Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inflated dependency tree when using ngxtension #304

Open
Kaemmelot opened this issue Mar 18, 2024 · 2 comments
Open

Inflated dependency tree when using ngxtension #304

Kaemmelot opened this issue Mar 18, 2024 · 2 comments
Assignees
@nartc

Comments

@Kaemmelot
Copy link

Kaemmelot commented Mar 18, 2024
edited

Please reduce the required (production) dependencies of ngxtension. (This is somehow related to #156)

Reason:
Currently ngxtension requires nx, @nx/devkit and ts-morph as production dependencies. These packages are enormous and blow up the transitive dependencies in projects using ngxtension. Also, because of this, security scans (like Blackduck) currently see Nx and its dependencies as production code, which causes problems in our use case.
I cannot see a reason why these dependencies cannot be declared as devDependencies instead.

Thanks for this great library!
@nartc
Copy link
Collaborator

nartc commented Mar 28, 2024

Hi Kaemmelot,

The reason why nx, @nx/devkit, and ts-morph is dependencies instead of devDependencies is because of ng add. Now, this assumption was based on my experience with the package managers' behavior from before (they do not install devDependencies by default) but I think they change now. I can take a look.

@Kaemmelot
Copy link
Author

This seems to be a bigger problem than I initially realized. I have been experimenting with this over the last few days and I now assume that there is a structural problem with the package managers or the concept of migrations included within a library in general.

First of all, nx does not seem to be used by the schematics/migrations, neither for Angular CLI nor for Nx. @nx/devkit and ts-morph are in fact required for these schematics/migrations to work.
In NPM it seems to be impossible to provide a package that can be partially used in production and development at the same time. At least when the dependencies differ.

I think there are a few unfavorable ways to handle such cases:

  • Add devopment dependencies to dependencies or peerDependencies and depend on tree shaking to get rid of them in production (as currently done for ngxtension)
  • Provide two separate packages, one for development and one for production (one could argue about separation of concerns here)
  • Bundle required development dependencies with bundleDependencies into the package (destroys all package management benefits)
  • Maybe it would be possible to use peerDependencies with an optional flag in their meta data and tell the library users to install these dependencies later on if needed (does not work with Angular schematics/Nx migrations)

I guess what would be really needed here is either peerDevDependencies or an additional dev flag in peerDependenciesMeta to provide transitive development dependencies.

Not sure what the best course of action would be in this case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nartc nartc

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Kaemmelot @nartc