andrewbranch / gatsby-remark-vscode

Gatsby plugin to provide VS Code’s syntax highlighting to Markdown code fences

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Remove Gatsby peer dependencies

Rodrigo54 opened this issue · comments

I am using this package in my blog made with nextjs framework
I followed the example in readme.md and also did an additional configuration in my next.config.mjs file

import remarkVscode from 'gatsby-remark-vscode';
import nextConfigMDX from '@next/mdx';

const withMDX = nextConfigMDX({
  extension: /\.mdx?$/,
  options: {
    remarkPlugins: [
      [
        remarkVscode.remarkPlugin,
        {
          injectStyles: false,
          theme: {
            default: 'Dark+ (default dark)',
            parentSelector: {
              'body.dark': 'Dark+ (default dark)',
              'body.light': 'Light+ (default light)',
            },
          },
        },
      ],
    ],
  },
});

/** @type {import('next').NextConfig} */
const nextConfig = {
  pageExtensions: ['js', 'jsx', 'tsx', 'md', 'mdx'],
};

export default withMDX(nextConfig);

this has worked perfectly for me ❤️ !
the problem is that this package installs the gatsby package unnecessarily and with the gatsby package comes several other unnecessary packages causing my npm audit to fire with several vulnerabilities problems

image

a simple solution would be to remove peerDependencies field in package.json

"dependencies": {
    "decompress": "^4.2.0",
    "json5": "^2.1.1",
    "loglevel": "^1.6.4",
    "plist": "^3.0.1",
    "unist-util-visit": "^1.4.1",
    "vscode-oniguruma": "^1.4.0",
    "vscode-textmate": "^5.2.0"
},
- "peerDependencies": {
-   "gatsby": "^2.12.1 || ^3.1.1"
- },

I'm available to make a pull request if that makes sense to any of you.

Yeah, that probably should have happened as soon as we added the ability to use the remark plugin by itself. I’d accept a PR for that!

I'm unsure about this tbh, as Gatsby needs the peer dependency to understand which version is supported.

The better long-term solution would be to move the non-gatsby specific components of this package into its own package, and have the gatsby plugin consume it. In that world, the former would make no mention of gatsby and the latter could have the properly versioned peer dependency. For now, we’ll just have to deal with letting the supported gatsby version be represented in documentation.