watcher icon indicating copy to clipboard operation
watcher copied to clipboard
verified publisher icon parcel-bundler

Reduce dependencies by switching to picomatch

Open benmccann opened this issue 4 months ago • 4 comments

This has a few advantages:

  • Removed 5 dependencies and 3 maintainers from dependency tree to reduce supply chain risk and number of deprecation and security warnings (e.g. from braces which has had a few)
  • micromatch is stuck back on picomatch version 2 whereas this lets us use the latest version

picomatch supports all the same exact syntax as micromatch except for ranges (e.g. {01..03}) and increments (e.g. {2..10..2}). I've switched tons 25m downloads/week worth of projects from micromatch to picomatch and have yet to run into a single person who has been using either of these globbing syntaxes.

benmccann avatar Aug 07 '25 15:08 benmccann

Looks like this would lose support for brace expansion: https://github.com/micromatch/picomatch?tab=readme-ov-file#library-comparisons so I guess it would be a breaking change.

devongovett avatar Aug 14 '25 03:08 devongovett

Not all brace expansion, but ranges (e.g. {01..03}) and increments (e.g. {2..10..2}). Yeah, technically it would be a breaking change. I doubt anyone would be affected, but it's safer to call it one I guess

benmccann avatar Aug 14 '25 04:08 benmccann

We just use .makeRe method in micromatch which is have same behavior with .makeRe in picomatch.

hyperz111 avatar Nov 28 '25 13:11 hyperz111

We just use .makeRe method in micromatch which is have same behavior with .makeRe in picomatch.

@devongovett, you can see this.

from micromatch source file

// ...

const picomatch = require('picomatch');

// ...

micromatch.makeRe = (...args) => picomatch.makeRe(...args);

// ...

hyperz111 avatar Dec 07 '25 23:12 hyperz111