Module: CoreType: Enhancementhelp wanted
描述
Due to the recent event-stream vulnerability issue, I'm thinking to reduce the used NPM dependencies in the Moleculer core. Currently it is the current dependency tree (29 modules):
`-- moleculer@0.13.4
+-- args@5.0.0
| +-- camelcase@5.0.0
| +-- chalk@2.4.1 deduped
| +-- leven@2.1.0
| `-- mri@1.1.1
+-- bluebird@3.5.2
+-- chalk@2.4.1
| +-- ansi-styles@3.2.1
| | `-- color-convert@1.9.3
| | `-- color-name@1.1.3
| +-- escape-string-regexp@1.0.5
| `-- supports-color@5.5.0
| `-- has-flag@3.0.0
+-- es6-error@4.1.1
+-- eventemitter2@5.0.1
+-- fastest-validator@0.6.12
+-- glob@7.1.3
| +-- fs.realpath@1.0.0
| +-- inflight@1.0.6
| | +-- once@1.4.0 deduped
| | `-- wrappy@1.0.2
| +-- inherits@2.0.3
| +-- minimatch@3.0.4
| | `-- brace-expansion@1.1.11
| | +-- balanced-match@1.0.0
| | `-- concat-map@0.0.1
| +-- once@1.4.0
| | `-- wrappy@1.0.2 deduped
| `-- path-is-absolute@1.0.1
+-- ipaddr.js@1.8.1
`-- lodash@4.17.11
There are 3 libs which have too much dependencies:
- args (4 other deps) It is used in Moleculer Runner to parse arguments
- chalk (6 other deps) It is used to coloring some log messages
- glob (12(!) other deps) It is used in Moleculer Runner & ServiceBroker to load services from folders.
- vorpal It's a dev dependency but it is not maintained & contains some vulnerabilities.
Possible alternatives:
Important to keep the current functionality, so the changes don't cause breaking changes!
args
chalk
- kleur (no deps)
glob
- tiny-glob (2 deps)
vorpal
- ?