loading...
ArdentCode

Stop adding npm dependencies (thoughtlessly) !

majo44 profile image majo44 ・3 min read

Have you ever checked what happens when you run npm install xyz --save ? Or looked at the real weight of used packages? Or maybe examined the dependencies of your dependencies?

Let's assume that we have a few packages which deliver the same or similar value. There are many factors which we can consider when we have to make a choice
between them. Personally, for long time I used some kind of popularity contest, what my team is using, downloads count on npmjs.com, stars on Github...
I also used different factors like the quality of documentation, the state of the project, is it still maintained or not, etc., ect. But I've never thought about the weight of the dependencies.

If you look at this answer on stackoverflow.com or this one on quora.com or check how the npms.io is measure the quality of the package, you can notice that weight is not mentioned there.

You probably saw that image:
Node modules heaviest objects in the universe
Source: devrant.com/rants/760537...

But you probably did not saw that one:
Storybook Galaxy
Storybook galaxy

No, this is not Andromeda Galaxy. This is a dependencies galaxy of Storybook. Storybook depends on more than 700 packages, which are connected by almost 1300 connections, and based on more than 10 different licenses. It is "just" 117 MB of code, but the amount of packages scares me. What's more, there are addons for the Storybook. In order to use it with React (@storybook/react) you have to install at least 1450 packages!

Alt Text

Recently, I have been looking for a simple cli tool for deleting files by the glob pattern. There a few options, so I compared the weight of the first few:

name dependencies tree nodes size npms.io score
rimraf 12 170 kB 82
trash-cli 179 2.3 MB 71
del-cli 94 2.1 MB 72

Hello, I just want to delete some files, I do not need the Spaceball One, for this task.

Spaceball One
Spaceball One transformed into Mega Maid, in the mission "Vacu-Suck"

I know there are tools that try to solve the problem like yarn, but it would be better to do not create that problem at all. Let's consider that we have to pay for the time and disk space for every environment where our package is used, CI, my next desk colleague, a developer from another place in the world. Do not use the Spaceball One if you do not need it, do not create the Spaceball One if it is not your goal. Remember, every time you add a dependency, anyone who uses your code adds it as well.

There are some useful tools which we can use to evaluate weight of packages. For some time I have been using:

  • npm.anvaka.com - Visualization of npm dependencies
  • NPMGraph - Visualize NPM Module Dependencies
  • bundlephobia - Cost of adding a npm package to your bundle
  • npms.io - A better and open source search for node packages

Do you know any other tools? Do you have any advice on how to prevent the project from becoming a GIANT?

P.S. I know that rimraf, trash-cli and del-cli are "different" :)

Posted on by:

ArdentCode

ArdentCode is a team of seasoned programmers, analysts, designers and solution architects, who build modern research and workflow solutions, used by tax, legal, health and educational professionals in US and Europe

Discussion

markdown guide
 

I always suggest that people run npm dedupe docs.npmjs.com/cli/dedupe I have found it does a good job at cleaning up the dependency tree

 
 

I personally use pnpm as my package manager to prevent duplicates!

 

I'm glad someone else shares similar views with me on this topic. To circumvent some of it for my package building needs, I recently authored klap. dev.to/osdevisnot/show-dev-introdu...

It probably won't score high on the scoring sites you use above considering it's a new effort, but you might find it useful.

 

Don't see any problem with that. Like come on, space in hard drive is cheap. And it's much more convenient than for example python pip where you mess with global deps.

 

Space is cheep, but this doesn't mean that you should not care about it. And the key point is that the space is not the biggest problem, I did not mentioned this in article, but the amount and quality of your dependencies has also huge impact on software complexity, maintainability, error prone and security, what is not cheep at all.

 

Hard drive is cheap but network bandwidth... not necessarily. The problem is not so critical if you work only on the server side but if you create client bundle which will be sent to the browser then you can easily loose control how many megabytes will be transferred.

 

trash-cli loads a entire developers code base, everything the dev ever wrote. For some reason.