Reduce dependencies #433
Comments
|
@lukeed do you have any awesome (fast & no deps) lib to replace the huge |
|
Hey, haha, I helped work on |
|
https://github.com/vadimdemedes/ink could be a replacement for vorpal |
|
Ink is good. I forgot to mention before that |
|
Hello, we use Moleculer at my company and vorpal's vulnerabilities are a concern to us and we'd like to get this resolved. What can I do to help with this? I can fork and start a PR to replace vorpal with something else. Thanks. |
|
vorpal is more than the ink. It has a REPL mode with command & argument handling and autocomplete feature. Ink (as soon as I can see) is a react based GUI for console apps. |
|
Yeah I was looking over alternatives and none really seem to do what moleculer uses vorpal for. @icebob do you plan to utilize the fork in moleculer-repl by publishing a package or directly to the github repo in the package.json? I can start working on getting the vulnerabilities patched and submit a PR to the fork. |
|
This is another one more close to the vorpal concept: https://github.com/drew-y/cliffy But I agree:
|
|
@joshmanders good news. It would be good if you could fix it. I plan to publish the fixed vorpal under the org like: @moleculer/vorpal |
|
@tinchoz49 great, yes, cliffy can be an alternative. Btw, I've starred it for a while :P |
Excellent. I have a PR waiting right now, just have noticed some tests are timing out so I'm trying to figure that out. |
|
I heard that bluebird is no longer needed |
|
@icebob Could we add https://github.com/moleculerjs/moleculer/search?q=isObject&unscoped_q=isObject |
|
Latest tree btw |
|
Yes, it would be good to drop lodash lib from the core repo. The most important method is the |
Could just depend on |
|
Hmm, good idea! |
|
By the way, I've just found Only need to change the |
|
_.get used in the cacher implementation is pretty important aslo I believe. It would be great to firstly get an overview of all lodash deps to determine which could easily be switched out with vanilla js and which we need to consider keeping or replace. I’d be happy to contribute on some concrete issues like «replace usage of isObject» etc to we can gradually migrate lodash out.
- David
… 21. mai 2020 kl. 18:32 skrev Josh Manders ***@***.***>:
Yes, it would be good to drop lodash lib from the core repo. The most important method is the _.defaultsDeep. It is used in many places, so it's the most important to find an exact same implementation or copy out from the lodash.
Could just depend on lodash.defaultsDeep which is just the dependencies needed for that function.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
|
|
Ohh, thanks @lukeed, I didn't see it. |
|
It's actually only |
|
@abdavid Here is a list about the used Lodash methods: |
|
Nice! I see a couple of low hanging ones. I think we can break them down pr function.
@icebob should we maybe create an epic and materialize tasks for each function? That way we will have the oppertunity to discuss replacements contextually. Like Josh commented we could just import the complex ones.
- David
… 22. mai 2020 kl. 18:37 skrev Icebob ***@***.***>:
@abdavid Here is a list about the used Lodash methods:
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
@icebob Do we have any docs / guides on performance testing? Would be necessary to have before and after measurements to ensure we keep things speedy |
|
Yes, you can with |
|
@icebob Another option to replace Vorpal: https://github.com/f/omelette Has zero dependencies; |
|
Thanks @Wallacy but I think it's not a replacement of vorpal. It's just a part of it. |
|
One possible replacement for Some features:
and @Yord is currently working on REPL mode and autocompletion |
|
It sounds great. it has no dependency. |
|
Hey all, shargs is meant to replace the command-line parser of another project of mine because it had way too many dependencies (27!). Seems our causes are aligned. The REPL mode is still very fresh, but I am interested in spending more time. |
|
@Yord Do you know vorpal? Are there any other missing parts in shargs? We are using it in our moleculer-repl |
|
@icebob I have never worked with vorpal. The command-line parser parts of shargs are almost at 1.0.0, error message ergonomy is left (and bash autocomplete). As for REPLs, shargs has basic REPL functionality based on the Node REPL and autocomplete for commands. These two parts are not tested, yet. I could imagine shargs REPL misses text colors and formatting (aka tables) unless the action output does that. Is there anything apparent to vorpal users that I miss? Edited to add: Shargs REPL misses pipes and prompts. |
You are right, the coloring and formatting are done directly in action (e.g.,
I think that we don't use either of those features. We only use "a small portion" of vorpal |
|
@icebob I will look at it during weekend. In theory it shouldn't be very complex. I just need to find the equivalent for vorpal's syntax. E.g.: vorpal
.command('foo <requiredArg> [optionalArg]')
.autocomplete({
data() {
return // Return autocomplete array
})
.option('-v, --verbose', 'Print foobar instead.')
.description('Outputs "bar".')
.alias('foosball')
.action(function(args, callback) {
if (args.options.verbose) {
this.log('foobar');
} else {
this.log('bar');
}
callback();
});@Yord do you have any tutorial for newbies? Your docs are very good but I didn't found any introductory tutorial. |
|
@AndreMaz Fortunately I wrote one just yesterday: https://github.com/Yord/shargs-tutorial-git/blob/master/README.md |
|
Sweet 😄 Thanks |
|
@AndreMaz Just wanted to let you know I have incorporated recent updates into shargs-example-repl. To elaborate on this: The API has only slight changes, the updates concern mainly autocomplete internals. |
|
@Yord thanks for the info. Can you add the changelog to your repos? It helps to track the changes |
|
@AndreMaz Yes, I will do that. Sorry for the sloppy work. I usually start a changelog with the first stable version, but here, it definitely makes sense to start right now. Changelogs: |
|
Hello, sorry to barge in but I think that what I raised here might be related to this issue. My main concern is related to the fact that some of us (I have no idea how many) are using the Moleculer broker without the runner. The runner is great but it also comes with its cost in term of dependencies and I guess that part of the dependencies raised in this issue is in fact due to the runner (another batch is certainly due to the REPL). |
|
I plan to split this repo to multiple packages in v1.0 and release them under |
Due to the recent event-stream vulnerability issue, I'm thinking to reduce the used NPM dependencies in the Moleculer core.
Currently it is the current dependency tree (29 modules):
There are 3 libs which have too much dependencies:
It is used in Moleculer Runner to parse arguments
It is used to coloring some log messages
It is used in Moleculer Runner & ServiceBroker to load services from folders.
It's a dev dependency but it is not maintained & contains some vulnerabilities.
Possible alternatives:
Important to keep the current functionality, so the changes don't cause breaking changes!
argschalkglobvorpalThe text was updated successfully, but these errors were encountered: