chore(deps): remove unmaintained broken-link-checker dev dependency#221
Merged
Conversation
broken-link-checker@^0.7.8 is unmaintained (last released ~2017) and pulls in a large legacy transitive tree (deprecated nopter, urlobj, urlcache, uuid@2 using Math.random, an old chalk/ansi stack), which is a needless security and maintenance liability that drives Dependabot churn. It was only exposed through the `npm run linkcheck` script and was never used in CI. Local link checking is still possible via the better-maintained tools documented in the docs repository (Antora xref-validator, htmltest, filiph/linkcheck). - drop the broken-link-checker devDependency - drop the now-unused linkcheck npm script - update agent/CLAUDE docs that referenced it to point at the documented tools - regenerate package-lock.json (drops ~19 transitive packages) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Signed-off-by: Thomas Müller <1005065+DeepDiver1975@users.noreply.github.com>
DeepDiver1975
commented
Jun 23, 2026
DeepDiver1975
left a comment
DeepDiver1975
left a comment
Member
Author
There was a problem hiding this comment.
🤖 Automated review by Claude Code review agent.
LGTM — clean removal of the unmaintained broken-link-checker dev dependency.
Verified:
package.json:broken-link-checkerdevDep and thelinkcheckscript both removed.package-lock.json: thebroken-link-checkernode and transitive deps pruned. The diff also shows Git conflict markers (<<<<<<< / ======= / >>>>>>>from an earlier "remove dead Elasticsearch" change) being removed — those markers exist only in the base branch; the PR-head lockfile is conflict-marker-free and valid JSON, so this PR also tidies up that pre-existing breakage. Nice.- No dangling references — grepped
package.json, lockfile, docs, and.github/workflows/ci.ymlforlinkcheck/broken-link-checker/blc: none remain. - CI:
Build documentationandlintboth green (confirms the resulting lockfile installs cleanly). - No CHANGELOG in this repo (n/a).
No blocking issues.
kw-tmueller
approved these changes
Jun 23, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Removes the unmaintained
broken-link-checkerdev dependency and thenpm run linkcheckscript.Why
broken-link-checker@^0.7.8was last released around 2017 and is effectively unmaintained. It pulls in a large legacy transitive tree (deprecatednopter,urlobj,urlcache,uuid@2which relies onMath.random, an old chalk/ansi stack) — a needless security and maintenance liability that keeps generating Dependabot noise.It was only ever invoked through the
linkchecknpm script and is not used in CI. Local link checking remains fully possible via the better-maintained tools already documented in thedocsrepository (Antoraxref-validator,htmltest, filiph'slinkcheck).Changes
broken-link-checkerdevDependencylinkchecknpm scriptpackage-lock.json(removes ~19 transitive packages)No replacement dependency is added (per the repo policy of not introducing new dependencies without discussion).
Verification
npm installsucceeds; the lockfile no longer contains anybroken-link-checkerfamily packagesnpm run antorastill builds the docs (a devDependency removal does not affect the build; verified end-to-end)linkcheck)🤖 Generated with Claude Code