jira-node
Package size seems to be a bit excessive
After updating to v8 we now have a new set of dependencies because of request postman:
postman-request@^2.88.1-postman.30:
version "2.88.1-postman.30"
resolved "https://registry.yarnpkg.com/postman-request/-/postman-request-2.88.1-postman.30.tgz#44554fd3c19bf19e0a583e92b654d3c4f7e4669e"
integrity sha512-zsGvs8OgNeno1Q44zTgGP2IL7kCqUy4DAtl8/ms0AQpqkIoysrxzR/Zg4kM1Kz8/duBvwxt8NN717wB7SMNm6w==
dependencies:
"@postman/form-data" "~3.1.1"
"@postman/tunnel-agent" "^0.6.3"
aws-sign2 "~0.7.0"
aws4 "^1.8.0"
brotli "~1.3.2"
caseless "~0.12.0"
combined-stream "~1.0.6"
extend "~3.0.2"
forever-agent "~0.6.1"
har-validator "~5.1.3"
http-signature "~1.3.1"
is-typedarray "~1.0.0"
isstream "~0.1.2"
json-stringify-safe "~5.0.1"
mime-types "~2.1.19"
oauth-sign "~0.9.0"
performance-now "^2.1.0"
qs "~6.5.2"
safe-buffer "^5.1.2"
stream-length "^1.0.2"
tough-cookie "~2.5.0"
uuid "^3.3.2"
Not only it makes downloading node modules slower but it's also a higher audit maintenance cost. Is this really necessary just to make a few API calls to a well known API? Can't you use node-fetch or even the native http library?
A general purpose HTTP library to make requests to a known and sanitised API seems a bit too excessive.
Replacing request has been discussed a bit in https://github.com/jira-node/node-jira-client/issues/300. At this point, I think we're all waiting for someone to do it for us 💦
If you want to solve this, I'll be happy to add you as a maintiner to the project.
Well, node-fetch is by far the most downloaded library and it's 100% unit tested and maintained with the benefit that it basically emulates the browser fetch API which is easy to reason about .It's probably more than good enough for the JIRA client and it's what we use for all of our HTTP clients in production for years without any issue.
If you are happy with switching to that I might be able to find some time until end of the year to give it a go