[FEATURE] Reduce number of dependencies and install size (v2.17 needs 1700 dependencies, takes 1.7Gb of space)

[peitschie]

Why do we need this improvement?

The @asyncapi/cli tool (v2.17.0) requires 1700 additional packages and occupies about 1.7Gb of space on install.

This provides a significant barrier to use within more controlled environments, as the auditing and review of the dependencies is completely impractical.

It also has a significant impact on install size, application performance, and even tool choice.

For example, I'm unable to install this on some machines as they simply don't have enough RAM available to complete the installation without special overrides.

How will this change help?

Reducing the number of dependencies significantly would make this tool a much more attractive option, and likely will reduce the maintenance burden of keeping the dependencies up to date.

It would also increase accessibility to the package.

Screenshots

See attachment for the current result of running npm install @asyncapi/cli in a completely clean directory: dependencies.txt

How could it be implemented/designed?

Some related discussion seems to be in #1657, #1707 and #1703 (these all list identifying and removing redundant dependencies and imports)

1. Review direct dependencies and determine which are not providing significant features and might be suitable to inline/reimplement.
2. Review heavy-weight dependencies to evaluate alternative tools or alternative approaches that don't require the massive dependency tree

🚧 Breaking changes

Yes

👀 Have you checked for similar open issues?

• [x] I checked and didn't find a similar issue

🏢 Have you read the Contributing Guidelines?

• [x] I have read the Contributing Guidelines

Are you willing to work on this issue?

Yes I am willing to submit a PR!

[github-actions[bot]]

Welcome to AsyncAPI. Thanks a lot for reporting your first issue. Please check out our contributors guide and the instructions about a basic recommended setup useful for opening a pull request.
Keep in mind there are also other channels you can use to interact with AsyncAPI community. For more details check out this issue.

[lmussier]

Double down on this one: 2.16.7 is reported to be 367MB on docker hub. 2.16.8 is almost three times heavier!

[neoandmatrix]

Hey @Shurtu-gal was investigating this one and as per above comment comparing the changes between the versions mentioned above the i.e 2.16.7 and 2.16.8 the studio's new version which uses next.js was implemented, hence i believe a seperate issue there needs to open for discussion on reducing size if possible, WDYT or something else can also be done?

[lfvJonas]

This is a major concern for us as well — not just due to size, but security. The large number of dependencies makes auditing nearly impossible in controlled environments. Reducing the dependency tree would greatly improve usability and trust.

[Shurtu-gal]

Could you generate a list dependency sizes @neoandmatrix

[neoandmatrix]

Could you generate a list dependency sizes @neoandmatrix

Okay, will update.

[neoandmatrix]

Main root

Inside asyncapi

inside studio folder

inside build folder

@Shurtu-gal above are the dependency size for the largest modules.

[Shurtu-gal]

Thanks, your earlier suggestion makes sense then. Could you open an issue in studio with this as context.

Can add this link there as well: https://nextjs.org/docs/app/guides/package-bundling

[neoandmatrix]

Thanks, your earlier suggestion makes sense then. Could you open an issue in studio with this as context.

Can add this link there as well: https://nextjs.org/docs/app/guides/package-bundling

Sure.

[neoandmatrix]

Hey @Shurtu-gal was looking on this further and currently the cli when installed through npm is 1.1Gb

Here from last screenshot its visible that the studio's @next and next and global @next and next are redundant and present twice which ideally should be used from global only.

WDYT as expect these i believe rest of the dependencies are good are not redundant.

[Shurtu-gal]

The thing is it was very problematic for me to render out a prebuilt packaged version of studio programmatically using next. It was very well behaved for react though.

I pulled together what I could, to get the preview command up and running. Would need some more work there. That might be the reason of this.

[neoandmatrix]

The thing is it was very problematic for me to render out a prebuilt packaged version of studio programmatically using next. It was very well behaved for react though.

I pulled together what I could, to get the preview command up and running. Would need some more work there. That might be the reason of this.

Yeah next sometimes behaves weird, but other than that I don't think much can be reduced and comparing cli to versions prior to next integration the size looks same that is around 300Mb smaller which is around the size of these packages only.

I will once try to confirm that this is not a npm issue if possible.

Thanks.

[PanMan]

the size of this broke our build and prevents us from having up-to-date documentation generated on build 🫠

[azerum]

Is there any reason @asyncapi/cli comes with @asyncapi/studio? I understand some subcommands of the CLI may use studio, but wouldn't it be better to put such deps in optionalDependencies?

I agree with the original poster that this is the issue of not just the size, but also a large dependency graph and potential security problems that follow. I would rather install the bare minimum of what I need

Vitest somehow suggests to install @vitest/coverage-v8 only after one runs it with --coverage flag. Maybe such approach can be used to suggest to install @asyncapi/studio only if studio subcommand is used

In fact, suggestion and programmatic install is nice, but not necessary if it's tricky to get with package managers/monorepo tools. I would even prefer to just have a message telling me what package is missing