Node-jsonwebtoken: Unnecessary dependencies

Created on 18 Apr 2017  路  4Comments  路  Source: auth0/node-jsonwebtoken

Hi,

I've been using this lib with great success on AWS lambda.
My main issue is the generated package size which is quite important for a lambda function (faster code uploads + faster js parsing = less money spent)

With a webpack builder and a default config, a simple lambda that only jwt.verify some token comes at a whopping 741.64 Kb

  • 113.93 Kb of Joi
  • 62.78 Kb of isemail (dependency of joi ?)
  • 455.55 Kb of moment (definitely a dependency of Joi)
  • other small stuff

As I don't care about moment locales, I removed them with new webpack.IgnorePlugin(/^\.\/locale$/, /moment$/).

The final jsonwebtoken package size is 412.01 Kb

  • 113.93 Kb of Joi
  • 62.78 Kb of isemail (dependency of joi ?)
  • 221.42Kb of moment (definitely a dependency of joi)
  • other small stuff

I do not know much about this project but it doesn't seem to need the full power of joi and moment. Joi is only used in sign.js and you could gain a lot by just getting rid of joi altogether.

That being said, it's just a suggestion because anyone could exclude unwanted dependencies with webpack, but it's a nice default to have.

Most helpful comment

I have had the same experience with Lambda so 馃憤 .

Sounds like we should get ride of Joi, use something smaller or maybe just manual validation.

All 4 comments

I have had the same experience with Lambda so 馃憤 .

Sounds like we should get ride of Joi, use something smaller or maybe just manual validation.

you guys should check the repo made for exactly this purpose in: https://github.com/hapijs/joi/issues/528

@jfromaniello I've raised a PR (#348) which adds the manual validation. Again for me it's lambda performance which is driving this.

Solved in release 8.0.0

Was this page helpful?
0 / 5 - 0 ratings