refactor(node-resolve): remove deep-freeze and deepmerge from depende…

…ncies This 2 dependencies are currently used to deepfreeze an exported symbol. Which seems to be an wasteful to add 2 extra dependencies for something trivial. Also `deep-freeze` is licensed as Public Domain, which might be problematic for some 3rd parties such as the Angular CLI. In Angular CLI we have a license validator that validates direct and transitive dependencies, and Public Domain is a problematic license becuse it falls under the "unencumbered' group which requires legal audit. More context: https://opensource.google/docs/thirdparty/licenses/#unencumbered
rollup · Aug 5, 2020 · 9076f9e · 9076f9e
1 parent b819a0f
commit 9076f9e
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 10 deletions.
diff --git a/packages/node-resolve/package.json b/packages/node-resolve/package.json
@@ -52,8 +52,6 @@
     "@rollup/pluginutils": "^3.1.0",
     "@types/resolve": "1.17.1",
     "builtin-modules": "^3.1.0",
-    "deep-freeze": "^0.0.1",
-    "deepmerge": "^4.2.2",
     "is-module": "^1.0.0",
     "resolve": "^1.17.0"
   },

diff --git a/packages/node-resolve/src/index.js b/packages/node-resolve/src/index.js
@@ -2,8 +2,6 @@
 import { dirname, normalize, resolve, sep } from 'path';
 
 import builtinList from 'builtin-modules';
-import deepFreeze from 'deep-freeze';
-import deepMerge from 'deepmerge';
 import isModule from 'is-module';
 
 import { isDirCached, isFileCached, readCachedFile } from './cache';
@@ -19,15 +17,26 @@ import {
 const builtins = new Set(builtinList);
 const ES6_BROWSER_EMPTY = '\0node-resolve:empty.js';
 const nullFn = () => null;
+const deepFreeze = object => {
+  Object.freeze(object);
+
+  for (const value of Object.values(object)) {
+    if (typeof value === 'object' && !Object.isFrozen(value)) {
+      deepFreeze(value);
+    }
+  }
+
+  return object;
+};
 const defaults = {
   customResolveOptions: {},
   dedupe: [],
   // It's important that .mjs is listed before .js so that Rollup will interpret npm modules
   // which deploy both ESM .mjs and CommonJS .js files as ESM.
-  extensions: ['.mjs', '.js', '.json', '.node'],
+  extensions: ['.js', '.js', '.json', '.node'],
   resolveOnly: []
 };
-export const DEFAULTS = deepFreeze(deepMerge({}, defaults));
+export const DEFAULTS = deepFreeze(defaults);
 
 export function nodeResolve(opts = {}) {
   const options = Object.assign({}, defaults, opts);

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml