graphlib icon indicating copy to clipboard operation
graphlib copied to clipboard
verified publisher icon dagrejs

feat: switch to lodash 'dot' packages

Open FauxFaux opened this issue 5 years ago • 1 comments

This reduces the amount of lodash, and the associated vulnerabilities, that the megapackage pulls in at runtime.

Fixes #70.

make dist passes for me, but I have not included the updated dist//bower files in this PR. Is that expected, or is it handled by the release process only?

I don't fully follow the reasoning that led to stopping after most of the work was done in #86, nearly two years ago.

I understand that transpilation was not a popular idea. A number of these lodash packages are for very old features. I guess supporting IE11 is still a goal, because it still shows as non-zero market share on some measurements. Personally, I find it very hard to work with a project targeting 2012 JS in TYOOL 2020.

FauxFaux avatar May 25 '20 10:05 FauxFaux

FYI our fork https://github.com/snyk/graphlib has many of the changes you're rolling out, including a complete TS port.

FauxFaux avatar Jun 19 '22 18:06 FauxFaux

Closing this since Graphlib no longer depends on Lodash.

rustedgrail avatar Mar 03 '23 10:03 rustedgrail