Summary
Main project dependencies include docs/build libraries (mkdocs, bibtex plugins, etc.), so the default installed environment is significantly heavier than what a minimal API or library consumer needs at runtime.
Category
Severity
low
Evidence
pyproject.toml (dependency groups)
Impact if Ignored
Docker images and deployment environments carry unnecessary weight. Install times increase and the attack surface grows slightly from unused packages.
Suggested Action
Split dependencies into optional groups (e.g., [dev], [docs], [api]). The minimal runtime for the library and API should not require documentation build tools.
Summary
Main project dependencies include docs/build libraries (
mkdocs, bibtex plugins, etc.), so the default installed environment is significantly heavier than what a minimal API or library consumer needs at runtime.Category
Severity
low
Evidence
pyproject.toml(dependency groups)Impact if Ignored
Docker images and deployment environments carry unnecessary weight. Install times increase and the attack surface grows slightly from unused packages.
Suggested Action
Split dependencies into optional groups (e.g.,
[dev],[docs],[api]). The minimal runtime for the library and API should not require documentation build tools.