reduce npm dependency exposure
jgresham opened this issue · comments
Johns Gresham commented
Feature details
We have some low-effort npm dependencies that we can simply copy source code from their single index.js
file and include it under our src/
and npm remove
the dependency. Additionally, these deps are not changing or updating frequently.
- Put the dependency in a single file
- Verify that the license of the dependency allows for this
- Include a link to the code in a comment at the top of a file and the dep's license
See https://github.com/NiceNode/nice-node/blob/main/src/main/util/escapePath.js as an example of this
Some example deps to do this for:
-
await-sleep
-
i18next-cli-language-detector
- gha apple codesign certs