d-bis/docs
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4bb0b6ffa44be6bba0b80640ad9ecd8f2182e85f
docs/DEPENDENCY_CONSOLIDATION_PLAN.md

311 lines
7.6 KiB
Markdown
Raw Normal View History

Initial commit: add .gitignore and README
2026-02-09 21:51:46 -08:00
# Dependency Consolidation Plan
**Date**: 2025-01-27
**Based On**: Dependency Analysis Report (`reports/dependency-analysis.md`)
**Status**: Implementation Plan
---
## Executive Summary
This plan consolidates dependencies across 111+ package.json files, identifying opportunities to reduce duplication, standardize versions, and extract shared packages.
**Key Findings**:
- **86 projects** use TypeScript
- **22 projects** use ethers (blockchain)
- **20 projects** use dotenv
- **18 projects** use axios
- **17 projects** use zod and react
- **40 projects** use ESLint
---
## Phase 1: Immediate Actions (Week 1-2)
### 1.1 Hoist Common DevDependencies to Workspace Root
**Target Dependencies**:
- `typescript` (86 projects) → Workspace root
- `@types/node` (75 projects) → Workspace root
- `eslint` (40 projects) → Workspace root
- `prettier` (18 projects) → Workspace root
- `@typescript-eslint/parser` (15 projects) → Workspace root
- `@typescript-eslint/eslint-plugin` (15 projects) → Workspace root
**Action**:
```json
// package.json (root)
{
"devDependencies": {
"typescript": "^5.5.4",
"@types/node": "^20.11.0",
"eslint": "^9.17.0",
"prettier": "^3.3.3",
"@typescript-eslint/parser": "^7.18.0",
"@typescript-eslint/eslint-plugin": "^7.18.0"
}
}
```
**Benefits**:
- Single source of truth for tooling versions
- Reduced disk space (shared node_modules)
- Faster installs
- Consistent tooling across projects
### 1.2 Version Standardization
**Priority Dependencies**:
| Dependency | Current Versions | Target Version | Projects Affected |
|------------|------------------|----------------|-------------------|
| typescript | Multiple (5.3.3, 5.5.4, etc.) | 5.5.4 | 86 |
| zod | Multiple (3.22.4, 3.23.8, etc.) | 3.23.8 | 17 |
| eslint | Multiple (8.56.0, 8.57.0, 9.17.0) | 9.17.0 | 40 |
| prettier | Multiple (3.1.1, 3.2.0, 3.3.3) | 3.3.3 | 18 |
| react | Multiple versions | Latest stable | 17 |
| react-dom | Multiple versions | Latest stable | 16 |
**Action Plan**:
1. Create version mapping document
2. Update package.json files in batches
3. Test after each batch
4. Document breaking changes
---
## Phase 2: Shared Package Extraction (Weeks 3-8)
### 2.1 High-Priority Shared Packages
#### @workspace/shared-types
**Usage**: Used across dbis_core, the_order, Sankofa, and others
**Contents**:
- Common TypeScript types
- API response types
- Database model types
- Configuration types
**Dependencies to Extract**:
- Type definitions only (no runtime deps)
#### @workspace/shared-utils
**Usage**: Used in 20+ projects
**Contents**:
- Date formatting utilities
- Validation helpers
- String manipulation
- Common algorithms
**Dependencies to Extract**:
- `date-fns` (5+ projects)
- `uuid` (8 projects)
- Common utility functions
#### @workspace/shared-config
**Usage**: All projects with configuration
**Contents**:
- Environment variable schemas
- Configuration validation
- Default configurations
**Dependencies to Extract**:
- `dotenv` (20 projects)
- `zod` (17 projects) - for config validation
#### @workspace/shared-constants
**Usage**: DBIS projects, DeFi projects
**Contents**:
- Shared constants
- Enums
- Error codes
- Status values
**Dependencies to Extract**:
- Constants only (no deps)
### 2.2 Medium-Priority Shared Packages
#### @workspace/api-client
**Usage**: Frontend projects, API consumers
**Contents**:
- HTTP client utilities
- Request/response interceptors
- Error handling
- Retry logic
**Dependencies to Extract**:
- `axios` (18 projects)
- Common API patterns
#### @workspace/validation
**Usage**: Multiple backend services
**Contents**:
- Zod schemas
- Validators
- Validation utilities
**Dependencies to Extract**:
- `zod` (17 projects)
- Validation schemas
#### @workspace/blockchain
**Usage**: Blockchain projects
**Contents**:
- Ethereum utilities
- Contract interaction helpers
- Transaction utilities
**Dependencies to Extract**:
- `ethers` (22 projects)
- Common blockchain patterns
---
## Phase 3: Dependency Registry Setup (Weeks 5-6)
### 3.1 Private npm Registry
**Options**:
1. **Verdaccio** (Recommended - Self-hosted, lightweight)
2. **npm Enterprise** (Commercial)
3. **GitHub Packages** (Integrated with GitHub)
**Recommendation**: Verdaccio for self-hosted, GitHub Packages for cloud
**Setup Steps**:
1. Deploy Verdaccio instance
2. Configure authentication
3. Set up publishing workflow
4. Configure projects to use registry
### 3.2 Version Pinning Strategy
**Strategy**: Semantic versioning with workspace protocol
```json
{
"dependencies": {
"@workspace/shared-types": "workspace:*",
"@workspace/shared-utils": "workspace:^1.0.0"
}
}
```
**Benefits**:
- Always use latest workspace version during development
- Pin versions for releases
- Easy updates across projects
---
## Phase 4: Automated Dependency Management (Weeks 7-8)
### 4.1 Dependabot Configuration
**Setup**:
- Enable Dependabot for all projects
- Configure update frequency
- Set up security alerts
- Configure auto-merge for patch updates
### 4.2 Dependency Update Workflow
**Process**:
1. Weekly dependency scans
2. Automated PR creation
3. Automated testing
4. Manual review for major updates
5. Automated merge for patch/minor (after tests pass)
---
## Implementation Checklist
### Phase 1: Immediate (Week 1-2)
- [ ] Hoist TypeScript to workspace root
- [ ] Hoist ESLint to workspace root
- [ ] Hoist Prettier to workspace root
- [ ] Standardize TypeScript version (5.5.4)
- [ ] Standardize ESLint version (9.17.0)
- [ ] Standardize Prettier version (3.3.3)
- [ ] Update 10 projects as pilot
- [ ] Test and verify
### Phase 2: Shared Packages (Weeks 3-8)
- [ ] Create workspace-shared/ directory
- [ ] Set up pnpm workspaces
- [ ] Create @workspace/shared-types package
- [ ] Create @workspace/shared-utils package
- [ ] Create @workspace/shared-config package
- [ ] Create @workspace/shared-constants package
- [ ] Extract common code to packages
- [ ] Update projects to use shared packages
- [ ] Test integration
### Phase 3: Registry (Weeks 5-6)
- [ ] Deploy Verdaccio or configure GitHub Packages
- [ ] Set up authentication
- [ ] Configure publishing workflow
- [ ] Publish first shared packages
- [ ] Update projects to use registry
### Phase 4: Automation (Weeks 7-8)
- [ ] Configure Dependabot
- [ ] Set up dependency update workflow
- [ ] Configure automated testing
- [ ] Set up security scanning
- [ ] Document update process
---
## Expected Benefits
### Immediate (Phase 1)
- **30% reduction** in duplicate dev dependencies
- **Faster installs** (shared node_modules)
- **Consistent tooling** across projects
### Short-Term (Phase 2)
- **50% reduction** in duplicate production dependencies
- **Easier maintenance** (update once, use everywhere)
- **Better code reuse**
### Long-Term (Phase 3-4)
- **Automated updates** reduce maintenance burden
- **Security** through automated scanning
- **Consistency** across all projects
---
## Risk Mitigation
### Breaking Changes
- **Mitigation**: Gradual migration, comprehensive testing
- **Rollback**: Keep old dependencies until migration complete
### Version Conflicts
- **Mitigation**: Use workspace protocol, pin versions for releases
- **Testing**: Test all projects after updates
### Registry Availability
- **Mitigation**: Use GitHub Packages as backup
- **Monitoring**: Monitor registry health
---
## Success Metrics
- [ ] 30% reduction in duplicate dependencies (Phase 1)
- [ ] 50% reduction in duplicate dependencies (Phase 2)
- [ ] 10+ shared packages created (Phase 2)
- [ ] 80% of projects using shared packages (Phase 2)
- [ ] Automated dependency updates working (Phase 4)
- [ ] Zero security vulnerabilities in dependencies (Phase 4)
---
**Last Updated**: 2025-01-27
**Next Review**: After Phase 1 completion
Reference in New Issue Copy Permalink