tauri icon indicating copy to clipboard operation
tauri copied to clipboard
verified publisher icon tauri-apps

[feat] Remove duplicated packages and implement things ourselves

Open Mulling opened this issue 1 year ago • 2 comments

Describe the problem

Right now, a Tauri project contains +400 to +700 packages, not counting the frontend packages which bring this number even further up. See the dependency graph below of simple "Hello, World!" Tauri 2 project:

graph

Some of Tauri's dependencies, like dirs, provide simple things that we could just implement ourselves.

The amount of packages Tauri relies on makes it vulnerable to possible supply chain attacks, and now that we have a stable release for Tauri 2, I think it's important to address that.

Describe the solution you'd like

  • Remove duplicated packages;
  • Implement things ourselves;
  • Consolidate dependencies.

Alternatives considered

No response

Additional context

https://www.memorysafety.org/blog/reducing-dependencies-in-sudo/

Mulling avatar Oct 04 '24 02:10 Mulling

Do you mean "ourselves" as in the users of Tauri or us tauri / the tauri team?

If it's the latter then we honestly can't handle the additional workload / maintenance burden.

FabianLars avatar Oct 04 '24 06:10 FabianLars

Both, I was thinking of this as long term goal. If development is mindful of this, it can be improved gradually.

I also don't mind helping.

Mulling avatar Oct 04 '24 13:10 Mulling