workiva / dependency_validator Goto Github PK
View Code? Open in Web Editor NEWA tool to help you find missing, under-promoted, over-promoted, and unused dependencies.
License: Other
A tool to help you find missing, under-promoted, over-promoted, and unused dependencies.
License: Other
Release a null-safe version of this package.
From @michaelcarter-wf:
[1:11 PM] Michael Carter: I can't seem to get dependency_audit to ignore some packages:
$ pub run dependency_validator --ignore coverage,dart_style,dartdoc,over_react_format,semver_audit,designated_driver Validating dependencies for workflow_client These packages are used outside lib/ but are not dev_dependencies: * designated_driver * shelf * shelf_proxy * w_router * w_webdriver_utils
Note that designated_driver
is supposed to be ignored but still shows up in the warnings.
Hey there,
I use this quite often when I am testing out a bunch of different packages and seeing what I like best as sometimes I will remove something from code but forget to remove it from the pubspec. There are a decent number of them, though, that need to stay in there for various reasons, but end up showing up on the list and it can be a pain to try and add them as an ignore each time.
Is it possible that, perhaps, something like this could be used?
Example:
cross_local_storage: ^1.1.1
draggable_scrollbar: ^0.0.4
event: ^1.1.4
event_bus: ^1.1.1 #skip
eventsubscriber: ^1.2.0
file_picker: ^1.11.0+2 #skip
flutter_markdown: ^0.4.1
get_it: ^4.0.2
Then the ones that have #skip (or whatever would be best to use) do not get included in the output after a check? If not that, then what might also work is perhaps something like:
// dep_ignore.json
{
event_bus: ^1.1.1
eventsubscriber: ^1.2.0
file_picker: ^1.11.0+2
}
> dependency_validator --skip-file=dep_ignore.json
Really, anything would help, as I am making a desktop app and I have a fairly large number of them that would end up on the list. So being able to do at least something with the ones I know I will always skip would be quite nice.
Thanks,
-MH
dev_dependencies:
flutter_native_splash: ^1.2.3
This show error:
The following packages contain executables, they are assumed to be used:
* flutter_native_splash
What does it mean and how to fix it?
Running dependency_validator --help
should print usage info for this command.
Right now, it errors:
Unhandled exception:
FormatException: Could not find an option named "help".
#0 Parser.validate (package:args/src/parser.dart:256:21)
#1 Parser.parseLongOption (package:args/src/parser.dart:245:7)
#2 Parser.parse (package:args/src/parser.dart:86:11)
#3 ArgParser.parse (package:args/src/arg_parser.dart:133:45)
#4 main (file:///Users/greg.littlefield/.publink/dependency_validator/bin/dependency_validator.dart:32:32)
#5 _startIsolate.<anonymous closure> (dart:isolate-patch/isolate_patch.dart:263)
#6 _RawReceivePortImpl._handleMessage (dart:isolate-patch/isolate_patch.dart:151)
It would like to be able to use this plugin as part of CI/CD.
mainly -
if it detects an unused package, it should fail the build.
Right now I see that it only prints to the cli.
So if you could add a flag like --fail-on-unused-package
or something,
and this flag would cause the execution to terminate with an error code -
that would be enough for us to use this in CI/CD -
simply run flutter pub run dependency_validator --fail-on-unused-package
, and if it fails - the build fails.
WDYT?
I updated to version 2.0.0 and I'm running into an error where the path to the build config is unable to be found. I get the following error message:
Unhandled exception:
FileSystemException: No file found, path = 'D:\D:/tools/flutter/.pub-cache/hosted/pub.dartlang.org/cupertino_icons-1.0.0/pubspec.yaml'
#0 _fromPackageDir (package:build_config/src/build_config.dart:198:3)
#1 BuildConfig.fromPackageDir (package:build_config/src/build_config.dart:32:27)
#2 dependencyDefinesAutoAppliedBuilder (package:dependency_validator/dependency_validator.dart:316:24)
#3 run (package:dependency_validator/dependency_validator.dart:263:15)
#4 main (file:///D:/tools/flutter/.pub-cache/hosted/pub.dartlang.org/dependency_validator-2.0.0/bin/dependency_validator.dart:79:9)
#5 _startIsolate. (dart:isolate-patch/isolate_patch.dart:299:32)
#6 _RawReceivePortImpl._handleMessage (dart:isolate-patch/isolate_patch.dart:168:12)
At first glance it looks like an additional drive label is being appended, however, I printed out the pubspec
variable inside of _fromPackageDir and that returned /D:/tools/flutter/.pub-cache/hosted/pub.dartlang.org/cupertino_icons-1.0.0/pubspec.yaml
. So perhaps it's just windows paths being formatted incorrectly.
I tested this out on my mac and everything works fine.
Flutter Doctor
[✓] Flutter (Channel stable, 1.22.4, on Microsoft Windows [Version 10.0.19041.630], locale en-US)
[✓] Android toolchain - develop for Android devices (Android SDK version 30.0.2)
[✓] Android Studio (version 3.6)
[✓] VS Code (version 1.51.1)
I found this dependency on https://pub.dev/packages/dependency_validator
It says it is Flutter compatible (the dark blue box with Flutter in white)
I added:
dev_dependencies:
dependency_validator: ^1.4.2
to the pubspec.yaml
of Flutter project.
I opened Terminal and CD to the project.
I then enter:
$ pub run dependency_validator
The Flutter SDK is not available. // <- output
On the off chance I though I would try:
flutter pub run dependency_validator
Failed to precompile build_runner:graph_inspector:
../../.pub-cache/hosted/pub.dartlang.org/build_resolvers-1.2.1/lib/src/resolver.dart:263:31: Error: Too many positional arguments: 2 allowed, but 3 found.
Try removing the extra positional arguments.
var sdk = FolderBasedDartSdk(resourceProvider, dartSdkFolder, true) // <- output, but this carries on for a while
Thanks!
From the README:
Some packages are not imported by any dart files but are used for their executables.
Based on this sentence I'm assuming that only import
statements are found programatically. There is another way that a dependency can sneak in that you might want to consider, or at least warn in the readme so it can be treated the same way as executables.
If a class is returned from an API that isn't defined in the package, you can silently be depending on a method signature defined in some other package that you might not import.
import 'package:b/b.dart' as b;
// no import to package:c
void main() {
b.someBMethod().someCMethod();
// If someBMethod returned a class from C I have an implicit dependency on C
}
Here package:b
could plausibly move to a new version of package:c
without a breaking change version bump.
With type inference this 'type leaking' can happen in sneaker ways:
import 'package:b/b.dart' as b;
// no import to package:c
void main() {
// Assume someBMethod has the signature: int someBMethod(C c)
var x = someBMethod;
x = (value) => value.someCMethod();
// due to type inference I got autocomplete and would now break if someCMethod is renamed.
}
For example:
/mypackage
...some code...
/example
...some code...
pubspec.yaml
pubspec.yaml
then when considering mypackage, should not consider files in example
subpackage
git:(master) ✗ >pub global activate dependency_validator
Resolving dependencies... (9.4s)
For example, its content:
include: package:mypackage/my_analysis_options.yaml
Then mypackage
is used indeed.
The flag --no-fatal-dev-missing
is available but undocumented in the README.
When a package isn't imported, dependency_validator will print the following message if it has bin scripts.
The following packages contain executables, they are assumed to be used:
However, a dependency that isn't referenced in lib should always be a dev_dependency. As a result, I propose that if a package is listed under dependencies
and is unused, but has scripts, then dependency_validator should fail and suggest moving the package into dev_dependencies
At the moment dependency validator thinks that this is real import:
void main() {
final content = '''import 'package:test/test.dart';'''
...
}
Depency Validator should enforce that depencies used as transformers are in dependencies
.
Readme stats to use the command
pub run dependency_validator
but it didn't work for me
https://github.com/Workiva/dependency_validator#usage
Found that
dart run dependency_validator
is working
Is it possible to get output as JSON ?
add option in config for ignore warning if exist pinned dependencies
example:
build_runner: 2.1.7
Hi thanks for the package! It seems that many can be automatically fixed. Maybe directly edit pubspec yaml, or use command like dart pub add
.
Currently, we detect dependency usages with regex matching. This is fast, but can produce false positives (#21). It's also separate tool that needs to be run manually and added to CI.
To address these, we should consider implementing the current logic as a plugin to the Dart analysis server. Users would get results as a part of their existing static analysis (including via IDEs for more immediate and continuous feedback).
For some reason, we want to ignore "These packages are used outside lib/ but are not dev_dependencies" case.
Is it possible add a config that ignore this check and return zero for pass checking ?
Some projects have nested packages in example/
or something similar which can lead to inaccurate results when running dependency_validator. We should allow users to exclude directories to address this issue.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.