iotagent-node-lib icon indicating copy to clipboard operation
iotagent-node-lib copied to clipboard
verified publisher icon telefonicaid

Refactor - remove underscore dependency from codebase

Open mapedraza opened this issue 4 years ago • 2 comments

The idea is to reduce the amount of dependencies used in codebase, specially for those which are not essential, in order to reduce possible vulnerabilities like Log4j CVE-2021-44228.

In the particular case of underscore, we have found that it is used only in these cases:

  • pluck method
  • difference and keys method used once here

Both cases can be easily covered without using underscore (in the case of plunk, using a map filter, in the case of difference and key amending the logic in charge of that part of the code)

mapedraza avatar Dec 22 '21 10:12 mapedraza

@mapedraza if you look at the package-lock.json, you'll notice that the async dependency relies on lodash:

 "async": {
      "version": "2.6.2",
      "resolved": "https://registry.npmjs.org/async/-/async-2.6.2.tgz",
      "integrity": "sha512-H1qVYh1MYhEEFLsP97cVKqCGo7KfCyTt6uEWqsTBr9SO84oK9Uwbyd/yCW+6rKJLHksBNUVWZDAjfS+Ccx0Bbg==",
      "requires": {
        "lodash": "^4.17.11"
      }
    },

lodash is nearly but not quite a one-to-one drop in for underscore - you could just switch the library for using pluck() and map(). This would eliminate underscore entirely since no other dependency is using it. It should improve throughput slightly too since lodash is supposedly more performant.

jason-fox avatar Jan 13 '22 11:01 jason-fox

undescore is still used by: lib/plugins/bidirectionalData.js:const _ = require('underscore'); lib/plugins/expressionParser.js:const _ = require('underscore'); lib/services/ngsi/entities-NGSI-LD.js:const _ = require('underscore'); lib/services/ngsi/ngsiService.js:const _ = require('underscore'); lib/services/ngsi/ngsiUtils.js:const _ = require('underscore'); lib/services/stats/statsRegistry.js:const _ = require('underscore'); lib/services/northBound/contextServer-NGSI-v2.js:const _ = require('underscore'); lib/services/northBound/deviceGroupAdministrationServer.js:const _ = require('underscore'); lib/services/northBound/restUtils.js:const _ = require('underscore'); lib/services/northBound/contextServer-NGSI-LD.js:const _ = require('underscore'); lib/services/northBound/deviceProvisioningServer.js:const _ = require('underscore'); lib/services/devices/devices-NGSI-v2.js:const _ = require('underscore'); lib/services/devices/registrationUtils.js:const _ = require('underscore'); lib/services/devices/deviceService.js:const _ = require('underscore'); lib/services/devices/devices-NGSI-LD.js:const _ = require('underscore'); lib/services/devices/deviceRegistryMemory.js:const _ = require('underscore'); lib/services/groups/groupRegistryMemory.js:const _ = require('underscore'); lib/services/commands/commandRegistryMemory.js:const _ = require('underscore');

AlvaroVega avatar Apr 20 '23 08:04 AlvaroVega