Huge no. of files for Angular 2 (opens in new tab)

(stackoverflow.com)

110 pointsishener9y ago103 comments

103 comments

Interesting fact that I recently came across:

bower and many other npm packages, has some dependencies that eventually depends on a package called "wordwrap".

And this "wordwrap" package somehow has its test folder exposed in npm.

The result:

Every single person using bower would have one or more copies of In Praise of Idleness by Bertrand Russell on your local machine, depending on how many of your projects has a npm dependency of this package:

https://github.com/substack/node-wordwrap/blob/master/test/i...

Don't believe me? Try searching for "In Praise of Idleness" in Spotlight.

Edit: Someone had already sent a PR about this on GitHub: https://github.com/substack/node-wordwrap/pull/14

pjc509y ago

It's a good job they didn't pick the Anarchists' Cookbook.

aaronharnly9y ago

Very nice! The file can also be found by searching for "Saran finds some mischief", which fees like an apt phrase.

tim3339y ago

Satan, I think you'll find.

zuck99y ago

I used to `touch node_modules/.metadata_never_index` to prevent Spotlight from wasting disk cycles by indexing that stupid folder. After searching "In Praise of Idleness", it doesn't seem to prevent it. :/

Anyone knows how to prevent all node_modules folders from getting indexed by Spotlight?

neurostimulant9y ago

I ended up excluding the whole projects folder to prevent spotlight from indexing any source code. I never use spotlight to search any of my code anyway.

sotojuan9y ago

Just ignore your whole dev/code folder from Spotlight. It's not a good way to get to it anyway.

1 more reply

heydenberk9y ago

I have 16 copies on my work computer.

pandler9y ago

I have 94 copies.

2 more replies

sotojuan9y ago

I wouldn't be hopeful about that PR. Substack is awesome but he's really bad at replying to notifications because of the tons of modules he has.

percept9y ago

Wasteful yet subversive

jabberlope9y ago

I don't know about you but I think the world can spare an extra 29kb.

manimalcruelty9y ago

0 copies. too lazy to work.

justinsaccount9y ago

This person is counting the node_modules directory. While JS is a bit insane and this directory will have a ridiculous number of files, they are concerned:

"because my deployment (google app engine) allows only 10K files"

meaning, they don't realize that node_modules is for development and not related to the application they would actually deploy.

sotojuan9y ago

Hope this comment stays at the top before all the "wow JS sucks!!!" people arrive :-) Though to be fair a "modern" JS dev environment does use a ton of stuff!

IIRC Angular 2 production builds are actually pretty efficient.

Svenskunganka9y ago

IIRC the Angular2 production builds are the largest among all the frameworks. If you add the router it sits just shy of a meg - and that's just the dependencies. Not sure if they've started working on bringing the size down yet, but there are 1KB alternatives[1] for those who cares about their users.

[1] - http://monkberry.js.org/

1 more reply

emodendroket9y ago

I'm not sure the right conclusion here is "oh, well then that is reasonable."

merb9y ago

> Though to be fair a "modern" JS dev environment does use a ton of stuff!

Though to be fair a "modern" JS dev environment does use a ton of unnecessary stuff!

I fixed your comment.

1 more reply

DHMO9y ago

> and not related to the application they would actually deploy.

this.

Granted, it's the same with everything- if you expanded every compressed file and counted every class, most languages and frameworks would just be incredibly nuts, because all of them aren't needed.

But, something could be done about that; you could better differentiate what is there for convenience, and what needs to be there and make the developer more aware of what they are using. It can make development more difficult if done poorly, but good examples of minimalist development are out there, e.g. Sinatra and similar frameworks that said X is too much- just use this.

agconti9y ago

Evaluating a framework by the number of files its dependencies are broken into is a a pretty poor measure of quality.

huuu9y ago

Why? If framework X does roughly the same as framework Y which is 50% in size then you can estimate that the code of Y is more effective.

fuzzy29y ago

Instead of "50% in size" I'll assume "50% fewer dependencies", because I think that's the point here.

I believe that creating a module without relying on other modules will likely lead to reinventing the wheel. Well, lots of wheels.

However, that might still be fine. But what about that one corner case you missed? It might already be solved in a third-party module that focuses on one thing only.

It's really not that bad to try and use specialized modules as much as you can. You can benefit from other people's cleverness and focus on more relevant work.

Yes, there will probably be a lot of on-disk overhead. But is that really relevant today?

1 more reply

sambe9y ago

Number of files is not the same as size, especially with the way node modules tend to be structured.

royka1189y ago

I did a bit of investigation into angular2 dependancies. It has alot more than angular1 and react

http://royka.github.io/2016/05/03/front-end-deps.html

k__9y ago

It seems to me, that angular2 has a second system problem.

royka1189y ago

I think its generally a problem with npm tbh. So many hidden deps

keeganjw9y ago

I started working with Laravel not long ago and found my project folder had 24,000+ files in it. And those don't compile down before you deploy... it makes me feel like I'm working on the tip of an unstable iceberg. Who the hell knows what's going on down there. No one person could possibly hope to know what it all actually does.

ishenerOP9y ago

32,000 files for a hello world... jeez, i'm going back to java.....

j_jochem9y ago

Not a lot better:

  $ unzip -l /usr/java/jdk1.8.0_77/jre/lib/rt.jar | wc -l
  20138

It's just less of a burden on the host filesystem because those files are usually loaded straight from the jar (i.e. zip file).

j_jochem9y ago

Also note that this is only the standard library. If you add an enterprise framework you're probably pushing 50k.

ivan_gammel9y ago

JRE is a platform, so if you counting platform files, why not also counting NodeJS or browser sources too?

I'd rather look at comparable thing like JEE server + Spring + some server-side renderer like Thymeleaf.

1 more reply

smrtinsert9y ago

Yes, let's compare the industrial strength tested jdk with the average npm lib developer.

stupidcar9y ago

No, 32k source files for the whole Angular 2 SDK. The deployable hello world app would be one JS file.

Try exploding every Jar in the JDK and counting how many class files and resources there are.

moderndeveloper9y ago

babel 6 with jsx transformer used to install a comparable number of files due to module duplication. At one point it was a 100M install with some modules being duplicated 45 times. Much of this was the fault of npm 2. But with latest babel and npm 3 it's now a 35M install with 5700 files over 814 directories. I guess that's considered lean by modern standards.

moderndeveloper9y ago

I've switch from babel 6 to buble recently. buble runs three times faster and its install size is 4.6M with 212 files over 39 directories. The install of buble is literally just "npm install buble" and it runs out of the box without configuration. Competition is a good thing.

maaaats9y ago

Just because of the way npm2 ordered the dependencies, the runtime of babel got incredibly slow [1]. Npm3 fixed that drastically, but I wonder how much is still wasted just because of navigating the file tree to the dependencies.

[1]: https://github.com/babel/babelify/issues/206

STRML9y ago

The opposite is true - directory traversals themselves are effectively free, this is not going to be something that slows down your app - but loading the JS & creating the IR will be much slower. The 4 second startup time with npm2 & babel6 is almost certainly due to the duplicated dependencies, which means literally hundreds of megs of JS have to be parsed & warmed up. With npm3, the same files are (correctly) reused which significantly speeds up start time.

currywurst9y ago

Is there a "distribution" bundle convention for npm ? Analogous to static linking, it would be one .js file that would bind all dependencies into a bundle (e.g. gulp.dist.js) . In that case you would end up with a much smaller number of dependency files to manage.

Klathmon9y ago

There is for your final output (meaning the stuff you would upload to the server and serve to the user). but not for the development.

IMO it's a pretty big anti-pattern to do that. It just hides the problem of managing dependencies (see, it's not 10,000 files, it's just one!), but doesn't fix any of the issues associated with it.

Keeping each dependency small, and having tons of them means that deduplication can work better, tree shaking works better, and it lets you do things like swapping out one package for another with the same API.

currywurst9y ago

In this case, most of the files pulled down are the development dependencies which are not going to be exposed to the production code.

I would be perfectly fine if npm pulled down "distribution" versions for tools like gulp, typescript et al

1 more reply

jbverschoor9y ago

Why isn't npm managing packages like ruby gems?

SHARED_DIR/npm_modules/NAME/VERSION

Klathmon9y ago

Because package-lookup and the package manager are 2 completely separate systems in javascript.

When you `require` or `import` a file in node.js, it looks for a node_modules and looks for that name in there. If it can't find it there, it starts walking up the directory tree until it finds something it can use (to a point).

This is hardcoded and will be extremely difficult to change without a crazy amount of breaking.

The package manager is free to install however, but it needs to put things where the package-lookup can find them.

sah2ed9y ago

But it is still possible to have the best of both worlds.

Essentially, all they need to do is:

1. leave the current behavior for backwards compatibility; then

2. provide a flag like npm -G that exposes the correct behavior as suggested in the grand parent of using the same path like SHARED_DIR/node_modules/NAME/VERSION for package imports and package management.

With time, newer npm versions will default to the correct behavior. For folks that need backwards compatibility, this would require explicitly setting a npm --compat flag or similar.

1 more reply

smrtinsert9y ago

Everyone knows it shouldn't be. Even a naive attempt by the average developer to write a package management system would take versions into account.

1 more reply

inaccessible9y ago

Reminds me of this talk that I just watched: https://www.youtube.com/watch?v=k56wra39lwA

fernandopj9y ago

At first glance, I thought the title was "Huge NO: on files for Angular 2" - a vulnerability report on filesystem capabilities of Angular 2 and why it should be abandoned

douche9y ago

Has npm finally figured out how to de-dupe dependencies? In one project, I have something like 47 copies of the same version of the same library, distributed at all levels of the node_modules hierarchy.

I try not to think about that JS tooling too hard, lest I start pulling my hair out and devolve into a screaming crazy person.

rplnt9y ago

This sucks so hard. It's also quite easy to hit path length limits for certain operations (on windows) when you have this mess there.

dgorges9y ago

Totally. We just ran into this issue. Running npm install inside a linux vm resulted in an endless loop, because the nfs mapping created path names that exceeded the length limit.

2 more replies

SquareWheel9y ago

This used to be the case. In npm3 and beyond it installs dependencies in a flat way, which seems to have solved the Windows file length limit problem.

Touche9y ago

It's actually not possible due to the way Node looks up dependencies. You could have a situation like:

  node_modules/
    a/
      node_modules/
        c/ (1.0.0)
    b/
      node_modules/
        c/ (1.0.0)
    c/ (2.0.0)

Both a and b depend on c version 1.0.0, but since there's a version 2.0.0 in the root node_modules folder c can't be placed there, and has to be duplicated in a and b's own node_modules folder, otherwise Node couldn't find it for each of them.

ksherlock9y ago

It's entirely possible with symbolic links. https://github.com/rstacruz/pnpm

rplnt9y ago

You could use links, version in names, ... You'd just have problem to take out one submodule I guess, but I doubt that's a use case anywhere.

RossM9y ago

I've built a fairly hacky solution to this before (for a different package manager) - it can be pretty simple:

    node_modules/
        versions/
            a@1.0.0
                node_modules/
                    c -> ../../c@1.0.0
            b@1.0.0
                node_modules/
                    c -> ../../c@1.0.0
            c@1.0.0/
            c@2.0.0/
        a -> versions/a@1.0.0
        b -> versions/b@1.0.0
        c -> versions/c@2.0.0

1 more reply

DCoder9y ago

npm v3 tries to dedupe packages during installation to reduce this problem. However, it still does not install packages in a deterministic way...

[0]: https://docs.npmjs.com/how-npm-works/npm3-dupe

[1]: https://docs.npmjs.com/how-npm-works/npm3-nondet

k__9y ago

https://github.com/alexanderGugel/ied

aidos9y ago

I was just about to write a comment to ask why it can't be done like this (using CAS / symlinks). So I guess it can. Are there any disadvantages to using ied over npm?

3 more replies

ivan_gammel9y ago

To me it looks like a silly architectural mistake made by NPM/Node developers, considering that there's already pretty good dependency management solution on the market that does the things right.

Maven repositories have following structure, that allows to avoid duplication and take versions into account: /<vendor namespace>/<library>/<version>/<library artifact.ext>

Vendor namespace itself is hierarchical and usually related to domain name, e.g. "com/mycompany/myapp".

No idea, why this approach is not yet used in JS world (except the webjars), but it's high time to fix it this way.

guigar9y ago

Yes, that's already solved with npm 3.

andrewclunn9y ago

Okay, but when you run the build process, how big is the resulting distributable?

talmand9y ago

My results of the hello world tutorial in Angular2 was 53 requests, 4933.49KB, and loaded in 1.74s on local dev, according to browser dev tools. All for one html file that had one h1 element.

Plus, it started out broken. I had to search elsewhere to find the solution to the error the tutorial produced.

aredherring9y ago

That's not a production build.

Minify it, run dead code elimination. Exactly as you would with any other language with a compiler.

Also, worth noting that the tutorial being broken isn't symptomatic of JS, that's a problem with Angular (which has a history of sucking, and IMO Angular 2 just takes all of the problems with Angular 1 and adds more baggage to it).

Be aware as well that Angular 2 is a full-fledged Web Framework. Even after all of this compression and such, it is not going to be as lightweight as you'd expect simply due to the nature of what you've installed.

If you want something really lightweight, go with Rivets or React.

2 more replies

j / k navigate · click thread line to collapse

103 comments

paradite9y ago

Interesting fact that I recently came across:

bower and many other npm packages, has some dependencies that eventually depends on a package called "wordwrap".

And this "wordwrap" package somehow has its test folder exposed in npm.

The result:

https://github.com/substack/node-wordwrap/blob/master/test/i...

Don't believe me? Try searching for "In Praise of Idleness" in Spotlight.

Edit: Someone had already sent a PR about this on GitHub: https://github.com/substack/node-wordwrap/pull/14

pjc509y ago

It's a good job they didn't pick the Anarchists' Cookbook.

aaronharnly9y ago

Very nice! The file can also be found by searching for "Saran finds some mischief", which fees like an apt phrase.

tim3339y ago

Satan, I think you'll find.

zuck99y ago

Anyone knows how to prevent all node_modules folders from getting indexed by Spotlight?

neurostimulant9y ago

I ended up excluding the whole projects folder to prevent spotlight from indexing any source code. I never use spotlight to search any of my code anyway.

sotojuan9y ago

Just ignore your whole dev/code folder from Spotlight. It's not a good way to get to it anyway.

1 more reply

heydenberk9y ago

I have 16 copies on my work computer.

pandler9y ago

I have 94 copies.

2 more replies

sotojuan9y ago

I wouldn't be hopeful about that PR. Substack is awesome but he's really bad at replying to notifications because of the tons of modules he has.

percept9y ago

Wasteful yet subversive

jabberlope9y ago

I don't know about you but I think the world can spare an extra 29kb.

manimalcruelty9y ago

0 copies. too lazy to work.

justinsaccount9y ago

This person is counting the node_modules directory. While JS is a bit insane and this directory will have a ridiculous number of files, they are concerned:

"because my deployment (google app engine) allows only 10K files"

meaning, they don't realize that node_modules is for development and not related to the application they would actually deploy.

sotojuan9y ago

Hope this comment stays at the top before all the "wow JS sucks!!!" people arrive :-) Though to be fair a "modern" JS dev environment does use a ton of stuff!

IIRC Angular 2 production builds are actually pretty efficient.

Svenskunganka9y ago

[1] - http://monkberry.js.org/

1 more reply

emodendroket9y ago

I'm not sure the right conclusion here is "oh, well then that is reasonable."

merb9y ago

> Though to be fair a "modern" JS dev environment does use a ton of stuff!

Though to be fair a "modern" JS dev environment does use a ton of unnecessary stuff!

I fixed your comment.

1 more reply

DHMO9y ago

> and not related to the application they would actually deploy.

this.

Granted, it's the same with everything- if you expanded every compressed file and counted every class, most languages and frameworks would just be incredibly nuts, because all of them aren't needed.

agconti9y ago

Evaluating a framework by the number of files its dependencies are broken into is a a pretty poor measure of quality.

huuu9y ago

Why? If framework X does roughly the same as framework Y which is 50% in size then you can estimate that the code of Y is more effective.

fuzzy29y ago

Instead of "50% in size" I'll assume "50% fewer dependencies", because I think that's the point here.

I believe that creating a module without relying on other modules will likely lead to reinventing the wheel. Well, lots of wheels.

However, that might still be fine. But what about that one corner case you missed? It might already be solved in a third-party module that focuses on one thing only.

It's really not that bad to try and use specialized modules as much as you can. You can benefit from other people's cleverness and focus on more relevant work.

Yes, there will probably be a lot of on-disk overhead. But is that really relevant today?

1 more reply

sambe9y ago

Number of files is not the same as size, especially with the way node modules tend to be structured.

royka1189y ago

I did a bit of investigation into angular2 dependancies. It has alot more than angular1 and react

http://royka.github.io/2016/05/03/front-end-deps.html

k__9y ago

It seems to me, that angular2 has a second system problem.

royka1189y ago

I think its generally a problem with npm tbh. So many hidden deps

keeganjw9y ago

ishenerOP9y ago

32,000 files for a hello world... jeez, i'm going back to java.....

j_jochem9y ago

Not a lot better:

  $ unzip -l /usr/java/jdk1.8.0_77/jre/lib/rt.jar | wc -l
  20138

It's just less of a burden on the host filesystem because those files are usually loaded straight from the jar (i.e. zip file).

j_jochem9y ago

Also note that this is only the standard library. If you add an enterprise framework you're probably pushing 50k.

ivan_gammel9y ago

JRE is a platform, so if you counting platform files, why not also counting NodeJS or browser sources too?

I'd rather look at comparable thing like JEE server + Spring + some server-side renderer like Thymeleaf.

1 more reply

smrtinsert9y ago

Yes, let's compare the industrial strength tested jdk with the average npm lib developer.

stupidcar9y ago

No, 32k source files for the whole Angular 2 SDK. The deployable hello world app would be one JS file.

Try exploding every Jar in the JDK and counting how many class files and resources there are.

moderndeveloper9y ago

maaaats9y ago

[1]: https://github.com/babel/babelify/issues/206

STRML9y ago

currywurst9y ago

Klathmon9y ago

There is for your final output (meaning the stuff you would upload to the server and serve to the user). but not for the development.

IMO it's a pretty big anti-pattern to do that. It just hides the problem of managing dependencies (see, it's not 10,000 files, it's just one!), but doesn't fix any of the issues associated with it.

currywurst9y ago

In this case, most of the files pulled down are the development dependencies which are not going to be exposed to the production code.

I would be perfectly fine if npm pulled down "distribution" versions for tools like gulp, typescript et al

1 more reply

jbverschoor9y ago

Why isn't npm managing packages like ruby gems?

SHARED_DIR/npm_modules/NAME/VERSION

Klathmon9y ago

Because package-lookup and the package manager are 2 completely separate systems in javascript.

This is hardcoded and will be extremely difficult to change without a crazy amount of breaking.

The package manager is free to install however, but it needs to put things where the package-lookup can find them.

sah2ed9y ago

But it is still possible to have the best of both worlds.

Essentially, all they need to do is:

1. leave the current behavior for backwards compatibility; then

With time, newer npm versions will default to the correct behavior. For folks that need backwards compatibility, this would require explicitly setting a npm --compat flag or similar.

1 more reply

smrtinsert9y ago

Everyone knows it shouldn't be. Even a naive attempt by the average developer to write a package management system would take versions into account.

1 more reply

inaccessible9y ago

Reminds me of this talk that I just watched: https://www.youtube.com/watch?v=k56wra39lwA

fernandopj9y ago

At first glance, I thought the title was "Huge NO: on files for Angular 2" - a vulnerability report on filesystem capabilities of Angular 2 and why it should be abandoned

douche9y ago

I try not to think about that JS tooling too hard, lest I start pulling my hair out and devolve into a screaming crazy person.

rplnt9y ago

This sucks so hard. It's also quite easy to hit path length limits for certain operations (on windows) when you have this mess there.

dgorges9y ago

Totally. We just ran into this issue. Running npm install inside a linux vm resulted in an endless loop, because the nfs mapping created path names that exceeded the length limit.

2 more replies

SquareWheel9y ago

This used to be the case. In npm3 and beyond it installs dependencies in a flat way, which seems to have solved the Windows file length limit problem.

Touche9y ago

It's actually not possible due to the way Node looks up dependencies. You could have a situation like:

  node_modules/
    a/
      node_modules/
        c/ (1.0.0)
    b/
      node_modules/
        c/ (1.0.0)
    c/ (2.0.0)

ksherlock9y ago

It's entirely possible with symbolic links. https://github.com/rstacruz/pnpm

rplnt9y ago

You could use links, version in names, ... You'd just have problem to take out one submodule I guess, but I doubt that's a use case anywhere.

RossM9y ago

I've built a fairly hacky solution to this before (for a different package manager) - it can be pretty simple:

    node_modules/
        versions/
            a@1.0.0
                node_modules/
                    c -> ../../c@1.0.0
            b@1.0.0
                node_modules/
                    c -> ../../c@1.0.0
            c@1.0.0/
            c@2.0.0/
        a -> versions/a@1.0.0
        b -> versions/b@1.0.0
        c -> versions/c@2.0.0

1 more reply

DCoder9y ago

npm v3 tries to dedupe packages during installation to reduce this problem. However, it still does not install packages in a deterministic way...

[0]: https://docs.npmjs.com/how-npm-works/npm3-dupe

[1]: https://docs.npmjs.com/how-npm-works/npm3-nondet

k__9y ago

https://github.com/alexanderGugel/ied

aidos9y ago

I was just about to write a comment to ask why it can't be done like this (using CAS / symlinks). So I guess it can. Are there any disadvantages to using ied over npm?

3 more replies

ivan_gammel9y ago

To me it looks like a silly architectural mistake made by NPM/Node developers, considering that there's already pretty good dependency management solution on the market that does the things right.

Maven repositories have following structure, that allows to avoid duplication and take versions into account: /<vendor namespace>/<library>/<version>/<library artifact.ext>

Vendor namespace itself is hierarchical and usually related to domain name, e.g. "com/mycompany/myapp".

No idea, why this approach is not yet used in JS world (except the webjars), but it's high time to fix it this way.

guigar9y ago

Yes, that's already solved with npm 3.

andrewclunn9y ago

Okay, but when you run the build process, how big is the resulting distributable?

talmand9y ago

My results of the hello world tutorial in Angular2 was 53 requests, 4933.49KB, and loaded in 1.74s on local dev, according to browser dev tools. All for one html file that had one h1 element.

Plus, it started out broken. I had to search elsewhere to find the solution to the error the tutorial produced.

aredherring9y ago

That's not a production build.

Minify it, run dead code elimination. Exactly as you would with any other language with a compiler.

If you want something really lightweight, go with Rivets or React.

2 more replies

j / k navigate · click thread line to collapse