d-bis/docs
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4bb0b6ffa44be6bba0b80640ad9ecd8f2182e85f
docs/DEPENDENCY_AUDIT.md
defiQUG 4bb0b6ffa4 Initial commit: add .gitignore and README
2026-02-09 21:51:46 -08:00

5.1 KiB
Raw Blame History

Dependency Audit Report

Last Updated: 2025-01-27 Purpose: Analysis of dependencies across all projects

Overview

This document provides an analysis of dependencies across all projects in the workspace, identifying common dependencies, version inconsistencies, and opportunities for consolidation.

Analysis Methodology

  1. Scan all package.json files in the workspace
  2. Extract production and development dependencies
  3. Count usage frequency
  4. Identify version inconsistencies
  5. Recommend consolidation opportunities

Note: Run scripts/deps-analyze.sh to generate an updated analysis report.

Common Dependencies

Most Frequently Used (Production)

Based on initial analysis, these dependencies appear frequently:

TypeScript/JavaScript Core

  • typescript: Used across TypeScript projects
  • zod: Schema validation (used in 10+ projects)
  • dotenv: Environment configuration (used in 15+ projects)
  • date-fns: Date handling (used in 5+ projects)

Framework & Runtime

  • react: Frontend projects
  • nextjs: Next.js applications
  • express: Backend services
  • fastify: Backend services

Blockchain/Solidity

  • ethers / viem: Ethereum libraries
  • @openzeppelin/contracts: Smart contract libraries
  • foundry: Solidity development (dev dependency)

Database

  • @prisma/client: Database ORM
  • postgresql: Database client

Utilities

  • winston: Logging
  • jsonwebtoken: Authentication
  • bcryptjs: Password hashing
  • uuid: UUID generation

Most Frequently Used (Development)

Build & Tooling

  • typescript: TypeScript compiler
  • eslint: Linting
  • prettier: Code formatting
  • @typescript-eslint/*: TypeScript ESLint plugins

Testing

  • vitest: Testing framework (newer projects)
  • jest: Testing framework (older projects)
  • @testing-library/react: React testing utilities

Build Tools

  • vite: Build tool
  • tsx: TypeScript execution
  • tsc: TypeScript compiler

Version Consolidation Opportunities

TypeScript

  • Current Versions: Multiple versions (5.3.3, 5.5.4, etc.)
  • Recommendation: Standardize on latest stable (5.5.4+)
  • Impact: High - affects all TypeScript projects

Zod

  • Current Versions: Multiple versions (3.22.4, 3.23.8, etc.)
  • Recommendation: Standardize on latest (3.23.8+)
  • Impact: Medium - shared validation library

ESLint

  • Current Versions: Multiple versions (8.56.0, 8.57.0, 9.17.0)
  • Recommendation: Migrate to ESLint 9.x across all projects
  • Impact: High - affects code quality tooling

Prettier

  • Current Versions: Multiple versions (3.1.1, 3.2.0, 3.3.3)
  • Recommendation: Standardize on latest (3.3.3+)
  • Impact: Medium - code formatting

Shared Package Candidates

High Priority (Used in 5+ Projects)

  1. @workspace/shared-types

    • Common TypeScript types
    • Used in: dbis_core, the_order, Sankofa, etc.

  2. @workspace/shared-utils

    • Common utilities (date formatting, validation, etc.)
    • Used in: Multiple projects

  3. @workspace/shared-config

    • Shared configuration schemas
    • Used in: All projects with configuration

  4. @workspace/shared-constants

    • Shared constants and enums
    • Used in: DBIS projects, DeFi projects

Medium Priority (Used in 3-4 Projects)

  1. @workspace/api-client

    • Common API client utilities
    • Used in: Frontend projects, API consumers

  2. @workspace/validation

    • Zod schemas and validators
    • Used in: Multiple backend services

Dependency Security

Security Scanning

  • Run pnpm audit or npm audit in each project
  • Use Dependabot for automated updates
  • Review and update vulnerable dependencies regularly

High-Risk Dependencies

  • Review dependencies with known vulnerabilities
  • Prioritize updates for security-critical packages
  • Document security update process

Recommendations

Immediate Actions

  1. Hoist Common DevDependencies

    • typescript
    • eslint
    • prettier
    • @typescript-eslint/*
    • vitest/jest

  2. Create Shared Packages

    • Start with @workspace/shared-types
    • Create @workspace/shared-utils
    • Extract common validation schemas

  3. Version Consolidation

    • Standardize TypeScript version
    • Standardize Zod version
    • Standardize ESLint/Prettier versions

Long-Term Actions

  1. Dependency Audit Process

    • Quarterly dependency reviews
    • Automated security scanning
    • Version update workflow

  2. Shared Package Strategy

    • Extract shared code gradually
    • Document shared package APIs
    • Version shared packages independently

Tools for Analysis

Automated Tools

  • npm-check-updates: Check for outdated packages
  • depcheck: Find unused dependencies
  • npm-audit: Security vulnerability scanning
  • pnpm-why: Understand why dependencies are installed

Manual Review

  • Review package.json files regularly
  • Track dependency updates
  • Document breaking changes

Next Steps: Run scripts/deps-analyze.sh to generate detailed analysis report.

Reference in New Issue View Git Blame Copy Permalink