Add script to detect missing dependencies #5230
Conversation
There was a problem hiding this comment.
This is excellent! I'm assuming you picked the particular versions sensibly. Obviously #5177 will have to be updated if this is merged (and vice versa)...
What'd be really cool is if this dependency check could be added to Husky or GHA. Guessing it'd probably have to be the latter? Like we could have a depcheck job in addition to the yarncheck job! Husky would be even better if it's workable but I'm assuming it probably isn't...? Obviously this all should be a separate PR from this though. :)
package.json
Outdated
| @@ -11,7 +11,8 @@ | |||
| "geth": "./scripts/geth.sh", | |||
| "dependency-graph": "lerna-dependency-graph -f pdf -o dependency-graph.pdf", | |||
| "solc-bump": "node ./scripts/solc-bump.js", | |||
| "update": "lernaupdate" | |||
| "update": "lernaupdate", | |||
| "depcheck": "lerna exec --stream --no-bail dependency-check --ignore @truffle/contract-tests --ignore @truffle/dashboard-message-bus-e2e-test -- --missing --verbose ." | |||
There was a problem hiding this comment.
Why are these --ignores here?
There was a problem hiding this comment.
Oh, it's because they have no entry point, I see. Um, so, wait, is this thing only checking the main code and not the test code? (Still an improvement, but worth noting if that caveat is present.)
There was a problem hiding this comment.
I ignored them because they are both private: true and have no entry points. The tool has a --entry flag if we want to include private packages at some later time.
|
Uh-oh: I just noticed that this PR introduces a cyclic dependency between ...not sure if that should hold up merge. If it can be fixed quickly it should. I'll go take a look at what's causing it, as I'm pretty familiar with those two packages... |
|
OK, so the source of the cyclicity is this:
import * as RangeUtils from "@truffle/compile-solidity/dist/compilerSupplier/rangeUtils";My guess is that probably shouldn't hold up merge? But it will need to be fixed obviously. Maybe the range utils should be split into their own package, as a way of resolving the cyclicity? (Thoughts, @eggplantzzz, @gnidan?) |
|
Oh, my initial thoughts are that if it is a dev dependency then it shouldn't matter much. Maybe I'm missing something though... |
|
A lot of these versions use the |
Yeah, lerna doesn't care, it'll cause problems on any cyclicity. |
No? I don't recall us ever deciding on such a policy. Typically thus far we've generally used carets and only pinned when necessary. |
Now that I think about it, we should re-use versions already present, which would reduce |
cds-amal
force-pushed
the
awol
branch
2 times, most recently
from
16c8559 to
cbac52b
Compare
Huh? I don't see the connection. Edit: oh, probably a typo: #5177 (Upgrade to Web3 1.7.4) |
gnidan
changed the title
cds-amal
changed the title
|
thanks for correcting my title change :) |
Ha, I missed that. I saw the title and thought I got ahead of myself! |
There was a problem hiding this comment.
Well, @gnidan thinks the circular dependency shouldn't hold up merge as long as we fix it right after, so I'm hitting approve on this!
|
Btw, this also only checks the compiled code, right? So it also won't catch missing dependencies that only appear in Thought: Maybe we should take out |
|
Hm, I just tried it with Btw, do we really want |
I think this is a good idea to do in a follow-up PR. We could have multiple dependency scripts (with different configuration). The configuration you suggest will take some time to reason through, for example:
Identified
Yes, I agree and will add that change to this PR. |
Oh, right, I forgot that some type imports are still regular dependencies and not dev dependencies. (As in, deliberately, not accidentally.) OK, ignore that idea, I think the current way is probably best after all! (Other than removing |
I noticed the ChainSafe team uses a dependency check tool in their project workflow and think it might be helpful. This PR adds the dependency-check module to the repo to help identify packages that have missing dependencies.
I also added the identified missing dependencies here, but perhaps those should be different PRs?
yarn depcheck
Full sample output
Filtering failures with grep
Passing check
@truffle/error: Success! All dependencies used in the code are listed in package.json@truffle/error, according todependency-checkhas no missing dependencies.Failing check
@truffle/dashboard: Fail! Dependencies not listed in package.json: get-port, @truffle/dashboard-message-bus-common@truffle/dashboarddoes not haveget-portand@truffle/dashboard-message-bus-commonlisted as dependencies even though they are used.