There should be an option to automatically co-whitelist peer-dependencies of a whitelisted module

Question

There should be an option to automatically co-whitelist peer-dependencies of a whitelisted module

florisporro opened this issue 5 years ago · 7 comments

I'm building an application with Electron where all the node_modules are shipped alongside the application, rather than packed with Webpack.

One module is a private package that needs to get bundled, as it shouldn't get shipped in unpacked format. So I tried adding it to the whitelist and it beautifully gets packed into the distributable.

None of its peer-dependencies get packed though, unless I manually add them all to the whitelist.

Ideally there should be an option that enables scanning of whitelisted modules for peer-dependencies to add them to the whitelist as well.

Answer 1 · 2020-03-05T16:22:20.000Z

This problem has been raised multiple times and has never been addressed as far asI can see. See e.g. here and here. Just now I wanted to include axios into the bundle for an AWS Lambda function, and I was forced to manually look up the trail of dependencies. In this case it was:

axios => follow-redirects => debug => ms

OK, it was only four single steps this time, but it could easily have branched out into a dependency tree that one would have to manually figure out. The community would greatly appreciate if inclusion of sub-dependencies could be done automatically.

Answer 2 · 2020-07-30T03:11:05.000Z

Assuming the dependency tree is proper. Also what if someone decides to add resolutions to their project? Maybe add a utility that can do that whitelisting for specific packages?

Answer 3 · 2020-07-30T22:20:06.000Z

I am a collaborator on razzle, I found out that instead of using allowlist it is better to solve this by using resolve and some logic to decide what to bundle as next.js does. This module is a bit too brittle since it tries to do it in the reverse and pre-resolve what to allow.

Answer 4 · 2020-07-31T18:36:22.000Z

@MagnusBrzenk @fivethreeo Thank you for your suggestions and interest. If I understand correctly - the request is that all modules in the allowlist will have their own dependencies bundled as well. Am I correct?
I will take a look on how to solve it. In any case - PRs are welcome!
Thanks again.

Answer 5 · 2020-07-31T22:30:56.000Z

@liady

Better to let webpack handle the dependencies

https://github.com/jaredpalmer/razzle/pull/1370/files#diff-b95764a7288c7b8e9f3715219636a1caR299
https://github.com/jaredpalmer/razzle/pull/1370/files#diff-0039aa986c882d14539e6883d06e955d

Answer 6 · 2021-04-05T02:23:07.000Z

@florisporro @MagnusBrzenk I'm running into a similar problem that you guys mentioned and I seem to be able to get it working with the config below, can you guys try it out and let me know if it helps?

externals: [
    nodeExternals(), // exclude node_modules in current path
    nodeExternals({
      modulesDir: resolve(__dirname, '../node_modules'), // exclude node_modules in root (monorepo managed by lerna)
      allowlist: [/^@whitelistedModule\/*/], // whitelist private package
      modulesFromFile: {
        fileName: /* path to whitelisted module package.json to read from */,
        includeInBundle: ['dependencies', 'peerDependencies'],
      }
    }),
  ],

Answer 7 · 2022-08-12T14:26:20.000Z

I built a small helper that includes all subdependencies for any packages:
https://github.com/kmjennison/datwd

// webpack.config.js
const nodeExternals = require('webpack-node-externals')
const includeSubdependencies = require('datwd')

module.exports = {
  // ...
  externals: [
    nodeExternals({
      // Will include "cookies" and its dependencies; for example:
      // `['cookies', 'depd', 'keygrip', 'tsscmp']`
      allowlist: includeSubdependencies(['cookies'])
    })
  ]
}

Hope this helps others. Feedback welcome!