search

telefonicaid / iotagent-node-lib

Module to enable IoT Agent developers to build custom agents for their devices that can easily connect to NGSI Context Brokers
https://iotagent-node-lib.rtfd.io/
GNU Affero General Public License v3.0
60 stars 85 forks source link

Refactor - remove underscore dependency from codebase #1168

Open mapedraza opened 2 years ago

mapedraza commented 2 years ago

The idea is to reduce the amount of dependencies used in codebase, specially for those which are not essential, in order to reduce possible vulnerabilities like Log4j CVE-2021-44228.

In the particular case of underscore, we have found that it is used only in these cases:

Both cases can be easily covered without using underscore (in the case of plunk, using a map filter, in the case of difference and key amending the logic in charge of that part of the code)

jason-fox commented 2 years ago

@mapedraza if you look at the package-lock.json, you'll notice that the async dependency relies on lodash:

 "async": {
      "version": "2.6.2",
      "resolved": "https://registry.npmjs.org/async/-/async-2.6.2.tgz",
      "integrity": "sha512-H1qVYh1MYhEEFLsP97cVKqCGo7KfCyTt6uEWqsTBr9SO84oK9Uwbyd/yCW+6rKJLHksBNUVWZDAjfS+Ccx0Bbg==",
      "requires": {
        "lodash": "^4.17.11"
      }
    },

lodash is nearly but not quite a one-to-one drop in for underscore - you could just switch the library for using pluck() and map(). This would eliminate underscore entirely since no other dependency is using it. It should improve throughput slightly too since lodash is supposedly more performant.

AlvaroVega commented 1 year ago

undescore is still used by: lib/plugins/bidirectionalData.js:const = require('underscore'); lib/plugins/expressionParser.js:const = require('underscore'); lib/services/ngsi/entities-NGSI-LD.js:const = require('underscore'); lib/services/ngsi/ngsiService.js:const = require('underscore'); lib/services/ngsi/ngsiUtils.js:const = require('underscore'); lib/services/stats/statsRegistry.js:const = require('underscore'); lib/services/northBound/contextServer-NGSI-v2.js:const = require('underscore'); lib/services/northBound/deviceGroupAdministrationServer.js:const = require('underscore'); lib/services/northBound/restUtils.js:const = require('underscore'); lib/services/northBound/contextServer-NGSI-LD.js:const = require('underscore'); lib/services/northBound/deviceProvisioningServer.js:const = require('underscore'); lib/services/devices/devices-NGSI-v2.js:const = require('underscore'); lib/services/devices/registrationUtils.js:const = require('underscore'); lib/services/devices/deviceService.js:const = require('underscore'); lib/services/devices/devices-NGSI-LD.js:const = require('underscore'); lib/services/devices/deviceRegistryMemory.js:const = require('underscore'); lib/services/groups/groupRegistryMemory.js:const = require('underscore'); lib/services/commands/commandRegistryMemory.js:const = require('underscore');