d-bis/docs
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
docs/DEPENDENCY_AUDIT.md

201 lines
5.1 KiB
Markdown
Raw Permalink Normal View History

Initial commit: add .gitignore and README
2026-02-09 21:51:46 -08:00
# Dependency Audit Report
**Last Updated**: 2025-01-27
**Purpose**: Analysis of dependencies across all projects
---
## Overview
This document provides an analysis of dependencies across all projects in the workspace, identifying common dependencies, version inconsistencies, and opportunities for consolidation.
---
## Analysis Methodology
1. Scan all `package.json` files in the workspace
2. Extract production and development dependencies
3. Count usage frequency
4. Identify version inconsistencies
5. Recommend consolidation opportunities
**Note**: Run `scripts/deps-analyze.sh` to generate an updated analysis report.
---
## Common Dependencies
### Most Frequently Used (Production)
Based on initial analysis, these dependencies appear frequently:
#### TypeScript/JavaScript Core
- **typescript**: Used across TypeScript projects
- **zod**: Schema validation (used in 10+ projects)
- **dotenv**: Environment configuration (used in 15+ projects)
- **date-fns**: Date handling (used in 5+ projects)
#### Framework & Runtime
- **react**: Frontend projects
- **nextjs**: Next.js applications
- **express**: Backend services
- **fastify**: Backend services
#### Blockchain/Solidity
- **ethers** / **viem**: Ethereum libraries
- **@openzeppelin/contracts**: Smart contract libraries
- **foundry**: Solidity development (dev dependency)
#### Database
- **@prisma/client**: Database ORM
- **postgresql**: Database client
#### Utilities
- **winston**: Logging
- **jsonwebtoken**: Authentication
- **bcryptjs**: Password hashing
- **uuid**: UUID generation
### Most Frequently Used (Development)
#### Build & Tooling
- **typescript**: TypeScript compiler
- **eslint**: Linting
- **prettier**: Code formatting
- **@typescript-eslint/***: TypeScript ESLint plugins
#### Testing
- **vitest**: Testing framework (newer projects)
- **jest**: Testing framework (older projects)
- **@testing-library/react**: React testing utilities
#### Build Tools
- **vite**: Build tool
- **tsx**: TypeScript execution
- **tsc**: TypeScript compiler
---
## Version Consolidation Opportunities
### TypeScript
- **Current Versions**: Multiple versions (5.3.3, 5.5.4, etc.)
- **Recommendation**: Standardize on latest stable (5.5.4+)
- **Impact**: High - affects all TypeScript projects
### Zod
- **Current Versions**: Multiple versions (3.22.4, 3.23.8, etc.)
- **Recommendation**: Standardize on latest (3.23.8+)
- **Impact**: Medium - shared validation library
### ESLint
- **Current Versions**: Multiple versions (8.56.0, 8.57.0, 9.17.0)
- **Recommendation**: Migrate to ESLint 9.x across all projects
- **Impact**: High - affects code quality tooling
### Prettier
- **Current Versions**: Multiple versions (3.1.1, 3.2.0, 3.3.3)
- **Recommendation**: Standardize on latest (3.3.3+)
- **Impact**: Medium - code formatting
---
## Shared Package Candidates
### High Priority (Used in 5+ Projects)
1. **@workspace/shared-types**
- Common TypeScript types
- Used in: dbis_core, the_order, Sankofa, etc.
2. **@workspace/shared-utils**
- Common utilities (date formatting, validation, etc.)
- Used in: Multiple projects
3. **@workspace/shared-config**
- Shared configuration schemas
- Used in: All projects with configuration
4. **@workspace/shared-constants**
- Shared constants and enums
- Used in: DBIS projects, DeFi projects
### Medium Priority (Used in 3-4 Projects)
1. **@workspace/api-client**
- Common API client utilities
- Used in: Frontend projects, API consumers
2. **@workspace/validation**
- Zod schemas and validators
- Used in: Multiple backend services
---
## Dependency Security
### Security Scanning
- Run `pnpm audit` or `npm audit` in each project
- Use Dependabot for automated updates
- Review and update vulnerable dependencies regularly
### High-Risk Dependencies
- Review dependencies with known vulnerabilities
- Prioritize updates for security-critical packages
- Document security update process
---
## Recommendations
### Immediate Actions
1. **Hoist Common DevDependencies**
- typescript
- eslint
- prettier
- @typescript-eslint/*
- vitest/jest
2. **Create Shared Packages**
- Start with @workspace/shared-types
- Create @workspace/shared-utils
- Extract common validation schemas
3. **Version Consolidation**
- Standardize TypeScript version
- Standardize Zod version
- Standardize ESLint/Prettier versions
### Long-Term Actions
1. **Dependency Audit Process**
- Quarterly dependency reviews
- Automated security scanning
- Version update workflow
2. **Shared Package Strategy**
- Extract shared code gradually
- Document shared package APIs
- Version shared packages independently
---
## Tools for Analysis
### Automated Tools
- **npm-check-updates**: Check for outdated packages
- **depcheck**: Find unused dependencies
- **npm-audit**: Security vulnerability scanning
- **pnpm-why**: Understand why dependencies are installed
### Manual Review
- Review package.json files regularly
- Track dependency updates
- Document breaking changes
---
**Next Steps**: Run `scripts/deps-analyze.sh` to generate detailed analysis report.
Reference in New Issue Copy Permalink