Remove examples and other unwanted artifacts from installed dependenc…

…ies (#4896) Signed-off-by: Miki <miki@amazon.com>
opensearch-project · Sep 1, 2023 · cf07424 · cf07424
1 parent 1068939
commit cf07424
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,6 +17,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Bump `node-sass` to a version that uses a newer `libsass` ([#4649](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/4649))
 - [CVE-2019-11358] Bump version of tinygradient from 0.4.3 to 1.1.5 ([#4742](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/4742))
 - [CVE-2021-3520] Bump `lmdb` from `2.8.0` to `2.8.5` ([#4804](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/4804))
+- Remove examples and other unwanted artifacts from installed dependencies ([#4896](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/4896))
 
 ### 📈 Features/Enhancements
 

diff --git a/package.json b/package.json
@@ -40,6 +40,7 @@
   "author": "opensearch-project",
   "scripts": {
     "preinstall": "scripts/use_node ./preinstall_check",
+    "postinstall": "scripts/use_node scripts/postinstall",
     "osd": "scripts/use_node scripts/osd",
     "opensearch": "scripts/use_node scripts/opensearch",
     "test": "grunt test",

diff --git a/scripts/postinstall.js b/scripts/postinstall.js
@@ -0,0 +1,41 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/* eslint no-restricted-syntax: 0 */
+
+const fs = require('fs/promises');
+
+/**
+ * Some libraries pack their demos and examples into their release artifacts.
+ * This unwanted content makes our release artifacts larger but more importantly,
+ * some contain in-browser references to outdated and vulnerable versions of
+ * libraries that are not even mentioned in the dependency tree. This is a
+ * problem when vulnerability scanners point them out, and we have no way to fix
+ * them. This function looks for folders that are unwanted and deletes them.
+ */
+const removeUnwantedFolders = async (root, unwantedNames) => {
+  const items = await fs.readdir(root, { withFileTypes: true });
+  const promises = [];
+  for (const item of items) {
+    if (!item.isDirectory()) continue;
+
+    if (unwantedNames.includes(item.name)) {
+      promises.push(fs.rm(`${root}/${item.name}`, { recursive: true, force: true }));
+    } else {
+      promises.push(...(await removeUnwantedFolders(`${root}/${item.name}`, unwantedNames)));
+    }
+  }
+
+  return promises;
+};
+const run = async () => {
+  const promises = await removeUnwantedFolders('node_modules', ['demo', 'example', 'examples']);
+  await Promise.all(promises);
+};
+
+run().catch((err) => {
+  console.error(err);
+  process.exit(1);
+});