Skip to content

refactor: hoist all devDeps to root #3032

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Nov 7, 2025
Merged

refactor: hoist all devDeps to root #3032

merged 4 commits into from
Nov 7, 2025

Conversation

@overbalance
Copy link
Contributor

@overbalance overbalance commented Sep 10, 2025
edited
Loading

What this does

Hoists all build devDependencies to the root package.json.

  • 14 fewer packages in node_modules (1.13% reduction)
  • 878 fewer in dependency tree (11.39% reduction)
  • 304 fewer packages added by npm ci (10.44% reduction)

Key changes

Test fixes

  • Updated karma configs to load plugins from root after dependency hoisting
  • Fixed webpack process polyfill path for ESM compatibility
  • Updated expect import syntax for socket.io tests
  • Updated AWS SDK mock response Content-Length headers

Dependencies

  • All build devDependencies moved to root package.json
  • Removed unused jQuery dependencies

Configuration

  • Converted root .mocharc.yml to .mocharc.json
  • Fixed axios import syntax in express example (namespace import → default import)

Package-specific changes

@opentelemetry/instrumentation-socket.io

  • Changed import * as expect to import expect (expect v29 uses default export)

@opentelemetry/instrumentation-dns

@opentelemetry/instrumentation-aws-sdk

  • Updated Bedrock mock response Content-Length headers

Browser packages (propagator-aws-xray, propagator-instana, instrumentation-user-interaction, instrumentation-long-task)

  • Updated karma.conf.js to load plugins from root package.json

@overbalance overbalance requested a review from trentm November 3, 2025 02:11
@overbalance overbalance force-pushed the overbalance/hoist-all-shared-deps branch 2 times, most recently from 79da445 to 57d2922 Compare November 4, 2025 16:28
@trentm
Copy link
Contributor

trentm commented Nov 5, 2025

Unhelpful npm rant

I want to try to care about reviewing package-lock changes, but ... npm, I don't even. This latest update:

  1. updates a bunch of other packages, because the only reasonable way I know of (and probably what you did) was completely regenerate the package-lock file by deleting and re-running npm install.
  2. Loses all the 'integrity' and 'resolved' fields, e.g.:
-      "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz",
-      "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==",

So basically those fields are just useless noise from npm in lock files. What a waste. The package-lock.json tooling design is ...poor.

trentm
trentm requested changes Nov 5, 2025
View reviewed changes
@overbalance overbalance force-pushed the overbalance/hoist-all-shared-deps branch 2 times, most recently from 48f82c1 to bec6114 Compare November 5, 2025 18:02
@overbalance overbalance requested a review from trentm November 5, 2025 20:27
trentm
trentm requested changes Nov 5, 2025
View reviewed changes
@overbalance overbalance force-pushed the overbalance/hoist-all-shared-deps branch from bec6114 to 41c5ef5 Compare November 6, 2025 17:07
@trentm trentm mentioned this pull request Nov 6, 2025
Merged
@overbalance overbalance force-pushed the overbalance/hoist-all-shared-deps branch from 41c5ef5 to c8cb24c Compare November 7, 2025 16:56
@overbalance overbalance force-pushed the overbalance/hoist-all-shared-deps branch 2 times, most recently from 0eebce5 to 77c5480 Compare November 7, 2025 17:18
@overbalance overbalance force-pushed the overbalance/hoist-all-shared-deps branch from 77c5480 to ccb01fc Compare November 7, 2025 17:22
@overbalance overbalance requested a review from trentm November 7, 2025 17:28
@overbalance overbalance force-pushed the overbalance/hoist-all-shared-deps branch from b4cc8c1 to 82d09a2 Compare November 7, 2025 17:51
@trentm
Copy link
Contributor

trentm commented Nov 7, 2025
edited
Loading

FYI: "rollup": "4.52.5" was added to devDeps at the top-level to pin that transitive dep of @web/dev-server-rollup (used in instrumentation-document-load), because the current latest rollup 4.x (4.53.0 is broken: rollup/rollup#6168)

@trentm
Copy link
Contributor

trentm commented Nov 7, 2025 

% npm ls rollup --package-lock-only
[email protected] /Users/trentm/tm/opentelemetry-js-contrib8
└─┬ @opentelemetry/[email protected] -> ./packages/instrumentation-document-load
  ├─┬ @rollup/[email protected]
  │ ├─┬ @rollup/[email protected]
  │ │ └── [email protected] deduped
  │ └── [email protected]
  ├─┬ @rollup/[email protected]
  │ └── [email protected] deduped
  ├─┬ @web/[email protected]
  │ ├─┬ @rollup/[email protected]
  │ │ └── [email protected] deduped
  │ └── [email protected] deduped
  └── [email protected]

Still have rollup v4.53.0 lingering in there.

Here is a patch that I believe will fix it:
https://gist.github.com/trentm/466ef202543c862275afdabf2f6e57a4

@overbalance overbalance force-pushed the overbalance/hoist-all-shared-deps branch from 82d09a2 to 71dc0db Compare November 7, 2025 20:02
@trentm
Copy link
Contributor

trentm commented Nov 7, 2025

Before:

% du -sh .
1.3G	.

% npm ls -a | wc -l
npm error code ELSPROBLEMS
npm error invalid: [email protected] /Users/trentm/pristine/opentelemetry-js-contrib/node_modules/zod
npm error A complete log of this run can be found in: /Users/trentm/.npm/_logs/2025-11-07T22_23_08_495Z-debug-0.log
    7824

After:

% du -sh .
1.1G	.

% npm ls -a | wc -l
npm error code ELSPROBLEMS
npm error invalid: [email protected] /Users/trentm/tm/opentelemetry-js-contrib8/node_modules/ws
npm error invalid: [email protected] /Users/trentm/tm/opentelemetry-js-contrib8/node_modules/zod
npm error A complete log of this run can be found in: /Users/trentm/.npm/_logs/2025-11-07T22_23_24_355Z-debug-0.log
    7032

So 10-20% dev tree size reduction.

I'm not sure what's up with the "npm error invalid"... but FWIW we have this case in "main" now, so I don't necessarily think this should block. I'll poke a bit.

@trentm
Copy link
Contributor

trentm commented Nov 7, 2025
edited
Loading

Both the zod and ws npm ls errors are due to openai having an optional peer dep on these. From openai/package.json:

  "peerDependencies": {
    "ws": "^8.18.0",
    "zod": "^3.25 || ^4.0"
  },
  "peerDependenciesMeta": {
    "ws": {
      "optional": true
    },
    "zod": {
      "optional": true
    }
  }

peer-optional means that the dep is not installed by default (i.e. not added to the package-lock tree).

However, because ws and zod are transitive deps of other things in the tree we do get versions installed, but not necessarily matching the peer-optional range, e.g.:

% npm ls zod
[email protected] /Users/trentm/src/opentelemetry-js-contrib
├─┬ @opentelemetry/[email protected] -> ./packages/instrumentation-document-load
│ └─┬ @web/[email protected]
│   └─┬ @web/[email protected]
│     └─┬ [email protected]
│       └─┬ [email protected]
│         └── [email protected] deduped invalid: "^3.25 || ^4.0" from node_modules/openai
└─┬ @opentelemetry/[email protected] -> ./packages/instrumentation-openai
  └─┬ [email protected]
    └── [email protected] invalid: "^3.25 || ^4.0" from node_modules/openai

npm error code ELSPROBLEMS
npm error invalid: [email protected] /Users/trentm/src/opentelemetry-js-contrib/node_modules/zod

For now I think we can ignore these. I'm somewhat sure that our openai testing in instrumentation-openai does not use any of the optional zod or ws functionality in openai, so we can ignore. If it did matter, then we'd want to have devDeps for these in instrumentation-openai. We could do that just to silence the npm ls error message if necessary.

@trentm
Copy link
Contributor

trentm commented Nov 7, 2025

Another view of the before/after, showing the top few multiple installs of given packages in the tree:

Before:

% npm ls -ap | awk -F node_modules/ '{print $NF}' | sort | uniq -c | sort -n | tail -20
  12 rimraf
  12 signal-exit
  12 yallist
  13 hosted-git-info
  13 ms
  13 supports-color
  14 color-convert
  14 color-name
  15 @smithy/node-http-handler
  15 readable-stream
  15 string_decoder
  17 ansi-styles
  20 brace-expansion
  22 glob
  23 debug
  24 semver
  31 minimatch
  38 lru-cache
  69 undici-types
  70 @types/node

After:

% npm ls -ap | awk -F node_modules/ '{print $NF}' | sort | uniq -c | sort -n | tail -20
  10 @azure/abort-controller
  10 npm-package-arg
  10 path-scurry
  10 type-fest
  10 yargs
  11 ms
  11 rimraf
  11 signal-exit
  12 minipass
  12 yallist
  13 hosted-git-info
  15 @smithy/node-http-handler
  18 string-width
  19 brace-expansion
  19 emoji-regex
  19 semver
  20 glob
  21 debug
  30 minimatch
  37 lru-cache

@trentm trentm merged commit 1c08238 into open-telemetry:main Nov 7, 2025
23 checks passed
@overbalance overbalance deleted the overbalance/hoist-all-shared-deps branch November 7, 2025 23:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@trentm trentm trentm approved these changes

Assignees

@david-luna david-luna

@aabmass aabmass

@dyladan dyladan

@abhee11 abhee11

@d4nyll d4nyll

@blumamir blumamir

@JamieDanielson JamieDanielson

@hectorhdzg hectorhdzg

@JacksonWeber JacksonWeber

@jj22ee jj22ee

Labels

has:sponsor This package or feature has a sponsor that has volunteered to review PRs and respond to questions pkg:auto-configuration-propagators pkg:auto-instrumentations-node pkg:auto-instrumentations-web pkg:host-metrics pkg:id-generator-aws-xray pkg:instrumentation-amqplib pkg:instrumentation-aws-lambda pkg:instrumentation-aws-sdk pkg:instrumentation-bunyan pkg:instrumentation-cassandra-driver pkg:instrumentation-connect pkg:instrumentation-cucumber pkg:instrumentation-dataloader pkg:instrumentation-dns pkg:instrumentation-document-load pkg:instrumentation-express pkg:instrumentation-fastify pkg:instrumentation-fs pkg:instrumentation-generic-pool pkg:instrumentation-graphql pkg:instrumentation-hapi pkg:instrumentation-ioredis pkg:instrumentation-kafkajs pkg:instrumentation-knex pkg:instrumentation-koa pkg:instrumentation-long-task pkg:instrumentation-lru-memoizer pkg:instrumentation-memcached pkg:instrumentation-mongodb pkg:instrumentation-mongoose pkg:instrumentation-mysql pkg:instrumentation-mysql2 pkg:instrumentation-nestjs-core pkg:instrumentation-net pkg:instrumentation-openai pkg:instrumentation-oracledb pkg:instrumentation-pg pkg:instrumentation-pino pkg:instrumentation-redis pkg:instrumentation-restify pkg:instrumentation-router pkg:instrumentation-runtime-node pkg:instrumentation-socket.io pkg:instrumentation-tedious pkg:instrumentation-undici pkg:instrumentation-user-interaction pkg:instrumentation-winston pkg:plugin-react-load pkg:propagation-utils pkg:propagator-aws-xray pkg:propagator-aws-xray-lambda pkg:propagator-instana pkg:propagator-ot-trace pkg:redis-common pkg:resource-detector-alibaba-cloud pkg:resource-detector-aws pkg:resource-detector-azure pkg:resource-detector-container pkg:resource-detector-gcp pkg:resource-detector-github pkg:resource-detector-instana pkg:sampler-aws-xray pkg:sql-common pkg:test-utils pkg-status:unmaintained:autoclose-scheduled pkg-status:unmaintained This package is unmaintained. Only bugfixes may be acceped until a new owner has been found.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.