Skip to content

move @graphql-codegen/* to devdeps #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 23, 2024
Merged

move @graphql-codegen/* to devdeps #15

merged 1 commit into from
Sep 23, 2024

Conversation

draaglom
Copy link
Contributor

@draaglom draaglom commented Sep 11, 2024
edited
Loading

@graphql-codegen/cli and friends are super useful as tooling, but they
also depend on the world:

https://npmgraph.js.org/?q=%40shopify%2Fshopify_function

Just @graphql-codegen/cli and its transitive dependencies add 211
maintainers to your supply chain when using @shopify/shopify_function:

https://npmgraph.js.org/?q=%40graphql-codegen%2Fcli

It also creates noise for consuming apps re: CVE spam in a long tail of transitive dependencies.

As far as I can tell, there's no runtime dependency on any of these
packages -- so we can freely move them to dev dependencies.

@draaglom
move @graphql-codegen/cli to dev dependencies
641311f 
@graphql-codegen/cli and friends are super useful as tooling, but they
also depend on the world:

https://npmgraph.js.org/?q=%40shopify%2Fshopify_function

Just @graphql-codegen/cli and its transitive dependencies add 211
maintainers to your supply chain:

https://npmgraph.js.org/?q=%40graphql-codegen%2Fcli

It also creates noise re: CVE spam in a long tail of dependent packages.

As far as I can tell, there's no runtime dependency on any of these
packages -- so we can freely move them to dev dependencies.
@draaglom draaglom force-pushed the draaglom/move-codegen-to-devdeps branch from 954a5e5 to 641311f Compare September 13, 2024 15:59
@draaglom
Copy link
Contributor Author

@saulecabrera sorry for the @ but I guess you're the main maintainer :-)

can you let me know if I've misunderstood something re: a dependency on these packages (e.g. a build step I can't see?) or if this change is otherwise not valuable?

(For clarity, I'm aware that typical users of this package will also depend on @shopify/cli which in turn depends on the @graphql-tools/* ecosystem. By moving this to dev-deps we at least don't need two copies with different versions)!

Thanks!

jacobsteves
jacobsteves approved these changes Sep 23, 2024
View reviewed changes
Copy link
Member

@jacobsteves jacobsteves left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution! These dependencies are used within the CLI for typegen. But you're correct that we can move them to devdeps.

@jacobsteves jacobsteves merged commit 0281ae1 into Shopify:main Sep 23, 2024
1 check passed
@jacobsteves jacobsteves mentioned this pull request Sep 23, 2024
Merged
@draaglom draaglom deleted the draaglom/move-codegen-to-devdeps branch September 23, 2024 18:32
@draaglom
Copy link
Contributor Author

thanks for the review/merge @jacobsteves !

@andrewhassan andrewhassan mentioned this pull request Sep 27, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jacobsteves jacobsteves jacobsteves approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@draaglom @jacobsteves