-
Notifications
You must be signed in to change notification settings - Fork 352
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: netlify-cli package install-size analysis #3302
Comments
Hi @iChenLei, Thanks for reporting this issue. Netlify CLI has lots of features and therefore lots of dependencies. I do agree though that we should strive for a smaller package size. I also agree that 330MB is a lot. However, the developer experience is mostly only impacted by how long it takes to run Also, this is not an easy fix. As your correctly pointed out with the long table, the total installation size does not come so much from specific dependencies than from the number of dependencies we use. However, most of those dependencies are providing Netlify CLI with essential features. One potential action item i could see would be to make Happy to hear what @erezrokah also thinks about this. 🤔 |
Thanks for reply, |
Anyway, I'm just making a fuss . Skip it , and continue your great work for netlify-cli. Thanks |
I just need to deploy a small static site (a few kB). If would be nice to have some lite version of netlify-cli for netlify API calls like init, deploy, etc. (i.e. without dev server and others). |
Switching to https://gitlab.com/lepovirta/netlify-deployer made the deploys by CI significantly faster for me. |
@ehmicky Like I mentioned in #494, this is NOT only an issue of package size. It's a fundamental security issue: you make all of the people who consume netlify-cli trust 1300+ packages and hundreds of different developers! The supply chain attacks are real, and the only solution is to reduce the packages you depend on. If you do that, then size and install time will also improve. Also, the disk churn is serious with each netlify-cli release:
The above is with a clean npm cache on my Windows 10 VM, which admittedly might be a little on the slow side, but you get my point. Size is one important factor. Disk churn another. Install time is also important. Security is the most important, though. EDIT: heck, packagephobia has trouble showing results anymore for netlify-cli... |
Thanks for the additional context @XhmikosR. I agree the security aspect is more important than the package size. We've recently dropped As for the We use a shrinkwrap file, which means once we publish the CLI you'd always get the same dependencies when you install it using We also highly encourage submitting any security issue you find by following our policy. |
I've submitted a few PRs the last couple weeks reducing the deps etc. I've pinpointed the root cause for the biggest size increase in netlify-cli. It comes from multiple typescript versions. See netlify/zip-it-and-ship-it#951 for more info. This affects quite a few packages that depend on A few wins so far:
So, with the above zip-it-and-ship-it change I get these results for netlify-cli:
I'm sure we can get this even more down. I have a few more suggestions for later. |
TL;DR
Too many big-size binary npm package in dependencies list, so
netlify-cli
's install size is very huge.List all netlify-cli(v6.8.6) deps
As Business Competitors, vercel's cli install size is:
vercel cli is only 81mb, and netlify cli is 330mb+. .....
What a crazy big install-size ! That's why netlify user complained about this issue. #494 [Huge increase in install size]. The core issue is netlify-cli rely on some binary npm package which size is too big. For example, @netlify/routing-local-proxy -> . This binary file size is more than ~50mb. Replace
lodash
withlodash/fp
orlodash.xx
is not useful for reduce package install-size, beacuse it's only ~1.3mb.Alternative solution
Rewriten netlify-cli in golang, I think these binary netlify private package is also writen in golang, and then pack it as npm package, distribute it via npmjs.org. So netlify user only need install a single platform-specific golang binary file. I know this is impossiable, rewriten is a huge work and stop the cli iteration.
So how about developer experience ? sorry, nobody cares.
cc @erezrokah @ehmicky
The text was updated successfully, but these errors were encountered: