You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am using the Swagger parser, and while its functionality is appreciated, the sheer number of dependencies introduced by the library is problematic. Below are my observations and concerns:
Excessive Dependencies: The library adds over 50 additional dependencies to my project. Some examples:
org.slf4j: Not necessary for a simple parser. It clutters logs with irrelevant prompts for adding more dependencies.
com.github.java-json-tools: This library appears to be inactive.
com.sun.activation.jakarta and jakarta.xml.bind: Outdated and unreliable with newer Java versions, especially in stricter environments.
org.mozilla:rhino: JavaScript? What?
apache.httpclient: The use case here is unclear.
com.google.guava, org.apache.commons:commons-lang3, commons-io: Why are these required for basic parsing?
Core Simplicity Missing: For a YAML/JSON parser, dependencies like SnakeYAML and ObjectMapper are understandable, but even these come with their own CVE risks. However, the other dependencies seem unnecessary for the core functionality.
Reflections and Overhead: The library’s reliance on reflection further complicates its use and limits performance optimization.
Proposal:
Simplify the Library: Rebuild the parser using plain Java, focusing on minimalism. Most parsing tasks can be achieved without additional libraries.
Reduce Dependencies: Restrict dependencies to absolute essentials like SnakeYAML and ObjectMapper, provided their risks are mitigated.
Modernize: Remove outdated or dead dependencies like com.github.java-json-tools.
Avoid Reflection: Replace reflective mechanisms with straightforward, efficient alternatives.
This library has great potential but could be significantly better with these improvements. My goal is not to replace it, but to help make it a cleaner, more reliable tool for everyone.
Looking forward to your thoughts and potential roadmap for addressing these issues.
The text was updated successfully, but these errors were encountered:
Issue Description:
Dear Team,
I am using the Swagger parser, and while its functionality is appreciated, the sheer number of dependencies introduced by the library is problematic. Below are my observations and concerns:
org.slf4j: Not necessary for a simple parser. It clutters logs with irrelevant prompts for adding more dependencies.com.github.java-json-tools: This library appears to be inactive.com.sun.activation.jakartaandjakarta.xml.bind: Outdated and unreliable with newer Java versions, especially in stricter environments.org.mozilla:rhino:JavaScript? What?apache.httpclient: The use case here is unclear.com.google.guava,org.apache.commons:commons-lang3,commons-io: Why are these required for basic parsing?SnakeYAMLandObjectMapperare understandable, but even these come with their own CVE risks. However, the other dependencies seem unnecessary for the core functionality.Proposal:
This library has great potential but could be significantly better with these improvements. My goal is not to replace it, but to help make it a cleaner, more reliable tool for everyone.
Looking forward to your thoughts and potential roadmap for addressing these issues.
The text was updated successfully, but these errors were encountered: