Instrumenter: Remove unused core-js dependency #20831

IanVS · 2023-01-30T12:46:45Z

Issue: #

We are adding core-js to user's node_modules, and it's a large dependency (~14MB).

What I did

Instrumenter was adding it as a dependency, but it's not actually used anywhere in the code, and it should be up to the user to decide if they want to add polyfills.

How to test

CI should continue to run successfully. There is one more change needed in order to avoid adding it during installation: storybookjs/lazy-universal-dotenv#2

Checklist

Make sure your changes are tested (stories and/or unit, integration, or end-to-end tests)
Make sure to add/update documentation regarding your changes
If you are deprecating/removing a feature, make sure to update
MIGRATION.MD

Maintainers

If this PR should be tested against many or all sandboxes,
make sure to add the ci:merged or ci:daily GH label to it.
Make sure this PR contains one of the labels below.

["cleanup", "BREAKING CHANGE", "feature request", "bug", "documentation", "maintenance", "dependencies", "other"]

socket-security · 2023-01-30T13:07:05Z

Socket Security Pull Request Report

Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package	Script field	Source
@swc/[email protected] (upgraded)	`postinstall`	`code/package.json` via @nrwl/[email protected], @nrwl/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @swc/[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], `code/addons/storyshots-core/package.json` via [email protected], [email protected], [email protected], [email protected], `code/addons/storyshots-puppeteer/package.json` via @storybook/[email protected], [email protected], `code/frameworks/angular/package.json` via [email protected], [email protected], [email protected], `code/frameworks/react-webpack5/package.json` via [email protected], `code/lib/codemod/package.json` via [email protected], [email protected], `code/lib/core-server/package.json` via [email protected], `code/lib/docs-tools/package.json` via [email protected], `code/lib/postinstall/package.json` via [email protected], [email protected], `code/lib/source-loader/package.json` via [email protected], `code/presets/server-webpack/package.json` via [email protected], `code/renderers/react/package.json` via [email protected], `code/renderers/vue3/package.json` via @vue/[email protected], `scripts/package.json` via @nrwl/[email protected], @nrwl/[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
[email protected] (added)	`postinstall`	`scripts/package.json` via [email protected]
[email protected] (added)	`postinstall`	`code/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/addons/controls/package.json` via @storybook/[email protected], @storybook/[email protected], `code/addons/docs/package.json` via @storybook/[email protected], `code/addons/essentials/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/addons/interactions/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/addons/storyshots-core/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/addons/storyshots-puppeteer/package.json` via @storybook/[email protected], `code/frameworks/angular/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/frameworks/ember/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/frameworks/html-vite/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/frameworks/html-webpack5/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/frameworks/nextjs/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/frameworks/preact-vite/package.json` via @storybook/[email protected], `code/frameworks/preact-webpack5/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/frameworks/react-vite/package.json` via @storybook/[email protected], @storybook/[email protected], `code/frameworks/react-webpack5/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/frameworks/server-webpack5/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/frameworks/svelte-vite/package.json` via @storybook/[email protected], @storybook/[email protected], `code/frameworks/svelte-webpack5/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/frameworks/sveltekit/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/frameworks/vue-vite/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/frameworks/vue-webpack5/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/frameworks/vue3-vite/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/frameworks/vue3-webpack5/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/frameworks/web-components-vite/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/frameworks/web-components-webpack5/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/lib/builder-manager/package.json` via @storybook/[email protected], `code/lib/builder-vite/package.json` via @storybook/[email protected], `code/lib/builder-webpack5/package.json` via @storybook/[email protected], @storybook/[email protected], `code/lib/cli/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/lib/cli-sb/package.json` via @storybook/[email protected], `code/lib/cli-storybook/package.json` via @storybook/[email protected], `code/lib/core-common/package.json` via [email protected], `code/lib/core-server/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/lib/core-webpack/package.json` via @storybook/[email protected], `code/lib/docs-tools/package.json` via @storybook/[email protected], `code/lib/preview-api/package.json` via @storybook/[email protected], `code/lib/telemetry/package.json` via @storybook/[email protected], `code/presets/html-webpack/package.json` via @storybook/[email protected], `code/presets/preact-webpack/package.json` via @storybook/[email protected], `code/presets/react-webpack/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], `code/presets/server-webpack/package.json` via @storybook/[email protected], @storybook/[email protected], `code/presets/svelte-webpack/package.json` via @storybook/[email protected], `code/presets/vue-webpack/package.json` via @storybook/[email protected], @storybook/[email protected], `code/presets/vue3-webpack/package.json` via @storybook/[email protected], @storybook/[email protected], `code/presets/web-components-webpack/package.json` via @storybook/[email protected], `code/renderers/html/package.json` via @storybook/[email protected], `code/renderers/react/package.json` via @storybook/[email protected], `code/renderers/svelte/package.json` via @storybook/[email protected], `code/renderers/vue/package.json` via @storybook/[email protected], `code/renderers/vue3/package.json` via @storybook/[email protected], `code/renderers/web-components/package.json` via @storybook/[email protected], `code/ui/blocks/package.json` via @storybook/[email protected], `scripts/package.json` via @storybook/[email protected], @storybook/[email protected], `test-storybooks/ember-cli/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected], `test-storybooks/external-docs/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected], `test-storybooks/server-kitchen-sink/package.json` via @storybook/[email protected], @storybook/[email protected], [email protected], `test-storybooks/standalone-preview/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected]
[email protected] (added)	`postinstall`	`code/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @testing-library/[email protected], @testing-library/[email protected], @testing-library/[email protected], `code/addons/a11y/package.json` via @testing-library/[email protected], `code/addons/interactions/package.json` via @storybook/[email protected], `code/addons/storyshots-puppeteer/package.json` via @storybook/[email protected], `code/frameworks/nextjs/package.json` via @storybook/[email protected], `code/frameworks/react-webpack5/package.json` via @storybook/[email protected], `code/presets/react-webpack/package.json` via @pmmmwh/[email protected], `code/ui/manager/package.json` via @testing-library/[email protected], `scripts/package.json` via @storybook/[email protected], @testing-library/[email protected], @testing-library/[email protected], @testing-library/[email protected], `test-storybooks/external-docs/package.json` via @storybook/[email protected], @testing-library/[email protected], @testing-library/[email protected], `test-storybooks/standalone-preview/package.json` via @storybook/[email protected]

⚠️ Uses eval

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Avoid packages that use eval, since this could potentially execute any code.

Package	Eval Type	Location	Source
[email protected] (added)	Function	dist/compile/index.js	`scripts/package.json` via [email protected]
[email protected] (added)	Function	dist/compile/jtd/parse.js	`scripts/package.json` via [email protected]
[email protected] (added)	Function	dist/compile/jtd/serialize.js	`scripts/package.json` via [email protected]
[email protected] (added)	Function	dist/compile/index.js	`code/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected], `code/addons/essentials/package.json` via @storybook/[email protected], `code/addons/storyshots-core/package.json` via @storybook/[email protected], @storybook/[email protected], [email protected], [email protected], `code/addons/storyshots-puppeteer/package.json` via @storybook/[email protected], `code/frameworks/angular/package.json` via @angular-devkit/[email protected], @angular-devkit/[email protected], @angular-devkit/[email protected], @angular/[email protected], @storybook/[email protected], [email protected], `code/frameworks/ember/package.json` via @storybook/[email protected], `code/frameworks/html-webpack5/package.json` via @storybook/[email protected], `code/frameworks/nextjs/package.json` via @storybook/[email protected], @storybook/[email protected], `code/frameworks/preact-webpack5/package.json` via @storybook/[email protected], `code/frameworks/react-webpack5/package.json` via @storybook/[email protected], @storybook/[email protected], `code/frameworks/server-webpack5/package.json` via @storybook/[email protected], `code/frameworks/svelte-webpack5/package.json` via @storybook/[email protected], `code/frameworks/vue-vite/package.json` via @storybook/[email protected], `code/frameworks/vue-webpack5/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected], `code/frameworks/vue3-webpack5/package.json` via @storybook/[email protected], @storybook/[email protected], [email protected], `code/frameworks/web-components-webpack5/package.json` via @storybook/[email protected], @storybook/[email protected], `code/lib/builder-webpack5/package.json` via @types/[email protected], [email protected], [email protected], [email protected], `code/presets/react-webpack/package.json` via @pmmmwh/[email protected], `code/presets/vue-webpack/package.json` via [email protected], `code/presets/vue3-webpack/package.json` via [email protected], `code/presets/web-components-webpack/package.json` via [email protected], `code/renderers/vue/package.json` via [email protected], `scripts/package.json` via @storybook/[email protected], @storybook/[email protected], [email protected], `test-storybooks/ember-cli/package.json` via @storybook/[email protected], `test-storybooks/external-docs/package.json` via @storybook/[email protected], `test-storybooks/server-kitchen-sink/package.json` via @storybook/[email protected], `test-storybooks/standalone-preview/package.json` via @storybook/[email protected]
[email protected] (added)	Function	dist/compile/jtd/parse.js	`code/package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected], `code/addons/essentials/package.json` via @storybook/[email protected], `code/addons/storyshots-core/package.json` via @storybook/[email protected], @storybook/[email protected], [email protected], [email protected], `code/addons/storyshots-puppeteer/package.json` via @storybook/[email protected], `code/frameworks/angular/package.json` via @angular-devkit/[email protected], @angular-devkit/[email protected], @angular-devkit/[email protected], @angular/[email protected], @storybook/[email protected], [email protected], `code/frameworks/ember/package.json` via @storybook/[email protected], `code/frameworks/html-webpack5/package.json` via @storybook/[email protected], `code/frameworks/nextjs/package.json` via @storybook/[email protected], @storybook/[email protected], `code/frameworks/preact-webpack5/package.json` via @storybook/[email protected], `code/frameworks/react-webpack5/package.json` via @storybook/[email protected], @storybook/[email protected], [`code/frameworks/server-webpack5/package.json`](https://github.com/storybookjs/storybook/pull/20831/files#diff-243f77712fb5b2eb7e1096a11eadb1fb0c5a4335ea4d34bba7d8d10af7babde

IanVS added the dependencies label Jan 30, 2023

Remove unused core-js dependency

7914d3d

IanVS force-pushed the deps/core-js branch from c127d28 to 7914d3d Compare January 30, 2023 12:55

ndelangen self-requested a review January 30, 2023 13:15

ndelangen self-assigned this Jan 30, 2023

ndelangen approved these changes Jan 30, 2023

View reviewed changes

ndelangen merged commit 3b598f7 into next Jan 30, 2023

ndelangen deleted the deps/core-js branch January 30, 2023 13:15

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Instrumenter: Remove unused core-js dependency #20831

Instrumenter: Remove unused core-js dependency #20831

IanVS commented Jan 30, 2023

socket-security bot commented Jan 30, 2023

Instrumenter: Remove unused core-js dependency #20831

Instrumenter: Remove unused core-js dependency #20831

Conversation

IanVS commented Jan 30, 2023

What I did

How to test

Checklist

Maintainers

socket-security bot commented Jan 30, 2023

Socket Security Pull Request Report