New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove lodash? #2279
Comments
Sure - happy to inline it if you want. typescript-eslint/packages/typescript-estree/src/convert.ts Lines 1917 to 1919 in 682eb7e
Maybe we don't even need to inline it and can just delete it altogether? Unsure. |
I second that request to remove lodash bloat |
I think 'borderline unmaintained' is very exaggerated. He is just looking for new maintainers to help. |
Perhaps, but seems to me like an intolerable timeline whatever you call it. See also https://github.com/lodash/lodash/issues/4738#issuecomment-629698149 which I tend to agree with. |
@danielnixon still planning on sending a PR for this? I can if not! |
Please go for it @JoshuaKGoldberg |
Fun fact: typescript-eslint actually uses two lodash members:
Consider this to be me "unassigning" myself from this issue, as much as a non-maintainer random contributor can. 😉 |
Your other points are good. 👍 🤔 |
The same applies to native JS and more so because JS is on everything and anything JS while lodash is not. |
In the next release, typescript-estree will no longer have a dependency on lodash, thanks to @armano2. |
There is still memoize in And in the interim one usage has been introduced into
|
Lodash has an open security vuln and shows signs of being borderline unmaintained.
Repro
Expected Result
No security vuln reported
Actual Result
Lodash security vuln reported
Additional Info
It looks like typescript-estree only uses lodash once, for
unescape
.unescape
happens to be tiny and unlikely to evolve over time: https://github.com/lodash/lodash/blob/4.17.11/lodash.js#L15145I'd be happy to raise a PR to inline
unescape
(or maybe replace it with https://www.npmjs.com/package/he or something) and remove the lodash dependency.Versions
Latest
The text was updated successfully, but these errors were encountered: