Dependencies are appropriately used and maintained
While JavaScript may not cause the most website bloat, it can cause very high emissions in terms of CPU load due to the rendering process, thereby it makes sense to consider the use of dependencies and third-party code carefully.
Criteria: Dependency management
Prevent developers from downloading and installing JavaScript libraries to run locally (client-side) when they are not needed by checking for unused dependencies and uninstalling those that aren't needed and removing them from your package.json file.
Resources
- Categorize Your Dependencies
- e18e
- Essential Guide to JavaScript Dependencies & Security
- GPF - General Policy Framework (PDF) - 2.9 - Specifications (Off-The-Shelf Components)
- GPF - General Policy Framework (PDF) - 2.10 - Specifications (Third-Party Services)
- GPF - General Policy Framework (PDF) - 3.1 - Architecture (Impact Reduction)
- GR491 - 2-7025 - Reducing Dependencies
- GR491 - 3-5020 - Unused Dependencies
- JavaScript Dependency Management with npm and Yarn
- Uninstalling packages and dependencies
- United Nations SDGS - Goal 12 - Consumption & Production
Criteria: Dependency necessity
Only use libraries where necessary as this will reduce the amount of JavaScript that has to be downloaded and parsed by the browser. Consider whether you can use a native JavaScript API instead. Check the package size, and whether individual modules can be installed and imported rather than the whole library.
Resources
- Bundlephobia
- Equations relating total annual energy consumption and chips energy efficiency
- GPF - General Policy Framework (PDF) - 2.9 - Specifications (Off-The-Shelf Components)
- GPF - General Policy Framework (PDF) - 2.10 - Specifications (Third-Party Services)
- GPF - General Policy Framework (PDF) - 3.1 - Architecture (Impact Reduction)
- GR491 - 2-7025 - Reducing Dependencies
- Green and Sustainable JavaScript (PDF)
- How to Check if You Have Unused Dependencies in Your JavaScript App
- If Not React, Then What?
- Pkg-Size
- Should Developers Use Third-Party Libraries?
- Understanding and Mitigating Webpage Data Bloat: Causes and Preventive Measures (PDF)
- United Nations SDGS - Goal 12 - Consumption & Production
Criteria: Dependency updates
Regularly check dependencies and keep them up-to-date.
Resources
- Five Key Application Security Best Practices and Benefits for Maintaining Up-to-Date Dependencies
- GPF - General Policy Framework (PDF) - 2.9 - Specifications (Off-The-Shelf Components)
- GPF - General Policy Framework (PDF) - 2.10 - Specifications (Third-Party Services)
- GPF - General Policy Framework (PDF) - 3.1 - Architecture (Impact Reduction)
- How Do You Keep Your JavaScript Dependencies Up-to-date?
- How to Keep Your App Dependencies Up-To-Date?
- Keeping dependencies up-to-date
- United Nations SDGS - Goal 12 - Consumption & Production
Impact: Medium, Effort: Low
| GRI | Impact |
|---|---|
| materials | Low |
| energy | Low |
| water | Low |
| emissions | Low |
Benefits of this guideline
- Environment: Developer's machines do not need to waste energy installing and / or rendering packages that are not needed.
- Security: Third-party code can contain bugs and security issues. Keeping packages up-to-date and using fewer third-party libraries reduces the likelihood of security flaws.
- Performance: Reduction in client-side JavaScript normally results in faster websites.
Example
-
codenpm uninstall lodash -
contentUninstalling packages and dependencies.
Tags:
- JavaScript
- Patterns
- Performance
- Security
- Software