-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SDK pulls in development level dependencies for production #174
Comments
@Carsten-Leue Thank you for the issue. The SDK squad will look into it. |
Would you have some advice on how to achieve this packaging change in the node core repo? cc: @dpopp07 |
@padamstx @dpopp07 I suggest to use the concept of a "secondary entry" point to expose the test level dependencies. You won't need to change the structure of the project, just adding an extra Yes, this changes the public API of the SDK if you also remove the top level export. One approach would be to deprecate the top level exports (but leave them in) and introduce the secondary entry point in a minor version change. This way clients can move over. Together with the tree shaking PR they would still benefit from reduced dependencies. In such an effort I recommend to revisit if the actual API the SDK exposes is indeed the intended API (I am sorry if this is sounding arrogant, but in node it's probably not evident what's exposed as the API at first glance. If the actual API actually matches the intended API, please ignore the following). The exposed API is this: Note that dependencies of this API are not the same as implementation dependencies. You might want to consider this:
|
|
+1 for this. It's extremely strange for a production library to list unit testing utilities like |
Thanks all for the comments - agreed. We will address this in the very near future. |
🎉 This issue has been resolved in version 4.3.2 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
🎉 This issue has been resolved in version 5.0.0 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
This SDK is used by several other IBM cloud SDKs, in my case the @ibm-cloud/secrets-manager SDK. My application is a consumer of the @ibm-cloud/secrets-manager and I would like to package it (and its dependencies) as part of my app.
I notice that this causes a significant amount dependencies to be pulled in that are not required for production and that should also not appear in the dependencies of a production level application, e.g. the
expect
package. This package is meant to write unit tests and should only be a development level dependency. It alone adds around 200KB to the overall bundle size, because it in turn depends onjest
packages which should not exist in a production environment either (see https://bundlephobia.com/package/expect@27.3.1)The reason for this dependency is the fact that this core SDK exports utility functions for testing purposes as part of its regular index (https://github.com/IBM/node-sdk-core/blob/main/index.ts#L21)
Since this SDK is also only available as a commonjs package, there is also no way to use tree shaking to get rid of these undesirable and unused dependencies.
I suggest to move the test functions to a sub-package with its own
package.json
and its own dependencies. This way consuming SDKs can still make use of the exported test helpers but they would not interfer with the production usage of the package.Besides the undesirable bundle size this also effects legal clearance when we at IBM depend on the SDK, because test level packages typically do not have to be cleared with the same diligence as production level packages. With the current design, we are forced to clear test packages.
The text was updated successfully, but these errors were encountered: