We use the supabase NPM package in a package.json script to update the local TypeScript definition file of our database tables. To ensure every developer uses the same version of the supabase NPM package, we currently have it installed as devDependency in our project.
While this feature of the supabase NPM package is very helpful to us and preferred over manually downloading the types from the Supabase dashboard, it brings in a lot of new dependencies into our project which are hard to justify looking at what little functionality we need from the supabase package.
Looking at supabase's dependency graph, it has the four direct dependencies bin-links, https-proxy-agent, node-fetch and tar, 23 dependencies in total and one of them is deprecated, resulting in the following warning message when installing the supabase package:
npm warn deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
All of these dependencies are only required because of the way this package installs the native Go-based builds for the target platform in postinstall.js.
What about distributing and installing the native builds like the also Go-based esbuild or the Rust-based oxlint does? Their wrapper packages around the native builds have zero dependencies. Or is there something the supabase package needs to do different?
We use the
supabaseNPM package in a package.json script to update the local TypeScript definition file of our database tables. To ensure every developer uses the same version of thesupabaseNPM package, we currently have it installed asdevDependencyin our project.While this feature of the
supabaseNPM package is very helpful to us and preferred over manually downloading the types from the Supabase dashboard, it brings in a lot of new dependencies into our project which are hard to justify looking at what little functionality we need from thesupabasepackage.Looking at
supabase's dependency graph, it has the four direct dependenciesbin-links,https-proxy-agent,node-fetchandtar, 23 dependencies in total and one of them is deprecated, resulting in the following warning message when installing thesupabasepackage:All of these dependencies are only required because of the way this package installs the native Go-based builds for the target platform in postinstall.js.
What about distributing and installing the native builds like the also Go-based esbuild or the Rust-based oxlint does? Their wrapper packages around the native builds have zero dependencies. Or is there something the
supabasepackage needs to do different?