migrate semantic-release to read-package-json-fast

[43081j]

semantic-release can be found here:
https://github.com/semantic-release/npm

it currently uses read-pkg here:
https://github.com/semantic-release/npm/blob/0154fb84631cd7debd4bcd0d78824386b76ae8c1/lib/get-pkg.js#L2

we can instead use read-package-json-fast:
https://github.com/npm/read-package-json-fast

its near enough 10x smaller, is maintained by the NPM team directly, and is more standard because of that.

[mehulkar]

PR is up semantic-release/npm#745! tests pass, but the library doesn't have too many recent commits, so hopefully we'll get a reply!

[mehulkar]

Sadly read-pkg is still part of the module tree after this via (read-pkg -> read-pkg-up -> @semantic-release/release-notes-generator -> semantic-release)

➜  semantic-release-npm git:(mk/read-pkg) npm explain read-pkg                                 
[email protected] dev
node_modules/read-pkg
  read-pkg@"^9.0.0" from @semantic-release/[email protected]
  node_modules/@semantic-release/npm
    @semantic-release/npm@"^11.0.0" from [email protected]
    node_modules/semantic-release
      dev semantic-release@"23.0.0" from the root project
      peer semantic-release@">=20.1.0" from @semantic-release/[email protected]
      node_modules/@semantic-release/commit-analyzer
        @semantic-release/commit-analyzer@"^11.0.0" from [email protected]
      peer semantic-release@">=20.1.0" from @semantic-release/[email protected]
      node_modules/@semantic-release/github
        @semantic-release/github@"^9.0.0" from [email protected]
      peer semantic-release@">=20.1.0" from @semantic-release/[email protected]
      peer semantic-release@">=20.1.0" from @semantic-release/[email protected]
      node_modules/@semantic-release/release-notes-generator
        @semantic-release/release-notes-generator@"^12.0.0" from [email protected]
  read-pkg@"^9.0.0" from [email protected]
  node_modules/read-pkg-up
    read-pkg-up@"^11.0.0" from @semantic-release/[email protected]
    node_modules/@semantic-release/release-notes-generator
      @semantic-release/release-notes-generator@"^12.0.0" from [email protected]
    read-pkg-up@"^11.0.0" from [email protected]
    node_modules/semantic-release
      dev semantic-release@"23.0.0" from the root project
      peer semantic-release@">=20.1.0" from @semantic-release/[email protected]
      node_modules/@semantic-release/commit-analyzer
        @semantic-release/commit-analyzer@"^11.0.0" from [email protected]
      peer semantic-release@">=20.1.0" from @semantic-release/[email protected]
      node_modules/@semantic-release/github
        @semantic-release/github@"^9.0.0" from [email protected]
      peer semantic-release@">=20.1.0" from @semantic-release/[email protected]
      peer semantic-release@">=20.1.0" from @semantic-release/[email protected]
      node_modules/@semantic-release/release-notes-generator
        @semantic-release/release-notes-generator@"^12.0.0" from [email protected]

[43081j]

ah because they also use read-pkg-up?

i had a look at how npm do that, they seem to just pair two packages: walk-up-path, and read-package-json-fast

i suspect you don't actually need a package for it anymore. for example:

const fileExists = (...p) => stat(resolve(...p))
  .then((st) => st.isFile())
  .catch(() => false);

for (const path of walkUp(cwd)) {
  const hasPackageJson = await fileExists(path, 'package.json');
  if (hasPackageJson) {
    return await readPackage(path);
  }
}

personally i'd take that over a deep chain of packages, but not all maintainers will want to maintain their own for loop for it.

[mehulkar]

ah because they also use read-pkg-up?

not in @semantic-release/npm. The dep tree looks like this:

@semantic-release/npm
|__semantic-release
    |__@semantic-release/release-notes-generator
        |__read-pkg-up
            |__read-pkg

[43081j]

seems to come from here:
https://github.com/semantic-release/release-notes-generator/blob/29087a24af4d27783b387011b57c5f6d8e40d998/index.js#L75

it does seem a shame having to replace that with an equivalent "readPkgUp" function they would have to maintain (the for loop example in my last comment)

but looking through equivalent packages, there's not many that do this. npm themselves and most other reliable repos just walk up using a separate package (e.g. walk-up-path)

[43081j]

FYI there's also now fd-package-json:
https://www.npmjs.com/package/fd-package-json

which may come in useful and is smaller than the now deprecated read-package-json-fast

[AbhiPrasad]

We identified git-log-parser as a big dependency to clean up in semantic-release as well - tracked with #59

upstream issue: semantic-release/semantic-release#3372

[AbhiPrasad]

newer upstream discussion: semantic-release/semantic-release#3376