DEV Community

majo44 for ArdentCode

Posted on

Stop adding npm dependencies (thoughtlessly) !

Have you ever checked what happens when you run npm install xyz --save ? Or looked at the real weight of used packages? Or maybe examined the dependencies of your dependencies?

Let's assume that we have a few packages which deliver the same or similar value. There are many factors which we can consider when we have to make a choice
between them. Personally, for long time I used some kind of popularity contest, what my team is using, downloads count on, stars on Github...
I also used different factors like the quality of documentation, the state of the project, is it still maintained or not, etc., ect. But I've never thought about the weight of the dependencies.

If you look at this answer on or this one on or check how the is measure the quality of the package, you can notice that weight is not mentioned there.

You probably saw that image:
Node modules heaviest objects in the universe

But you probably did not saw that one:
Storybook Galaxy
Storybook galaxy

No, this is not Andromeda Galaxy. This is a dependencies galaxy of Storybook. Storybook depends on more than 700 packages, which are connected by almost 1300 connections, and based on more than 10 different licenses. It is "just" 117 MB of code, but the amount of packages scares me. What's more, there are addons for the Storybook. In order to use it with React (@storybook/react) you have to install at least 1450 packages!

Alt Text

Recently, I have been looking for a simple cli tool for deleting files by the glob pattern. There a few options, so I compared the weight of the first few:

name dependencies tree nodes size score
rimraf 12 170 kB 82
trash-cli 179 2.3 MB 71
del-cli 94 2.1 MB 72

Hello, I just want to delete some files, I do not need the Spaceball One, for this task.

Spaceball One
Spaceball One transformed into Mega Maid, in the mission "Vacu-Suck"

I know there are tools that try to solve the problem like yarn, but it would be better to do not create that problem at all. Let's consider that we have to pay for the time and disk space for every environment where our package is used, CI, my next desk colleague, a developer from another place in the world. Do not use the Spaceball One if you do not need it, do not create the Spaceball One if it is not your goal. Remember, every time you add a dependency, anyone who uses your code adds it as well.

There are some useful tools which we can use to evaluate weight of packages. For some time I have been using:

  • - Visualization of npm dependencies
  • NPMGraph - Visualize NPM Module Dependencies
  • bundlephobia - Cost of adding a npm package to your bundle
  • - A better and open source search for node packages

Do you know any other tools? Do you have any advice on how to prevent the project from becoming a GIANT?

P.S. I know that rimraf, trash-cli and del-cli are "different" :)

Top comments (9)

joekaiser profile image

I always suggest that people run npm dedupe I have found it does a good job at cleaning up the dependency tree

majo44 profile image

Good advice. Thx.

osdevisnot profile image
Abhishek Shende

I'm glad someone else shares similar views with me on this topic. To circumvent some of it for my package building needs, I recently authored klap.

It probably won't score high on the scoring sites you use above considering it's a new effort, but you might find it useful.

richardevcom profile image

I overanalyzed and misunderstood the context of title - misread dependencies as packages 😅 and instatly though "I should not have written this article about ADDING your module as NPM package" (not a shameless plug, honestly).

But yeah.. transitioning to yarn seems like the best solution atm. I'm slowly saying my goodbyes to npm.

mateiadrielrafael profile image
Matei Adriel

I personally use pnpm as my package manager to prevent duplicates!

pazzavlad profile image
Vlad Harbarchuk

Don't see any problem with that. Like come on, space in hard drive is cheap. And it's much more convenient than for example python pip where you mess with global deps.

majo44 profile image

Space is cheep, but this doesn't mean that you should not care about it. And the key point is that the space is not the biggest problem, I did not mentioned this in article, but the amount and quality of your dependencies has also huge impact on software complexity, maintainability, error prone and security, what is not cheep at all.

krzysztofcislo profile image
Krzysztof Cisło

Hard drive is cheap but network bandwidth... not necessarily. The problem is not so critical if you work only on the server side but if you create client bundle which will be sent to the browser then you can easily loose control how many megabytes will be transferred.

johndavidlarsen profile image

trash-cli loads a entire developers code base, everything the dev ever wrote. For some reason.