Get rid of un-used dependencies

[CMCDragonkai]

A few dependencies we should be cleaning prior to merge:

• conf
• configstore

These ones are all about configuration? I'm pretty sure we are now using DB for most things, and just plain old JSON for others.

• crypto-random-string

I'm pretty sure we replaced that with node-forge? And even then that might be replaced with native node in the future. Since mobile version of polykey will require a significant porting plan anyway for the native code.

• express
• express-openapi-validator
• express-session
• oauth2orize
• passport
• passport-http
• passport-http-bearer
• passport-oauth2-client-password

HTTP API doesn't yet exist, and we don't want to use express for an HTTP/OAuth API anyway. We would likely build that custom or use fastly.

• js-yaml

What we are using YAML for??

• jsonwebtoken

Isn't this replaced by jose?

• pako

What are we using this for?

• zxcvbn

We would want this later for password suggestion, but we haven't even built out our schema system... only then can we even use this.

And of course all the associated types for those libraries above.

Thoughts? @DrFacepalm @scottmmorris @joshuakarp

Tasks

1. - Review above dependencies
2. - Remove them
3. - Update the repo

[joshuakarp]

• jsonwebtoken

This can be removed - only used in src-old, and we're using jose for JWTs instead.

[scottmmorris]

pako is being used in gitUtils to compress some of the git information so it should stay

[CMCDragonkai]

I thought isogit would handle any compression.

…

On 27 July 2021 10:40:36 am AEST, scottmmorris ***@***.***> wrote: `pako` is being used in `gitUtils` to compress some of the git information so it should stay -- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: #219 (comment)

-- Sent from my Android device with K-9 Mail. Please excuse my brevity.

[scottmmorris]

But because we are writing our own custom handler for isomorphic git we should then include it. I just tried to run it without compression and it threw an error because the SHA check failed.

[CMCDragonkai]

Changing this to @DrFacepalm as @joshuakarp has got a lot of issues in the current sprint.

[CMCDragonkai]

I'm addressing this issue in https://gitlab.com/MatrixAI/Engineering/Polykey/js-polykey/-/merge_requests/206

In that MR I'll be removing all that is mentioned here.

The dependencies relating to the API may be used again in #166 which requires a proper design review.

[CMCDragonkai]

@scottmmorris is uuid library needed? I see it being used for const vaultId = uuid();, but any randomly generated id should be sufficient.

See how we generate permission id:

async function generatePermId(): Promise<PermissionId> {
  const id = await keysUtils.getRandomBytes(32);
  return base58.encode(id) as PermissionId;
}

[CMCDragonkai]

That also ensures that our random generators are the same and wherever else we need random ids.

[scottmmorris]

We discussed using uuid library here https://gitlab.com/MatrixAI/Engineering/Polykey/js-polykey/-/merge_requests/205#note_625776187