Buffer loaded as dependency rather than devDependency

Prismic Team:
I noticed when I analysed the production built that the package buffer is loaded.

When I checked the dependencies, slice-ui-machine was reported as being dependent on it. slice-ui-machine is however only added under devDependencies. Why is buffer loaded in production builts?

yarn why v1.22.10
[1/4] Why do we have the module "buffer"...?
[2/4] Initialising dependency graph...
[3/4] Finding dependency...
[4/4] Calculating file sizes...
=> Found "buffer@5.7.1"
info Has been hoisted to "buffer"
info Reasons this module exists
   - Hoisted from "slice-machine-ui#puppeteer#unbzip2-stream#buffer"
   - Hoisted from "slice-machine-ui#puppeteer#tar-fs#tar-stream#bl#buffer"
info Disk size without dependencies: "96KB"
info Disk size with unique dependencies: "140KB"
info Disk size with transitive dependencies: "140KB"
info Number of shared dependencies: 2
=> Found "bl#buffer@6.0.3"
info This module exists because "slice-machine-ui#ora#bl" depends on it.
info Disk size without dependencies: "104KB"
info Disk size with unique dependencies: "148KB"
info Disk size with transitive dependencies: "148KB"
info Number of shared dependencies: 2
Done in 0.54s.

Hi Peter,

It's a dependency coming from Ora (a tool we used to display stuff in the terminal). At some point in older versions, we had Ora installed with Slice Machine UI, but we removed it a long time ago.

Could you tell me which version of Slice Machine you are using?

Thanks.

Hi @Phil,

I'm currently using slice-machine-ui v0.3.8. I know it's not the latest version, but the recent "minor" upgrades caused quite often breaks which I currently don't have resources for to handle.

Regards,
Peter

Can you tell me more about the breaks you're seeing?

Hi @Phil, I raised the issues around upgrades already in other posts. This post should be just about the "buffer" package.

OK, in that case the only option here is to upgrade.

A post was split to a new topic: Slice Machine underscore naming _ creates conflicts with GraphQL compatibility

@Phil,

I upgrade slice-machine-ui to 0.4.2. Buffer is still loaded. I guess the fix you mentioned either didn't happen at all or it was unrelated to the buffer package.

With why buffer, I still get the same output

Regard

My apoogies, It seems I was working off incorrect information as Ora is still on the latest version of slice-machine-ui:

But buffer is also coming from puppeteer:

- Hoisted from "slice-machine-ui#puppeteer#unbzip2-stream#buffer" 
- Hoisted from "slice-machine-ui#puppeteer#tar-fs#tar-stream#bl#buffer"

and even Next.js it seems:

npm ls buffer
slice-machine-ui@0.4.3-alpha.20
├─┬ msw@0.39.2
│ └─┬ inquirer@8.2.4
│   └─┬ ora@5.4.1
│     └─┬ bl@4.1.0
│       └── buffer@5.6.0 deduped
├─┬ next@11.1.4
│ ├── buffer@5.6.0
│ └─┬ node-libs-browser@2.2.1
│   └── buffer@4.9.2
├─┬ ora@6.0.1
│ └─┬ bl@5.0.0
│   └── buffer@6.0.3
└─┬ puppeteer@16.0.0
  ├─┬ tar-fs@2.1.1
  │ └─┬ tar-stream@2.2.0
  │   └─┬ bl@4.1.0
  │     └── buffer@5.6.0 deduped
  └─┬ unbzip2-stream@1.4.3
    └── buffer@5.6.0 deduped

I'm checking with the team to see what we can do about these conflicting versions so that it doesn't trigger Yarn's dependency hoisting warnings.

Hi @Phil ,

just to clarify. It my project I'm not using anything of NextJS that requires the dependency on buffer. Yes, puppeteer also requires buffer and is only needed by slice-machine-ui. So, in short, in my case, puppeteer is only needed due to slice-machine-ui.

As for the warning. I DO NOT get any warnings. My issue is that slice-machine-ui is a devDependency and is therefore not any bundles in prod. Buffer however is included in the bundles in production and I don't see any reason why it should be. It's increasing the bundle of my app unnecessarily.

Thanks,
Peter