image-compare-viewer icon indicating copy to clipboard operation
image-compare-viewer copied to clipboard

Published 20 hours ago verified publisher icon kylewetton

Do we really need this dependencies

Open leonexcc opened this issue 1 year ago • 2 comments

Thank you for this great code!

I have do a question: Do we really need this dependencies to use the viewer on a website?

"dependencies": {
    "@babel/polyfill": "^7.6.0",
    "autoprefixer": "^10.4.7",
    "body-scroll-lock": "^4.0.0-beta.0",
    "core-js": "^3.3.2",
    "postcss-loader": "^7.0.0"
}

As I understand, all the code in dist/ will not use this. If we need this for some reason, could we please update them to fix the NPM audit errors for postcss?

I can provide a pull request if that helps.

leonexcc avatar Oct 20 '23 15:10 leonexcc

I mean they're there because CSS is a part of this package, body-scroll-lock is indeed needed if you're using vertical mode. I've done an audit and update, does this help you out?

kylewetton avatar Oct 30 '23 05:10 kylewetton

I also realised you need the body-scroll-lock :-).

It would help for now to upgrade the packages to a versition without security problems. I also made a fork in https://github.com/leonexcc/image-compare-viewer/tree/fix/npm-dependencies, moved all other packages and that worked for us. Maybe you could look into the other packages too.

leonexcc avatar Oct 30 '23 08:10 leonexcc