Stop adding npm dependencies (thoughtlessly) !

majo44 — Thu, 07 Nov 2019 12:43:52 +0000

Have you ever checked what happens when you run npm install xyz --save ? Or looked at the real weight of used packages? Or maybe examined the dependencies of your dependencies?

Let's assume that we have a few packages which deliver the same or similar value. There are many factors which we can consider when we have to make a choice
between them. Personally, for long time I used some kind of popularity contest, what my team is using, downloads count on npmjs.com, stars on Github...
I also used different factors like the quality of documentation, the state of the project, is it still maintained or not, etc., ect. But I've never thought about the weight of the dependencies.

If you look at this answer on stackoverflow.com or this one on quora.com or check how the npms.io is measure the quality of the package, you can notice that weight is not mentioned there.

You probably saw that image:

Source: devrant.com/rants/760537...

But you probably did not saw that one:

Storybook galaxy

No, this is not Andromeda Galaxy. This is a dependencies galaxy of Storybook. Storybook depends on more than 700 packages, which are connected by almost 1300 connections, and based on more than 10 different licenses. It is "just" 117 MB of code, but the amount of packages scares me. What's more, there are addons for the Storybook. In order to use it with React (@storybook/react) you have to install at least 1450 packages!

Recently, I have been looking for a simple cli tool for deleting files by the glob pattern. There a few options, so I compared the weight of the first few:

name	dependencies tree nodes	size	npms.io score
rimraf	12	170 kB	82
trash-cli	179	2.3 MB	71
del-cli	94	2.1 MB	72

Hello, I just want to delete some files, I do not need the Spaceball One, for this task.

Spaceball One transformed into Mega Maid, in the mission "Vacu-Suck"

I know there are tools that try to solve the problem like yarn, but it would be better to do not create that problem at all. Let's consider that we have to pay for the time and disk space for every environment where our package is used, CI, my next desk colleague, a developer from another place in the world. Do not use the Spaceball One if you do not need it, do not create the Spaceball One if it is not your goal. Remember, every time you add a dependency, anyone who uses your code adds it as well.

There are some useful tools which we can use to evaluate weight of packages. For some time I have been using:

npm.anvaka.com - Visualization of npm dependencies
NPMGraph - Visualize NPM Module Dependencies
bundlephobia - Cost of adding a npm package to your bundle
npms.io - A better and open source search for node packages

Do you know any other tools? Do you have any advice on how to prevent the project from becoming a GIANT?

P.S. I know that rimraf, trash-cli and del-cli are "different" :)

DEV Community: ArdentCode

Stop adding npm dependencies (thoughtlessly) !