-
Notifications
You must be signed in to change notification settings - Fork 506
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: add 'lint:deps' script to check for unused and unlisted deps #2477
base: main
Are you sure you want to change the base?
Conversation
This uses knip (https://knip.dev) to check dependencies, in hopes of avoiding issues like open-telemetry#2473. This adds 'npm run lint:deps' and adds that to the existing 'npm run lint'. This change includes fixes for a handful of unused and unlisted deps. For now knip is configured to only check 'production' deps. Checking non-prod deps results in way too many false positives.
Got an answer in commit 47ee30b. |
Ugh, perhaps the following is fine, but it is annoying. The addition of the knip dep at the top-level resulted in its [email protected] dep being placed at the top-level |
Actually I think this is unacceptable. The result is a MUCH larger working copy: Before:
After (i.e. this PR branch):
Ew. |
(Profanity.) I don't know how to solve this well.
Using options
I can't think of other options. |
This package does not have an assigned component owner and is considered unmaintained. As such this package is in feature-freeze and this PR will be closed with 14 days unless a new owner or a sponsor (a member of @open-telemetry/javascript-approvers) for the feature is found. It is the responsibility of the author to find a sponsor for this feature. |
(Aside: interesting earlier issue related to |
After reading more about how npx works (https://docs.npmjs.com/cli/v8/commands/npm-exec) I'm more confident that running knip via npx (to workaround the install-tree issue) is fine for dev and for CI.
After reading more about how npx works (https://docs.npmjs.com/cli/v8/commands/npm-exec) I'm more confident that running knip via npx (to workaround the install-tree issue) is fine for dev and for CI. @open-telemetry/javascript-approvers This PR adds this script to package.json:
I think the usage of |
This uses knip (https://knip.dev) to check dependencies, in hopes of avoiding
issues like #2473. This adds 'npm run lint:deps' and adds that to the
existing 'npm run lint'.
This change includes fixes for a handful of unused and unlisted deps.
For now knip is configured to only check 'production' deps. Checking non-prod
deps results in way too many false positives.
before the fixes in this commit
This is the output of
knip --dependencies --production
before the fixes included in this commit:The cucumber one was about imported types, so would not have broken users of the published package.