This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Datasource	Name	Replacement PR?
npm	@types/mock-property
npm	aud

Pending Approval

These branches will be created by Renovate only once you click their checkbox below.

• [Deps] Update Update eslint to v8.57.0
• [Deps] Update Update aud to v3
• [Deps] Update Update eslint to v9
• [Deps] Update Update nyc to v17
• 🔐 Create all pending approval PRs at once 🔐

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

Description

We have been facing high CPU utilisation issues in our projects since April 2023. On debugging, we found that many dependencies were updated at that time (e.g. util.promisify, promise.prototype.finally, object.getownpropertydescriptors, etc.). And all of these started using safe-array-concat package. On further deep-driving, we observed that loading of this package safe-array-concat is impacting performance of Array concat function by around 20x in our whole application, and since concat() operation is used at lot of places in our code, it caused significant increase on our server's CPU utilisation.

Root Cause

On analysing safe-array-concat source code, we found culprit line of code:
https://github.com/ljharb/safe-array-concat/blob/f929a1b65eb3525d93296ecc12f709b18089081c/index.js#L16C1-L17C1

empty[isConcatSpreadable] = true;

Actually, this code is also not the root cause, here Symbol.isConcatSpreadable is used as per requirement. Actual root cause is the V8 Engine (which is powering NodeJs). As per it's current implementation, if we set Symbol.IsConcatSpreadable to any array or object (even such single usage will trigger it), it will make all subsequent usages of Array.concat() slower in whole application.

Reference: https://github.com/v8/v8/blob/bf4b542a1b31bbe8106e394b1dbeff02571dff4b/src/builtins/builtins-array.cc#L1542

Additional Context

In our case in all projects, the only such usage of symbol (where we are setting it to any value/array) is in this package code. As soon as we require safe-array-concat in our app, above mentioned line is executed & all subsequent concat() operations' performance is impacted.

Steps to Reproduce Issue

Code:

const loadPackage = process.env.loadPackage==="true" || false;
const count = process.env.count || 100;

if (loadPackage) {
    require('safe-array-concat');
}

const runScript = () => {
    console.log(`Running test`);

    // creating sample array of 50k size with dummy data
    const sampleArray = [];
    const arraySize = 1000*50;
    for (let i = 0; i<arraySize; i++) sampleArray.push(i);

    // Actual test:
    console.time("concatOperation");
    for (let i =0; i<count; i++) {
        sampleArray.concat(sampleArray); // <--- Testing impact on this operation's performance
    }
    console.timeEnd("concatOperation");
}

runScript();

Execution results:
loadPackage=true count=200 node safe-test.js :: 2.5 sec
loadPackage=false count=200 node safe-test.js :: 113 ms
loadPackage=true count=500 node safe-test.js :: 6.3 sec
loadPackage=false count=500 node safe-test.js :: 275 ms

Hello,

I would like to propose adding a .npmignore file to the project. This would allow publishing to npm to ignore files that are not essential for deployment to production environments, such as:

test/
.github/
.eslintrc
.nycrc

These files are generally only used during development and are not needed in the final distribution of the library. Implementing this change would help reduce the library package size, thus optimizing efficiency for end users.

I include a screenshot below to illustrate the location of the files mentioned in the current repository:

Thank you for your attention and I am available to discuss this suggestion further.