Today I run the command
yarn rw dev and got a tip (most likely from yarn) that I should run the command
yarn audit from the root of my project. Here is what I got:
Two occurrences of high risk coming from the package
immer and 1 occurrence from
prismjs. There is also information on the version for each package, where this risk was fixed.
Not all offending packages are direct dependencies of RedwoodJS., so we may not be in the position to address such problems in our release creation process - however, we can:
- Fix all problems that we can right away
- “Invent” a process to address that globally. GitHub would be a good example of such a “clearinghouse”.
My years-long “fear” that node based application development will crumble under the weight of all packages used in a typical application is caused by this information (the redwoodblog tutorial application finished only up to and excluding Tutorial - Cells : RedwoodJS Docs
I am sharing this screenshot to show my still lasting amazement with the sheer size of this application. How could anything that includes 67,781 parts work together in a reliable fashion??? More seriously though, this size information is the reason that we all do our best to ensure the best fit for all these parts