npm warn deprecated cli-ux@6.0.9: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. npm warn deprecated @oclif/errors@1.3.6: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. npm warn deprecated @oclif/command@1.8.36: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. npm warn deprecated @oclif/config@1.18.17: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. npm warn deprecated @oclif/config@1.18.16: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. npm warn deprecated @oclif/screen@3.0.8: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. ```

Bringing openapicmd and its dependencies to modern standards would help reducing install size, ram consumption and execution time.

I'm not opening this issue to blame anyone or anything, that would not be a meaningful contribution, but to raise the concern about supply chain attacks and technical debt.

Thanks a lot for your time :)

anttiviljami commented 1 week ago

@GauBen Thanks for your notes!

To be honest I'm personally not bothered about the install size or outdated dependencies right now as it doesn't pose a problem in any of my own projects.

Feel free to take the time to optimize though, happy to take PRs!