chore: remove 20 unused dependencies#663
Merged
Merged
Conversation
Drop 20 direct dependencies in package.json with zero imports anywhere in source. Verified via scripted sweep across all *.ts/tsx/js/mjs/cjs files plus manual confirmation that none are peer deps, build-time codegen, or implicit-via-config (MDX, Apollo Server endpoint, etc.). Removed by group: GraphQL Tools — only @graphql-tools/wrap is actually imported (in apollo/createSchema.ts): - @graphql-tools/delegate, @graphql-tools/links, @graphql-tools/schema, @graphql-tools/stitch, graphql-tools (umbrella) MDX — no .mdx files in repo, no MDX wiring in next.config.js: - @mdx-js/loader, @mdx-js/react, @next/mdx Apollo Server stack — no GraphQL endpoint code references them; AS3 is EOL: - apollo-server-micro, apollo-link, apollo-link-http, micro-cors UI/utility leftovers from earlier refactors: - @reach/dialog, @wagmi/core (transitive via wagmi), gsap, lightweight-charts, match-sorter, parse-domain, react-confetti, react-number-format Lockfile shrinks by 2,203 lines, reducing supply-chain attack surface and CVE alert noise. Closes #662 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
There was a problem hiding this comment.
Pull request overview
Removes a set of direct package.json dependencies that are no longer referenced by the Explorer application, and updates pnpm-lock.yaml accordingly to reduce install surface area and lockfile size.
Changes:
- Dropped 20 unused direct dependencies from
package.json(GraphQL Tools extras, MDX stack, Apollo Server stack, and various UI/util packages). - Regenerated
pnpm-lock.yamlto reflect the removed direct dependencies and prune now-unneeded transitive packages.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| package.json | Removes 20 direct dependencies that have no usage in repo source/config. |
| pnpm-lock.yaml | Updates lockfile to drop the removed dependencies and their prunable transitive subtrees. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Drop 20 direct dependencies in
package.jsonwith zero imports anywhere in source. Follow-up to #661 (initial four orphans). Together that brings the cleanup to 24 of 104 dependencies (~23%).Verified via a scripted sweep across every
*.ts/tsx/js/mjs/cjsfile plus manual checks for side-effect imports, dynamicrequires, and string references in build configs (next.config, codegen, jest, lighthouserc, eslint).What's removed and why
GraphQL Tools cleanup — only
@graphql-tools/wrapis imported (apollo/createSchema.ts); the schema-stitching helpers below were used when the gateway merged multiple sources and aren't needed for the current single-subgraph wrap.@graphql-tools/delegate,@graphql-tools/links,@graphql-tools/schema,@graphql-tools/stitchgraphql-tools(legacy umbrella, distinct from the granular@graphql-tools/*packages)MDX stack — no
.mdxfiles, no MDX wiring innext.config.js.@mdx-js/loader,@mdx-js/react,@next/mdxApollo Server stack — no GraphQL endpoint code references these. Apollo Server v3 reached EOL in October 2023.
apollo-server-micro,apollo-link,apollo-link-http,micro-corsUI / utility leftovers
@reach/dialog— no imports (earlier assumption that this needed migration was wrong)@wagmi/core— pulled in transitively viawagmi, redundant as a direct depgsap,lightweight-charts,match-sorter,parse-domain,react-confetti,react-number-formatWhy
Trims dead weight from the lockfile (-2,203 lines) and reduces Dependabot noise by removing alerts attributable to packages no source code references.
What's intentionally not removed
dotenv— used bypnpm codegenvia the-r dotenv/configflag.@emotion/styled— peer dependency of@mui/materialv7.@stitches/react— declared transitively by@livepeer/design-system; safe to drop but worth verifying separately. Tracked as follow-up.Outdated-but-still-used libraries (
@reach/tabs,react-hook-formv3,react-ga,ethereumjs-util,apollo-fetch,react-tablev7,ethersv5, etc.) are tracked as separate migration work.Closes #662
Test plan
pnpm typecheck,pnpm lint,pnpm format:checkpass locally/orchestrators,/leaderboard,/treasury,/accounts/<address>/orchestrating, the Connect Wallet modal, and the three/migrate/*pages