Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move CLI to its own package #205

Open
sosoba opened this issue Aug 2, 2019 · 7 comments
Open

Move CLI to its own package #205

sosoba opened this issue Aug 2, 2019 · 7 comments
Assignees
@jordanbtucker
Labels
enhancement 👍
Milestone
v3.0.0

Comments

@sosoba
Copy link

sosoba commented Aug 2, 2019

Json5 module has a hard dependecy on minimist package which is necessary only when you run a CLI for converting JSON5 to JSON and for validating the syntax of JSON5 documents.
I sugest to change it to "optionalDependencies".
@jordanbtucker
Copy link
Member

Good point. But that means that users would need to globally install minimist to use the JSON5 CLI. I think a better option is to decouple the library from the CLI.

@jordanbtucker jordanbtucker self-assigned this Aug 2, 2019
@jordanbtucker jordanbtucker added this to the v3.0.0 milestone Aug 2, 2019
@cyrilletuzi cyrilletuzi mentioned this issue May 11, 2020
Closed
4 tasks
@cyrilletuzi
Copy link

Hi @jordanbtucker, thanks for this lib!

Is there any news about this issue? json5 is widely used now, many tools must parse json5 config files, and this issue can be blocking in many situations. As it is a production dependency for projects, it should be autonomous.

@jordanbtucker
Copy link
Member

@cyrilletuzi Thanks for your interest. This is a breaking change, and I haven't had time to finalize a v3 for JSON5. Can you explain why the dependence on minimist is blocking?

@cyrilletuzi
Copy link

cyrilletuzi commented May 23, 2020
edited

@jordanbtucker Thanks for your answer. If json5 was used as a devDependencies it would be OK, but as it is used as a production dependencies, there is 2 reasons why having subdependencies is an issue:

  • performance: in a classic JavaScript project, dependencies used by multiple other dependencies can be mutualized by npm; but some tools, like VS Code extensions, need to bundle their whole code, including dependencies (and their own subdependencies): so including a new dependency means it will be included in the build.
  • security: given what does minimist, it is a library highly subject to security issues, and one happened recently. VS Code extensions have a wide access to the system (files, etc.) so security issues are taken seriously, and it happens that VS Code blocks all extensions using a dependency if a security issue is discovered. And given that the extension is critical for me (I use it in courses I teach), I cannot take the risk that it could be suspended at any moment.

@jordanbtucker
Copy link
Member

@cyrilletuzi Thanks for bringing these valid concerns to my attention. I'll see if I can devote some time to a v3 release soon.

@larshp larshp mentioned this issue Jun 28, 2020
Closed
@Jason3S
Copy link

Jason3S commented Feb 20, 2021

It doesn't need to be a breaking change.

By creating a new package: json5-lib that is used by json5, it is possible.

Everyone who wants to use the json5 as a library can move to json5-lib. json5 can continue to export all the json5-lib functionality so as to not break anyone that is currently using it as a library.

@Successahead
Copy link

Okay

@jonathanantoine jonathanantoine mentioned this issue Mar 21, 2022
Closed
@jordanbtucker jordanbtucker linked a pull request Mar 21, 2022 that will close this issue
fix: remove minimist #267
Merged
@jordanbtucker jordanbtucker mentioned this issue Mar 21, 2022
Merged
@jordanbtucker jordanbtucker reopened this Mar 21, 2022
@jordanbtucker jordanbtucker changed the title Dependence on minimist Move CLI to its own package Mar 21, 2022
@jordanbtucker jordanbtucker removed a link to a pull request Mar 21, 2022
fix: remove minimist #267
Merged
@sosoba sosoba closed this as completed Mar 29, 2022
@jordanbtucker jordanbtucker reopened this Mar 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jordanbtucker jordanbtucker

Labels
enhancement 👍
Projects
None yet
Milestone
v3.0.0
Development

No branches or pull requests
5 participants
@jordanbtucker @cyrilletuzi @sosoba @Jason3S @Successahead