Skip to content

chore: drop unused deps, unpin proxy from beta, tidy package metadata#27

Merged
jhamon merged 1 commit into
mainfrom
chore/remove-unused-deps
Jul 9, 2026
Merged

chore: drop unused deps, unpin proxy from beta, tidy package metadata#27
jhamon merged 1 commit into
mainfrom
chore/remove-unused-deps

Conversation

@jhamon

@jhamon jhamon commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Why

Maintenance hygiene on package.json — no runtime behavior change.

What changed

  • Removed two unused dependencies. cross-fetch and console-table-printer are declared in dependencies but referenced nowhere in server/, app/, or tests/ (leftover scaffold cruft). Removing them also prunes their transitive deps (node-fetch, encoding, whatwg-url, tr46, webidl-conversions, simple-wcswidth) from the lockfile.
  • Unpinned http-proxy-middleware from a beta. The specifier was ^3.0.0-beta.1, which advertised a dependency on a pre-release even though it resolved to stable 3.0.7. Changed to ^3.0.7; the resolved version is unchanged, so there's no lockfile churn there.
  • Tidied metadata. Filled in the empty description and replaced the leftover starter/template scaffold keywords with ones that actually describe this project.

Testing

  • npm run lint — passes (one pre-existing, unrelated warning in main.tsx)
  • npm run typecheck — passes
  • npm run build:app — passes
  • npm test — all 50 tests pass, including the live Pinecone e2e (createIndex/upsert/query/deleteOne against a real throwaway index)
  • npm audit --omit=dev — 0 vulnerabilities

Note: npm audit (incl. dev) surfaces one low-severity, Windows-only esbuild advisory via Vite. It is pre-existing (not in this diff's lockfile changes) and dev-only; left out of scope here.

🤖 Generated with Claude Code

- Remove `cross-fetch` and `console-table-printer` from dependencies: neither
  is referenced anywhere in server/, app/, or tests/. Removing them also drops
  their transitive deps (node-fetch, encoding, whatwg-url, etc.) from the tree.
- Change `http-proxy-middleware` from `^3.0.0-beta.1` to `^3.0.7` so the
  example no longer advertises a dependency on a pre-release (the specifier
  already resolved to stable 3.0.7; no resolved version change).
- Fill in the empty `description` and swap the leftover `starter`/`template`
  scaffold keywords for ones that describe the project.

Lint, typecheck, build, and the full test suite (including the live Pinecone
e2e) all pass. `npm audit --omit=dev` reports 0 vulnerabilities.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@jhamon jhamon merged commit d206922 into main Jul 9, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant