Excessive number of dependencies

[cztomsik]

Question I'm bit puzzled by the number of dependencies, here's what I got after npm i -D @swc/core

+ @swc/core@1.1.23
added 155 packages from 147 contributors and audited 240 packages in 1383.681s
found 0 vulnerabilities

  rollup-swc-test$ ls node_modules/
@swc                command-line-usage      iconv-lite          onetime             sshpk
@types              commander           inflight            optimist            string-width
acorn               concat-map          inherits            os-tmpdir           string_decoder
ajv             console-control-strings     iniparser           path-is-absolute        strip-ansi
ansi-escape-sequences       core-util-is            inquirer            performance-now         supports-color
ansi-escapes            dashdash            is-fullwidth-code-point     process-nextick-args        table-layout
ansi-regex          deep-extend         is-promise          psl             test-value
ansi-styles         delayed-stream          is-typedarray           punycode            through
aproba              delegates           isarray             qs              tmp
are-we-there-yet        ecc-jsbn            isstream            quickly-copy-file       toml
array-back          escape-string-regexp        jsbn                readable-stream         tough-cookie
asn1                extend              json-schema         reduce-flatten          true-case-path
assert-plus         external-editor         json-schema-traverse        request             ts-typed-json
asynckit            extsprintf          json-stringify-safe     restore-cursor          tunnel-agent
aws-sign2           fast-deep-equal         jsprim              rimraf              tweetnacl
aws4                fast-json-stable-stringify  lodash              rollup              typical
balanced-match          figures             lodash.padend           rollup-plugin-swc       uglify-js
bcrypt-pbkdf            find-replace            mime-db             rsvp                uri-js
brace-expansion         forever-agent           mime-types          run-async           util-deprecate
builtins            form-data           mimic-fn            rx-lite             uuid
caseless            fs.realpath         minimatch           rx-lite-aggregates      validate-npm-package-license
chalk               gauge               minimist            safe-buffer         validate-npm-package-name
chardet             getpass             mkdirp              safer-buffer            verror
cli-cursor          git-config          mute-stream         semver              wide-align
cli-width           glob                neo-async           set-blocking            wordwrap
code-point-at           handlebars          neon-cli            signal-exit         wordwrapjs
color-convert           har-schema          npmlog              source-map          wrappy
color-name          har-validator           number-is-nan           spdx-correct
combined-stream         has-flag            oauth-sign          spdx-exceptions
command-line-args       has-unicode         object-assign           spdx-expression-parse
command-line-commands       http-signature          once                spdx-license-ids

Lot of them go from neon, so maybe the right project would be neon but still, why do I need 155 extra packages just to use native addon?

BTW: Maybe I could help, I have my own js <-> rust project and I was using neon originally too but I don't know details of this project, my case might be different.

[kdy1]

I'll fix it soon (today)

[kdy1]

I moved neon-cli to dev dependencies

[cztomsik]

Thanks @kdy1, it's much better now but there's still a lot of extra baggage:

rollup-swc-test@1.0.0 /Users/cztomsik/Desktop/rollup-swc-test
├─┬ @swc/core@1.1.24
│ ├─┬ mkdirp@0.5.1
│ │ └── minimist@0.0.8
│ ├─┬ npmlog@4.1.2
│ │ ├─┬ are-we-there-yet@1.1.5
│ │ │ ├── delegates@1.0.0
│ │ │ └─┬ readable-stream@2.3.7
│ │ │   ├── core-util-is@1.0.2
│ │ │   ├── inherits@2.0.4 deduped
│ │ │   ├── isarray@1.0.0
│ │ │   ├── process-nextick-args@2.0.1
│ │ │   ├── safe-buffer@5.1.2 deduped
│ │ │   ├─┬ string_decoder@1.1.1
│ │ │   │ └── safe-buffer@5.1.2 deduped
│ │ │   └── util-deprecate@1.0.2
│ │ ├── console-control-strings@1.1.0
│ │ ├─┬ gauge@2.7.4
│ │ │ ├── aproba@1.2.0
│ │ │ ├── console-control-strings@1.1.0 deduped
│ │ │ ├── has-unicode@2.0.1
│ │ │ ├── object-assign@4.1.1
│ │ │ ├── signal-exit@3.0.2
│ │ │ ├─┬ string-width@1.0.2
│ │ │ │ ├── code-point-at@1.1.0
│ │ │ │ ├─┬ is-fullwidth-code-point@1.0.0
│ │ │ │ │ └── number-is-nan@1.0.1
│ │ │ │ └── strip-ansi@3.0.1 deduped
│ │ │ ├─┬ strip-ansi@3.0.1
│ │ │ │ └── ansi-regex@2.1.1
│ │ │ └─┬ wide-align@1.1.3
│ │ │   └── string-width@1.0.2 deduped
│ │ └── set-blocking@2.0.0
│ ├─┬ request@2.88.2
│ │ ├── aws-sign2@0.7.0
│ │ ├── aws4@1.9.1
│ │ ├── caseless@0.12.0
│ │ ├─┬ combined-stream@1.0.8
│ │ │ └── delayed-stream@1.0.0
│ │ ├── extend@3.0.2
│ │ ├── forever-agent@0.6.1
│ │ ├─┬ form-data@2.3.3
│ │ │ ├── asynckit@0.4.0
│ │ │ ├── combined-stream@1.0.8 deduped
│ │ │ └── mime-types@2.1.26 deduped
│ │ ├─┬ har-validator@5.1.3
│ │ │ ├─┬ ajv@6.11.0
│ │ │ │ ├── fast-deep-equal@3.1.1
│ │ │ │ ├── fast-json-stable-stringify@2.1.0
│ │ │ │ ├── json-schema-traverse@0.4.1
│ │ │ │ └─┬ uri-js@4.2.2
│ │ │ │   └── punycode@2.1.1 deduped
│ │ │ └── har-schema@2.0.0
│ │ ├─┬ http-signature@1.2.0
│ │ │ ├── assert-plus@1.0.0
│ │ │ ├─┬ jsprim@1.4.1
│ │ │ │ ├── assert-plus@1.0.0 deduped
│ │ │ │ ├── extsprintf@1.3.0
│ │ │ │ ├── json-schema@0.2.3
│ │ │ │ └─┬ verror@1.10.0
│ │ │ │   ├── assert-plus@1.0.0 deduped
│ │ │ │   ├── core-util-is@1.0.2 deduped
│ │ │ │   └── extsprintf@1.3.0 deduped
│ │ │ └─┬ sshpk@1.16.1
│ │ │   ├─┬ asn1@0.2.4
│ │ │   │ └── safer-buffer@2.1.2 deduped
│ │ │   ├── assert-plus@1.0.0 deduped
│ │ │   ├─┬ bcrypt-pbkdf@1.0.2
│ │ │   │ └── tweetnacl@0.14.5 deduped
│ │ │   ├─┬ dashdash@1.14.1
│ │ │   │ └── assert-plus@1.0.0 deduped
│ │ │   ├─┬ ecc-jsbn@0.1.2
│ │ │   │ ├── jsbn@0.1.1 deduped
│ │ │   │ └── safer-buffer@2.1.2 deduped
│ │ │   ├─┬ getpass@0.1.7
│ │ │   │ └── assert-plus@1.0.0 deduped
│ │ │   ├── jsbn@0.1.1
│ │ │   ├── safer-buffer@2.1.2
│ │ │   └── tweetnacl@0.14.5
│ │ ├── is-typedarray@1.0.0
│ │ ├── isstream@0.1.2
│ │ ├── json-stringify-safe@5.0.1
│ │ ├─┬ mime-types@2.1.26
│ │ │ └── mime-db@1.43.0
│ │ ├── oauth-sign@0.9.0
│ │ ├── performance-now@2.1.0
│ │ ├── qs@6.5.2
│ │ ├── safe-buffer@5.1.2
│ │ ├─┬ tough-cookie@2.5.0
│ │ │ ├── psl@1.7.0
│ │ │ └── punycode@2.1.1
│ │ ├─┬ tunnel-agent@0.6.0
│ │ │ └── safe-buffer@5.1.2 deduped
│ │ └── uuid@3.4.0
│ └─┬ true-case-path@1.0.3
│   └─┬ glob@7.1.6
│     ├── fs.realpath@1.0.0
│     ├─┬ inflight@1.0.6
│     │ ├── once@1.4.0 deduped
│     │ └── wrappy@1.0.2
│     ├── inherits@2.0.4
│     ├─┬ minimatch@3.0.4
│     │ └─┬ brace-expansion@1.1.11
│     │   ├── balanced-match@1.0.0
│     │   └── concat-map@0.0.1
│     ├─┬ once@1.4.0
│     │ └── wrappy@1.0.2 deduped
│     └── path-is-absolute@1.0.1
├─┬ rollup@1.31.0
│ ├── @types/estree@0.0.42
│ ├── @types/node@13.7.1
│ └── acorn@7.1.0
└── rollup-plugin-swc@0.1.3

Some of them go from npmlog which seems to be used just for some progress bar (and I don't know I personally don't need that) and some of them go from request which could be replaced with axios (supports both redirects and streams and has no deps)

I know it's not a big deal but these deps accumulate and then suddenly we're at point where create-react-app needs 1k deps.

[kdy1]

I didn't know that axios does not have any dependency. I'll switch to it.

[cztomsik]

just checked it, axios is zero-dependency for browser but it has 3 deps for node

test-axios@1.0.0 /Users/cztomsik/Desktop/playground/test-axios
└─┬ axios@0.19.2
  └─┬ follow-redirects@1.5.10
    └─┬ debug@3.1.0
      └── ms@2.0.0

there's also node-fetch which is truly zero-dep (I've checked it now), it has streams also (https://github.com/node-fetch/node-fetch#streams) & follows redirects too

I'm not sure what you exactly need but I think node-fetch might be enough

[swc-bot]

This closed issue has been automatically locked because it had no new activity for a month. If you are running into a similar issue, please create a new issue with the steps to reproduce. Thank you.