feat(build): modernize how we bundle next-auth #1682
Conversation
If the user doesn't use databases, it shouldn't be necessary to iclude it in the bundle. This can more than half the package size!
Remove unused dependencies, move optional ones to be optional BREAKING CHANGE: `typeorm` and `nodemailer` are no longer added by default. If you need them, install them in your own project.
|
This pull request is being automatically deployed with Vercel (learn more). 🔍 Inspect: https://vercel.com/nextauthjs/next-auth/92QvJ7Gy4JCB6TjUMsjdJe9NfDa7 |
|
Regarding |
|
@ndom91 I know, but I think @iaincollins said that they weren't working in some environments. Would be good to have som specifica though, maybe it's old and they ARE supported now. Would be awesome to just use dynamic imports TBH, we could drop another dependency! |
|
So I did some more research and apparently the Docs: https://docs.npmjs.com/cli/v7/configuring-npm/package-json#peerdependenciesmeta |
|
God damn it, did I accidentally commit the npm7 package-lock? Sorry guys. Can someone who has npm6 still installed commit the npm6 one back up before this gets merged? |
|
@ndom91 Cannot see that you did. Although I see we have a |
|
This is genuinely awesome and will have a noticeable positive impact on cold boot Lambdas! @balazsorban44 based on your approach, for users only using a custom OAuth2.0 provider (not provided by Next Auth), they wouldn't need to import any providers at all, is that correct? On a related GitHub issue, it was also suggested that reviewing the outdated and deprecated version of |
|
If you have a custom provider, you already don't need to import anything from upgrading jose would have some size reduction benefits as well I think, yes. v3 looks much more modular and so we would only have to import what is actually used |
|
Doing some research here: See: https://jira.mongodb.org/browse/NODE-3050 I am still not convinced that we need either of these, so I am going to push dynamic imports here, and try to do some testing. (@iaincollins you mentioned in the source code that Using a dynamic import causes problems for some compilers/bundlers. Additional information here about what tooling breaks with dynamic import would be useful here, to pinpoint if the problem has been fixed in those tools.) It is a Stage 4 proposal https://github.com/tc39/proposal-dynamic-import, so it is highly likely to soon be a standard. Next.js (currently our only target as far as I know) do support them https://nextjs.org/docs/advanced-features/dynamic-import. Webpack 4 (and 5) both support them: https://webpack.js.org/guides/code-splitting/#dynamic-imports (which is the tool used to bundle Unless I miss something, I don't see why we cannot AT LEAST TRY using dynamic imports. We are on a |
github-actions
bot
added
the
adapters
Conflicts: package-lock.json
|
Just discovered that Next.js also utilizes |
|
🎉 This PR is included in version 4.0.0-next.2 🎉 The release is available on: Your semantic-release bot 📦🚀 |
|
DISCLAIMER: So this approach did not work, not even with a small adjustment in #1736. I will keep exploring ways that will make The most simple idea would actually be, just to remove the We are already in the process of moving out ALL the adapter from the core to the https://github.com/nextauthjs/adapters repo, and once done, you would be able to import only the adapter you need. Providing a + import TypeOrm from "@next-auth/typeorm-adapter"
//...
- database: "mysql://nextauth:password@127.0.0.1:3306/database_name"
+ adapter: TypeOrm.Adapter("mysql://nextauth:password@127.0.0.1:3306/database_name") Getting rid of it and explicitly ask the user to import their adapter would not require any hacky import solutions in the core. Regarding Currently the recommended way of importing a provider is as follows: This means that you will only need a single import at the top, but this will actually bundle ALL the providers in the production build. Explained in #1682 (comment). - import Providers from "next-auth/providers"
+ import Auth0Provider from "next-auth/providers/auth0"
+ import IDS4Provider from "next-auth/providers/identity-server4"
//...
providers: [
- Providers.Auth0({...}),
+ Auth0Provider({...}),
- Providers.IdentityServer4({...}),
+ IDS4Provider({...}),
...
]So if you don't use the built-in Email provider, you would never need to import I'll do another PR on this. |
* feat(build): optionally include TypeORM If the user doesn't use databases, it shouldn't be necessary to iclude it in the bundle. This can more than half the package size! * feat(build): clean up in dependencies Remove unused dependencies, move optional ones to be optional * feat(build): add exports field * fix: use peerDependenciesMeta instead of non-standard peerOptionalDependecns field * fix: ts-standard string quotes * fix: ts-standard string quotes * refactor: use asnyc/await for sendVerificationRequest * chore(deps): upgrade mongodb, remove require_optional Co-authored-by: ndom91 <yo@ndo.dev> BREAKING CHANGE: `typeorm`, and `nodemailer` are no longer dependencies added by default. If you need any of them, you will have to install them yourself in your project directory. TypeOrm is the default adapter, so if you only provide an `adapter` configuration or a `database`, you will need `typeorm`. You could also check out `@next-auth/typeorm-adapter`. In case you are using the Email provider, you will have to install `nodemailer` (or you can use the choice of your library in the `sendVerificationRequest` callback to send out the e-mail.)
What:
The goal of this change is massive bundle size reduction. My naive method of verifying this showed everything between 50-80% of size reduction in single use cases!
Why:
Currently, we bundle packages that are unused, or only used by a subset of users. Two of these are
typeormandnodemailer. According to BundlePhobia TypeORM takes up 71% of the package size, and it will be downloaded for those users who doesn't even use a database!How:
typeormandnodemailerare now only optionally imported packages.In this PR it is done byrequire_optional, a package that is getting out-of-date (the last update was over 3 years ago), and there are now better alternatives, likeWe are going to try dynamic imports and
peerDependenciesMetathat is supported by both npm and Yarn, so we would also want to explore that.I also removed
querystring, which is included in Node.js by default, andcrypto-js, which didn't have a single reference in the codebase (we rather usecrypto, which is included in Node.js).I also introduce
exportsin thepackage.jsonfile, which is a modern alternative to include sub-modules, that is supported by the newest versions of Node.js. I did not remove the current workaround (like https://github.com/nextauthjs/next-auth/blob/main/client.js), as not all bundlers support these (Webpack 5 for example does, but Webpack 4 will simply ignore it)This is especially useful when only using a few
Providers. The current import fromnext-auth/providerswill bundle ALL providers, every time. This will still work, but from now on, it will be possible to do something like:import IdentityServer4 from "next-auth/providers/identity-server4"which will only include the IDS4 provider, and leave out the rest. (This doesn't seem to be a breaking change actually, so we might be able to backport this.)Here is a before/after of a production app only using
jwtand a single Provider:Notice both providers (aside from the single
identity-server4one) and adapters (we don't use databases, not needed anyway) are gone from the bundle!Checklist:
BREAKING CHANGE:
Users who want to use the Default/TypeORM adapter now have to install
typeormin their projects as a dependency. The same applies if they want to use theEmailprovider.