Huge dependency size and tree #283
Description
This simple library to talk to an API is somehow 113 dependencies long, 10 MiB in size with 5395 files.
└─┬ webflow-api@3.2.0
├─┬ crypto-browserify@3.12.1
│ ├─┬ browserify-cipher@1.0.1
│ │ ├─┬ browserify-aes@1.2.0
│ │ │ ├── buffer-xor@1.0.3
│ │ │ ├── cipher-base@1.0.6 deduped
│ │ │ ├── create-hash@1.2.0 deduped
│ │ │ ├── evp_bytestokey@1.0.3 deduped
│ │ │ ├── inherits@2.0.4 deduped
│ │ │ └── safe-buffer@5.2.1 deduped
│ │ ├─┬ browserify-des@1.0.2
│ │ │ ├── cipher-base@1.0.6 deduped
│ │ │ ├─┬ des.js@1.1.0
│ │ │ │ ├── inherits@2.0.4 deduped
│ │ │ │ └── minimalistic-assert@1.0.1 deduped
│ │ │ ├── inherits@2.0.4 deduped
│ │ │ └── safe-buffer@5.2.1 deduped
│ │ └─┬ evp_bytestokey@1.0.3
│ │ ├── md5.js@1.3.5 deduped
│ │ └── safe-buffer@5.2.1 deduped
│ ├─┬ browserify-sign@4.2.3
│ │ ├── bn.js@5.2.2
│ │ ├─┬ browserify-rsa@4.1.1
│ │ │ ├── bn.js@5.2.2 deduped
│ │ │ ├── randombytes@2.1.0 deduped
│ │ │ └── safe-buffer@5.2.1 deduped
│ │ ├── create-hash@1.2.0 deduped
│ │ ├── create-hmac@1.1.7 deduped
│ │ ├─┬ elliptic@6.6.1
│ │ │ ├── bn.js@4.12.2
│ │ │ ├── brorand@1.1.0
│ │ │ ├─┬ hash.js@1.1.7
│ │ │ │ ├── inherits@2.0.4 deduped
│ │ │ │ └── minimalistic-assert@1.0.1 deduped
│ │ │ ├─┬ hmac-drbg@1.0.1
│ │ │ │ ├── hash.js@1.1.7 deduped
│ │ │ │ ├── minimalistic-assert@1.0.1 deduped
│ │ │ │ └── minimalistic-crypto-utils@1.0.1 deduped
│ │ │ ├── inherits@2.0.4 deduped
│ │ │ ├── minimalistic-assert@1.0.1
│ │ │ └── minimalistic-crypto-utils@1.0.1
│ │ ├── hash-base@3.0.5 deduped
│ │ ├── inherits@2.0.4 deduped
│ │ ├─┬ parse-asn1@5.1.7
│ │ │ ├─┬ asn1.js@4.10.1
│ │ │ │ ├── bn.js@4.12.2
│ │ │ │ ├── inherits@2.0.4 deduped
│ │ │ │ └── minimalistic-assert@1.0.1 deduped
│ │ │ ├── browserify-aes@1.2.0 deduped
│ │ │ ├── evp_bytestokey@1.0.3 deduped
│ │ │ ├── hash-base@3.0.5 deduped
│ │ │ ├── pbkdf2@3.1.3 deduped
│ │ │ └── safe-buffer@5.2.1 deduped
│ │ ├─┬ readable-stream@2.3.8
│ │ │ ├── core-util-is@1.0.3
│ │ │ ├── inherits@2.0.4 deduped
│ │ │ ├── isarray@1.0.0
│ │ │ ├── process-nextick-args@2.0.1
│ │ │ ├── safe-buffer@5.1.2
│ │ │ ├─┬ string_decoder@1.1.1
│ │ │ │ └── safe-buffer@5.1.2
│ │ │ └── util-deprecate@1.0.2
│ │ └── safe-buffer@5.2.1
│ ├─┬ create-ecdh@4.0.4
│ │ ├── bn.js@4.12.2
│ │ └── elliptic@6.6.1 deduped
│ ├─┬ create-hash@1.2.0
│ │ ├─┬ cipher-base@1.0.6
│ │ │ ├── inherits@2.0.4 deduped
│ │ │ └── safe-buffer@5.2.1 deduped
│ │ ├── inherits@2.0.4 deduped
│ │ ├─┬ md5.js@1.3.5
│ │ │ ├── hash-base@3.0.5 deduped
│ │ │ ├── inherits@2.0.4 deduped
│ │ │ └── safe-buffer@5.2.1 deduped
│ │ ├─┬ ripemd160@2.0.2
│ │ │ ├── hash-base@3.0.5 deduped
│ │ │ └── inherits@2.0.4 deduped
│ │ └─┬ sha.js@2.4.12
│ │ ├── inherits@2.0.4 deduped
│ │ ├── safe-buffer@5.2.1 deduped
│ │ └── to-buffer@1.2.1 deduped
│ ├─┬ create-hmac@1.1.7
│ │ ├── cipher-base@1.0.6 deduped
│ │ ├── create-hash@1.2.0 deduped
│ │ ├── inherits@2.0.4 deduped
│ │ ├── ripemd160@2.0.2 deduped
│ │ ├── safe-buffer@5.2.1 deduped
│ │ └── sha.js@2.4.12 deduped
│ ├─┬ diffie-hellman@5.0.3
│ │ ├── bn.js@4.12.2
│ │ ├─┬ miller-rabin@4.0.1
│ │ │ ├── bn.js@4.12.2
│ │ │ └── brorand@1.1.0 deduped
│ │ └── randombytes@2.1.0 deduped
│ ├─┬ hash-base@3.0.5
│ │ ├── inherits@2.0.4 deduped
│ │ └── safe-buffer@5.2.1 deduped
│ ├── inherits@2.0.4
│ ├─┬ pbkdf2@3.1.3
│ │ ├─┬ create-hash@1.1.3
│ │ │ ├── cipher-base@1.0.6 deduped
│ │ │ ├── inherits@2.0.4 deduped
│ │ │ ├── ripemd160@2.0.1 deduped
│ │ │ └── sha.js@2.4.12 deduped
│ │ ├── create-hmac@1.1.7 deduped
│ │ ├─┬ ripemd160@2.0.1
│ │ │ ├─┬ hash-base@2.0.2
│ │ │ │ └── inherits@2.0.4 deduped
│ │ │ └── inherits@2.0.4 deduped
│ │ ├── safe-buffer@5.2.1 deduped
│ │ ├── sha.js@2.4.12 deduped
│ │ └─┬ to-buffer@1.2.1
│ │ ├── isarray@2.0.5
│ │ ├── safe-buffer@5.2.1 deduped
│ │ └─┬ typed-array-buffer@1.0.3
│ │ ├── call-bound@1.0.4 deduped
│ │ ├── es-errors@1.3.0 deduped
│ │ └─┬ is-typed-array@1.1.15
│ │ └─┬ which-typed-array@1.1.19
│ │ ├─┬ available-typed-arrays@1.0.7
│ │ │ └── possible-typed-array-names@1.1.0
│ │ ├─┬ call-bind@1.0.8
│ │ │ ├── call-bind-apply-helpers@1.0.2 deduped
│ │ │ ├── es-define-property@1.0.1 deduped
│ │ │ ├── get-intrinsic@1.3.0 deduped
│ │ │ └─┬ set-function-length@1.2.2
│ │ │ ├─┬ define-data-property@1.1.4
│ │ │ │ ├── es-define-property@1.0.1 deduped
│ │ │ │ ├── es-errors@1.3.0 deduped
│ │ │ │ └── gopd@1.2.0 deduped
│ │ │ ├── es-errors@1.3.0 deduped
│ │ │ ├── function-bind@1.1.2 deduped
│ │ │ ├── get-intrinsic@1.3.0 deduped
│ │ │ ├── gopd@1.2.0 deduped
│ │ │ └─┬ has-property-descriptors@1.0.2
│ │ │ └── es-define-property@1.0.1 deduped
│ │ ├── call-bound@1.0.4 deduped
│ │ ├─┬ for-each@0.3.5
│ │ │ └── is-callable@1.2.7
│ │ ├── get-proto@1.0.1 deduped
│ │ ├── gopd@1.2.0 deduped
│ │ └── has-tostringtag@1.0.2 deduped
│ ├─┬ public-encrypt@4.0.3
│ │ ├── bn.js@4.12.2
│ │ ├── browserify-rsa@4.1.1 deduped
│ │ ├── create-hash@1.2.0 deduped
│ │ ├── parse-asn1@5.1.7 deduped
│ │ ├── randombytes@2.1.0 deduped
│ │ └── safe-buffer@5.2.1 deduped
│ ├─┬ randombytes@2.1.0
│ │ └── safe-buffer@5.2.1 deduped
│ └─┬ randomfill@1.0.4
│ ├── randombytes@2.1.0 deduped
│ └── safe-buffer@5.2.1 deduped
├─┬ form-data@4.0.4
│ ├── asynckit@0.4.0
│ ├─┬ combined-stream@1.0.8
│ │ └── delayed-stream@1.0.0
│ ├─┬ es-set-tostringtag@2.1.0
│ │ ├── es-errors@1.3.0
│ │ ├─┬ get-intrinsic@1.3.0
│ │ │ ├─┬ call-bind-apply-helpers@1.0.2
│ │ │ │ ├── es-errors@1.3.0 deduped
│ │ │ │ └── function-bind@1.1.2 deduped
│ │ │ ├── es-define-property@1.0.1
│ │ │ ├── es-errors@1.3.0 deduped
│ │ │ ├─┬ es-object-atoms@1.1.1
│ │ │ │ └── es-errors@1.3.0 deduped
│ │ │ ├── function-bind@1.1.2 deduped
│ │ │ ├─┬ get-proto@1.0.1
│ │ │ │ ├─┬ dunder-proto@1.0.1
│ │ │ │ │ ├── call-bind-apply-helpers@1.0.2 deduped
│ │ │ │ │ ├── es-errors@1.3.0 deduped
│ │ │ │ │ └── gopd@1.2.0 deduped
│ │ │ │ └── es-object-atoms@1.1.1 deduped
│ │ │ ├── gopd@1.2.0
│ │ │ ├── has-symbols@1.1.0
│ │ │ ├── hasown@2.0.2 deduped
│ │ │ └── math-intrinsics@1.1.0
│ │ ├─┬ has-tostringtag@1.0.2
│ │ │ └── has-symbols@1.1.0 deduped
│ │ └── hasown@2.0.2 deduped
│ ├─┬ hasown@2.0.2
│ │ └── function-bind@1.1.2
│ └─┬ mime-types@2.1.35
│ └── mime-db@1.52.0
├── formdata-node@6.0.3
├── js-base64@3.7.7
├─┬ node-fetch@2.7.0
│ ├── UNMET OPTIONAL DEPENDENCY encoding@^0.1.0
│ └─┬ whatwg-url@5.0.0
│ ├── tr46@0.0.3
│ └── webidl-conversions@3.0.1
├─┬ qs@6.14.0
│ └─┬ side-channel@1.1.0
│ ├── es-errors@1.3.0 deduped
│ ├── object-inspect@1.13.4
│ ├─┬ side-channel-list@1.0.0
│ │ ├── es-errors@1.3.0 deduped
│ │ └── object-inspect@1.13.4 deduped
│ ├─┬ side-channel-map@1.0.1
│ │ ├─┬ call-bound@1.0.4
│ │ │ ├── call-bind-apply-helpers@1.0.2 deduped
│ │ │ └── get-intrinsic@1.3.0 deduped
│ │ ├── es-errors@1.3.0 deduped
│ │ ├── get-intrinsic@1.3.0 deduped
│ │ └── object-inspect@1.13.4 deduped
│ └─┬ side-channel-weakmap@1.0.2
│ ├── call-bound@1.0.4 deduped
│ ├── es-errors@1.3.0 deduped
│ ├── get-intrinsic@1.3.0 deduped
│ ├── object-inspect@1.13.4 deduped
│ └── side-channel-map@1.0.1 deduped
├─┬ readable-stream@4.7.0
│ ├─┬ abort-controller@3.0.0
│ │ └── event-target-shim@5.0.1
│ ├─┬ buffer@6.0.3
│ │ ├── base64-js@1.5.1
│ │ └── ieee754@1.2.1
│ ├── events@3.3.0
│ ├── process@0.11.10
│ └─┬ string_decoder@1.3.0
│ └── safe-buffer@5.2.1 deduped
└── url-join@4.0.1
I've made attempts at this for some open source projects, and what usually happens is some accept PR that replace dependencies for lighter ones, others will often frown or fight every change depending on their internal culture.
So my question is, is there a way to clean this up? And is this repo friendly towards such attempts or not?