# Dependency Audit Report **Last Updated**: 2025-01-27 **Purpose**: Analysis of dependencies across all projects --- ## Overview This document provides an analysis of dependencies across all projects in the workspace, identifying common dependencies, version inconsistencies, and opportunities for consolidation. --- ## Analysis Methodology 1. Scan all `package.json` files in the workspace 2. Extract production and development dependencies 3. Count usage frequency 4. Identify version inconsistencies 5. Recommend consolidation opportunities **Note**: Run `scripts/deps-analyze.sh` to generate an updated analysis report. --- ## Common Dependencies ### Most Frequently Used (Production) Based on initial analysis, these dependencies appear frequently: #### TypeScript/JavaScript Core - **typescript**: Used across TypeScript projects - **zod**: Schema validation (used in 10+ projects) - **dotenv**: Environment configuration (used in 15+ projects) - **date-fns**: Date handling (used in 5+ projects) #### Framework & Runtime - **react**: Frontend projects - **nextjs**: Next.js applications - **express**: Backend services - **fastify**: Backend services #### Blockchain/Solidity - **ethers** / **viem**: Ethereum libraries - **@openzeppelin/contracts**: Smart contract libraries - **foundry**: Solidity development (dev dependency) #### Database - **@prisma/client**: Database ORM - **postgresql**: Database client #### Utilities - **winston**: Logging - **jsonwebtoken**: Authentication - **bcryptjs**: Password hashing - **uuid**: UUID generation ### Most Frequently Used (Development) #### Build & Tooling - **typescript**: TypeScript compiler - **eslint**: Linting - **prettier**: Code formatting - **@typescript-eslint/***: TypeScript ESLint plugins #### Testing - **vitest**: Testing framework (newer projects) - **jest**: Testing framework (older projects) - **@testing-library/react**: React testing utilities #### Build Tools - **vite**: Build tool - **tsx**: TypeScript execution - **tsc**: TypeScript compiler --- ## Version Consolidation Opportunities ### TypeScript - **Current Versions**: Multiple versions (5.3.3, 5.5.4, etc.) - **Recommendation**: Standardize on latest stable (5.5.4+) - **Impact**: High - affects all TypeScript projects ### Zod - **Current Versions**: Multiple versions (3.22.4, 3.23.8, etc.) - **Recommendation**: Standardize on latest (3.23.8+) - **Impact**: Medium - shared validation library ### ESLint - **Current Versions**: Multiple versions (8.56.0, 8.57.0, 9.17.0) - **Recommendation**: Migrate to ESLint 9.x across all projects - **Impact**: High - affects code quality tooling ### Prettier - **Current Versions**: Multiple versions (3.1.1, 3.2.0, 3.3.3) - **Recommendation**: Standardize on latest (3.3.3+) - **Impact**: Medium - code formatting --- ## Shared Package Candidates ### High Priority (Used in 5+ Projects) 1. **@workspace/shared-types** - Common TypeScript types - Used in: dbis_core, the_order, Sankofa, etc. 2. **@workspace/shared-utils** - Common utilities (date formatting, validation, etc.) - Used in: Multiple projects 3. **@workspace/shared-config** - Shared configuration schemas - Used in: All projects with configuration 4. **@workspace/shared-constants** - Shared constants and enums - Used in: DBIS projects, DeFi projects ### Medium Priority (Used in 3-4 Projects) 1. **@workspace/api-client** - Common API client utilities - Used in: Frontend projects, API consumers 2. **@workspace/validation** - Zod schemas and validators - Used in: Multiple backend services --- ## Dependency Security ### Security Scanning - Run `pnpm audit` or `npm audit` in each project - Use Dependabot for automated updates - Review and update vulnerable dependencies regularly ### High-Risk Dependencies - Review dependencies with known vulnerabilities - Prioritize updates for security-critical packages - Document security update process --- ## Recommendations ### Immediate Actions 1. **Hoist Common DevDependencies** - typescript - eslint - prettier - @typescript-eslint/* - vitest/jest 2. **Create Shared Packages** - Start with @workspace/shared-types - Create @workspace/shared-utils - Extract common validation schemas 3. **Version Consolidation** - Standardize TypeScript version - Standardize Zod version - Standardize ESLint/Prettier versions ### Long-Term Actions 1. **Dependency Audit Process** - Quarterly dependency reviews - Automated security scanning - Version update workflow 2. **Shared Package Strategy** - Extract shared code gradually - Document shared package APIs - Version shared packages independently --- ## Tools for Analysis ### Automated Tools - **npm-check-updates**: Check for outdated packages - **depcheck**: Find unused dependencies - **npm-audit**: Security vulnerability scanning - **pnpm-why**: Understand why dependencies are installed ### Manual Review - Review package.json files regularly - Track dependency updates - Document breaking changes --- **Next Steps**: Run `scripts/deps-analyze.sh` to generate detailed analysis report.