DataDog
Send all dependencies
What does this PR do?
It tries to get all used dependencies and not only the dependencies declared in package.json file
Motivation
We are ignoring all transitive dependencies
Plugin Checklist
- [x] Unit tests.
Additional Notes
Overall package size
Self size: 2.63 MB Deduped: 29.8 MB No deduping: 30.43 MB
Dependency sizes
| name | version | self size | total size |
|---|---|---|---|
| @datadog/pprof | 1.0.2 | 8.74 MB | 14.46 MB |
| @datadog/native-metrics | 1.4.2 | 6.61 MB | 7.04 MB |
| @datadog/native-appsec | 1.2.1 | 5.1 MB | 5.43 MB |
| opentracing | 0.14.7 | 194.81 kB | 194.81 kB |
| @datadog/sketches-js | 2.0.0 | 105.44 kB | 105.44 kB |
| lodash.sortby | 4.7.0 | 75.76 kB | 75.76 kB |
| semver | 5.7.1 | 61.58 kB | 61.58 kB |
| ignore | 5.2.0 | 48.87 kB | 48.87 kB |
| import-in-the-middle | 1.3.1 | 30.44 kB | 34.91 kB |
| istanbul-lib-coverage | 3.2.0 | 29.34 kB | 29.34 kB |
| retry | 0.10.1 | 27.44 kB | 27.44 kB |
| lodash.uniq | 4.5.0 | 25.01 kB | 25.01 kB |
| limiter | 1.1.5 | 23.17 kB | 23.17 kB |
| lodash.kebabcase | 4.1.1 | 17.75 kB | 17.75 kB |
| lodash.pick | 4.4.0 | 16.33 kB | 16.33 kB |
| crypto-randomuuid | 1.0.0 | 11.18 kB | 11.18 kB |
| diagnostics_channel | 1.1.0 | 7.07 kB | 7.07 kB |
| path-to-regexp | 0.1.7 | 6.78 kB | 6.78 kB |
| koalas | 1.0.2 | 6.47 kB | 6.47 kB |
| methods | 1.1.2 | 5.29 kB | 5.29 kB |
| module-details-from-path | 1.0.3 | 4.47 kB | 4.47 kB |
🤖 This report was automatically generated by heaviest-objects-in-the-universe
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
Merging #2258 (f1a6dd7) into master (ada0716) will increase coverage by
2.63%. The diff coverage isn/a.
@@ Coverage Diff @@
## master #2258 +/- ##
==========================================
+ Coverage 92.70% 95.33% +2.63%
==========================================
Files 224 78 -146
Lines 8718 2854 -5864
==========================================
- Hits 8082 2721 -5361
+ Misses 636 133 -503
:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
@uurien @rochdev Quick question asked by a vulnerability discovery backend guy:
Is it possible to have these dependencies list in the
app-startedevent instead of theapp-dependencies-loadedone ?
If I understand the PR correctly the dependencies are sent by group of synchronous requires right ? So I'm assuming we can't wait for the deps to be loaded before sending the app-started ?
@simon-id
@uurien @rochdev Quick question asked by a vulnerability discovery backend guy:
Is it possible to have these dependencies list in the app-started event instead of the app-dependencies-loaded one ?
If I understand the PR correctly the dependencies are sent by group of synchronous requires right ? So I'm assuming we can't wait for the deps to be loaded before sending the app-started ?
We can't have all the dependencies just when app is started, because we don't know what are the dependencies that are going to be used. A package-lock.json and yarn.lock files are optional and huge to read and parse synchronously in a reasonable time.
If I understand the PR correctly the dependencies are sent by group of synchronous requires right ? So I'm assuming we can't wait for the deps to be loaded before sending the app-started ?
Both are unrelated, because in Node dependencies can be loaded at any point in time, which is different than other languages. We also want to avoid dev dependencies so we can't rely on the lockfile, or even node_modules because some users install dev dependencies in production, they are just unused by the app.
So basically, these are really 2 completely different things that cannot be reported together.
