Remove Gatsby peer dependencies
Rodrigo54 opened this issue · comments
I am using this package in my blog made with nextjs
framework
I followed the example in readme.md and also did an additional configuration in my next.config.mjs
file
import remarkVscode from 'gatsby-remark-vscode';
import nextConfigMDX from '@next/mdx';
const withMDX = nextConfigMDX({
extension: /\.mdx?$/,
options: {
remarkPlugins: [
[
remarkVscode.remarkPlugin,
{
injectStyles: false,
theme: {
default: 'Dark+ (default dark)',
parentSelector: {
'body.dark': 'Dark+ (default dark)',
'body.light': 'Light+ (default light)',
},
},
},
],
],
},
});
/** @type {import('next').NextConfig} */
const nextConfig = {
pageExtensions: ['js', 'jsx', 'tsx', 'md', 'mdx'],
};
export default withMDX(nextConfig);
this has worked perfectly for me ❤️ !
the problem is that this package installs the gatsby
package unnecessarily and with the gatsby package comes several other unnecessary packages causing my npm audit
to fire with several vulnerabilities problems
a simple solution would be to remove peerDependencies
field in package.json
"dependencies": {
"decompress": "^4.2.0",
"json5": "^2.1.1",
"loglevel": "^1.6.4",
"plist": "^3.0.1",
"unist-util-visit": "^1.4.1",
"vscode-oniguruma": "^1.4.0",
"vscode-textmate": "^5.2.0"
},
- "peerDependencies": {
- "gatsby": "^2.12.1 || ^3.1.1"
- },
I'm available to make a pull request if that makes sense to any of you.
Yeah, that probably should have happened as soon as we added the ability to use the remark plugin by itself. I’d accept a PR for that!
I'm unsure about this tbh, as Gatsby needs the peer dependency to understand which version is supported.
The better long-term solution would be to move the non-gatsby specific components of this package into its own package, and have the gatsby plugin consume it. In that world, the former would make no mention of gatsby and the latter could have the properly versioned peer dependency. For now, we’ll just have to deal with letting the supported gatsby version be represented in documentation.