Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace Lodash with Smaller Modular Packages for Improved Performance and to remove security vulnerabilities #447

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Replace Lodash with Smaller Modular Packages for Improved Performance and to remove security vulnerabilities #447

wants to merge 2 commits into from

Conversation

prashantswami
Copy link

@prashantswami prashantswami commented Jun 28, 2024
edited
Loading

Summary:

This PR replaces the use of the full Lodash library with smaller, modular Lodash packages. The goal is to optimize our application by reducing its bundle size, improving load times, and ensuring more efficient dependency management.

Details:

  • Identified and replaced the following Lodash functions with their corresponding smaller packages:
    • _.get -> lodash.get
    • _.filter -> lodash.filter
    • _.last -> lodash.last
    • _.find -> lodash.find
    • _.isempty -> lodash.isempty
    • _.values -> lodash.values
  • Updated import statements across the codebase to reflect these changes.
  • Uninstalled the main Lodash package.

Benefits:

  1. Reduced Bundle Size: By importing only the specific functions we need, we significantly reduce the overall size of our application's bundle.
  2. Improved Load Times: Smaller bundles result in faster load times, enhancing the user experience, especially for users with slower network connections.
  3. Better Performance: Less code to parse and execute can lead to performance improvements in the application.
  4. Efficient Dependency Management: Using only necessary parts of a library promotes more efficient and maintainable code.

Security Concern:

We do use this package and blackduck (security scan) has identified issues in some of the files of loadsh.

  • Future development should follow this pattern by avoiding the inclusion of large libraries when only specific functions are needed. This practice will help maintain optimal performance and keep our codebase lean.
Checklist
  • npm test passes and has 100% coverage
  • Update readme - NA

@prashantswami
Copy link
Author

@seppevs Can we get this in as soon as possible. We are using this package and loadsh has security vulnerabilities.

Let me know if you need any help in this.

@prashantswami prashantswami changed the title Replace Lodash with Smaller Modular Packages for Improved Performance and remove vulnerabilities Replace Lodash with Smaller Modular Packages for Improved Performance and to remove vulnerabilities Jun 28, 2024
@prashantswami prashantswami changed the title Replace Lodash with Smaller Modular Packages for Improved Performance and to remove vulnerabilities Replace Lodash with Smaller Modular Packages for Improved Performance and to remove security vulnerabilities Jun 28, 2024
@prashantswami
Copy link
Author

@seppevs can we get this in?

theogravity
theogravity reviewed Jul 10, 2024
View reviewed changes
package.json
@@ -30,7 +30,14 @@
"date-fns": "^2.28.0",
"fn-args": "^5.0.0",
"fs-extra": "^10.0.1",
"lodash": "^4.17.21",
"i": "^0.3.7",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is this strange package? I don't see it used anywhere

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great observation. Let me correct this

@theogravity theogravity mentioned this pull request Jul 10, 2024
Merged
@theogravity
Copy link

I patched in your PR minus the i package into my fork (which also has way more features than this lib):

https://github.com/theogravity/migrate-mongo-alt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@theogravity theogravity theogravity left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@prashantswami @theogravity