lodash/lodash-webpack-plugin

Some problems should be seriously taken

meowtec opened this issue · 2 comments

lodash-webpack-plugin could affect third-party packages

Say that you use some third-party package that uses lodash/map like this:

// third-party package:
import path from 'lodash/path'
map([], 'path')

After you use lodash-webpack-plugin, the third-party package will be broken.

Auto features detectings: harm over benefit

lodash-webpack-plugin removes/replaces some features by default, but it can be overridden after we import some module.

Some one write code like this and it work as expected:

import sortBy from 'lodash/sortBy';
import flatMap from 'lodash/flatMap';

sortBy([{key: 1}], id => id.key);

After remove this line:

import flatMap from 'lodash/flatMap';

The sortBy(...) would get broken.

different resolve orders can have different results.

Some one are using both clamp and toNumber,two source structures can get different results.

The first structure has two files, in witch the coercions feature will be true:

// file index.js 
const clamp = require('lodash/clamp')
clamp(['123', '1', '2']) // get number `2`
require('./b')

// file b.js
const toNumber = require('lodash/toNumber')
toNumber('123') // get number 123

The second structure has three files, in witch the coercions feature will be false:

// file index.js 
const clamp = require('lodash/clamp')
clamp(['123', '1', '2']) // get string `123`
require('./a')

// file a.js: we justadd this!
require('./b')

// file b.js
const toNumber = require('lodash/toNumber')
toNumber('123') // get string `'123'`!!!

It should be noted that in the second example, the behavior of toNumber is exactly incorrect.

Think further, some code in third-party also could affect your code.

Some examples: https://github.com/meowtec/why-you-should-not-use-lodash-webpack-plugin

Please consider to deprecate lodash-webpack-plugin

Totally with you here. This package can do more harm than good. The only way I can see it working is if we could analyse the AST to detect these incompatibilities. It's wild to think that this is an official package from lodash.

Add the following reasons to the "please deprecate this library" list:

  • any lodash errors shown will not even indicate that it could be caused by this plugin
  • errors happen in inconsistent environment (e.g not in dev but prod like lodash/lodash#3595)
  • it's an "official" plugin so people are more likely to install without thinking of potential consequences

essentially this library will work against any developers who ran into lodash issues, and will only make them debug aimlessly for hours (like I did...)