https://github.com/xdev-software/vaadin-package-json-optimizer
A package.json optimizer for Vaadin
https://github.com/xdev-software/vaadin-package-json-optimizer
npm package-json supply-chain vaadin
Last synced: about 1 month ago
JSON representation
A package.json optimizer for Vaadin
- Host: GitHub
- URL: https://github.com/xdev-software/vaadin-package-json-optimizer
- Owner: xdev-software
- License: apache-2.0
- Created: 2025-09-10T14:24:41.000Z (7 months ago)
- Default Branch: develop
- Last Pushed: 2026-01-02T04:30:18.000Z (3 months ago)
- Last Synced: 2026-01-05T22:29:39.903Z (3 months ago)
- Topics: npm, package-json, supply-chain, vaadin
- Language: Java
- Homepage:
- Size: 852 KB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 11
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Security: SECURITY.md
Awesome Lists containing this project
README
[](https://mvnrepository.com/artifact/software.xdev/vaadin-package-json-optimizer)
[](https://github.com/xdev-software/vaadin-package-json-optimizer/actions/workflows/check-build.yml?query=branch%3Adevelop)
# `package.json` optimizer for Vaadin
> [!WARNING]
> Deprecated!
> As of Vaadin 25 this module is no longer supported.
> Please use pnpm and [`pnpm-workspace.yaml`](https://github.com/xdev-software/vaadin-addon-template/blob/master/template-placeholder-demo/pnpm-workspace.yaml) instead
Patches `package.json` and replaces unused packages with an empty package.
This also prevents the installation of the corresponding transitive dependencies and lowers the overall attack surface.
As of Vaadin 24.8 this results in the following:
* at least 280 fewer packages (-55%): ~500 → ~210
* 80MB fewer required storage space (-40%): ~210MB → ~130MB
* overall faster build/`npm install` by processing/downloading less packages
Please note that this is currently intended as a stopgap measure until Vaadin implements [improvements upstream](https://github.com/vaadin/flow/issues/22207).
Currently these npm package groups are overwritten with an empty package
* `glob`'s and `rollup-plugin-visualizer`'s CLI packages
* Vaadin never uses their CLI and only library methods
* Incorrectly declared dependencies of `transform-ast`
* All Vaadin Pro components and their corresponding packages
* Unused dependencies of `workbox`
Full details are available in the [source code](./vaadin-package-json-optimizer/src/main/java/software/xdev/vaadin/vpjo/VPJOptimizer.java).
## Usage
`package.json` needs to be modified BEFORE the Vaadin installs all dependencies using `npm install`.
This needs to happen in 2 places:
1. When building the frontend with the build-frontend goal
```xml
org.codehaus.mojo
exec-maven-plugin
...
patch-package-json-overrides
compile
java
software.xdev.vaadin.vpjo.Launcher
${project.basedir}
${project.build.directory}
false
true
software.xdev
vaadin-package-json-optimizer
software.xdev
vaadin-package-json-optimizer
...
...
```
2. When running in dev mode
```xml
dev
true
software.xdev
vaadin-package-json-optimizer
...
...
```
For more information have a look at the [demo's `pom.xml`](./vaadin-package-json-optimizer-demo/pom.xml).
## Installation
[Installation guide for the latest release](https://github.com/xdev-software/vaadin-package-json-optimizer/releases/latest#Installation)
## Support
If you need support as soon as possible and you can't wait for any pull request, feel free to use [our support](https://xdev.software/en/services/support).
## Contributing
See the [contributing guide](./CONTRIBUTING.md) for detailed instructions on how to get started with our project.
## Dependencies and Licenses
View the [license of the current project](LICENSE) or the [summary including all dependencies](https://xdev-software.github.io/vaadin-package-json-optimizer/dependencies)